LEGAL
Privacy Policy
Last updated: 14 July 2026
This policy explains what data Elyvo Assist (“Elyvo”, “the app”, “we”) collects, why, who it is shared with, and what rights you have. It is written to reflect what the software actually does.
1. Who is responsible for your data
Elyvo Assist is operated by IE Sergei Melnikov, an Individual Entrepreneur registered in Georgia under identification number 322749683, at Untsa, Adigeni Municipality, Georgia. For any privacy question or request, contact [email protected]. We act as the data controller for the data described below.
2. What Elyvo does — in plain terms
Elyvo is a desktop assistant that you summon over any window. To suggest a next move, it needs context about the moment you are in. Depending on the features you use, that context can include audio from your meetings, images of your screen, and entries from your calendar. This data is processed by us and by the third-party providers listed in section 5.
Please read this carefully. Elyvo is designed to be invisible in screen shares and recordings — other people in your call cannot see it. That is a feature about visibility to others. It does not mean your data stays on your device. Audio is sent to a speech-to-text provider, and screen content and prompts are sent to AI providers, in order to produce suggestions.
3. What we collect
Account data
- Email address, first and last name, username.
- A password hash (we never store your password in readable form), or a Google account identifier if you sign in with Google.
- Profile image, if you provide one.
- Your subscription plan and payment history.
Content you give the assistant
- Audio. When you use meeting or ambient features, audio from your microphone and/or system output is captured and streamed for transcription.
- Transcripts. The resulting text, including speaker labels and timings, is stored in your account so sessions are searchable and resumable.
- Screen content. When a suggestion requires visual context, a screenshot is captured and sent to an AI provider along with your prompt.
- Prompts, chats and session history, including any files or documents you add to a project.
- Calendar data, if you connect Google Calendar: event titles, descriptions, times, and organiser email addresses. We request read-only access.
Technical data
- IP address at registration and in security audit records.
- Device identifiers and names of the devices you sign in from.
- Login attempts (email and IP are stored in hashed form for abuse prevention).
- Usage records such as AI token counts, used to enforce plan limits.
4. Why we use it, and our legal basis
| Purpose | Data | Legal basis (GDPR Art. 6) |
|---|---|---|
| Provide the assistant, generate suggestions | Audio, transcripts, screen content, prompts, calendar | Performance of a contract |
| Create and secure your account | Account data, password hash, device data | Performance of a contract |
| Send sign-in codes and service email | Email address | Performance of a contract |
| Connect your calendar | Google account, calendar events | Consent (you may disconnect at any time) |
| Prevent abuse, enforce plan limits, keep audit records | IP, hashed login attempts, usage counters | Legitimate interests |
| Process subscription payments | Payment records | Performance of a contract; legal obligation |
5. Who your data is shared with
We do not sell your data and we do not use it for advertising. To operate the service, data is shared with the following processors:
| Provider | What it receives | Why |
|---|---|---|
| Deepgram (USA) | Meeting and microphone audio | Speech-to-text transcription |
| OpenAI (USA) | Prompts, screenshots, relevant transcript context | Generating suggestions and answers |
| OpenRouter (USA) | Prompts, screenshots, relevant transcript context | Routing requests to AI models |
| Google (USA/EU) | Prompts and context; calendar data if connected; account identifier if you sign in with Google | AI models, Google Calendar, Google Sign-In |
| Brevo (EU) | Your email address | Delivering sign-in codes and service email |
| Cloudflare (USA/EU) | IP address and request metadata; email sent to our contact address | Website delivery, security, contact email forwarding |
| OVH (Germany) | All data stored by the service | Hosting of our servers and database |
Where your data is stored
Our servers and database are hosted with OVH in Germany. Your account, sessions, transcripts and project files are stored there, inside the European Union.
Some of the providers above are located outside the European Economic Area, including in the United States — notably Deepgram, OpenAI and OpenRouter. This means that when you use transcription or AI features, that content is transferred to the United States for processing. Where data is transferred internationally, we rely on the safeguards offered by those providers, such as standard contractual clauses. Each provider handles your data under its own terms, and we recommend reviewing them if this matters to you.
6. How long we keep it
- Account data is kept while your account exists.
- Sessions, transcripts, chats and project files are kept until you delete them, or until you delete your account.
- Security and audit records (including IP addresses and hashed login attempts) are kept for a limited period for abuse prevention.
- Payment records may be kept longer where accounting or tax law requires it.
When you delete your account, we remove or irreversibly anonymise the personal data associated with it. Some records may survive in backups for a limited period before being overwritten.
7. Your rights
Regardless of where you live, we apply the following rights to everyone. You may:
- Ask what data we hold about you, and get a copy of it.
- Correct data that is wrong or incomplete.
- Delete your account and the data attached to it.
- Ask us to restrict or stop certain processing.
- Receive your data in a portable, machine-readable form.
- Withdraw consent — for example by disconnecting your calendar — at any time.
- Lodge a complaint with your data protection authority. In Georgia this is the Personal Data Protection Service; in the EU it is your national supervisory authority.
To exercise any of these, email [email protected]. We aim to respond within 30 days.
8. Security
- All traffic between the app and our servers is encrypted with TLS.
- Passwords are stored as salted hashes, never in readable form.
- Third-party access tokens, such as your Google Calendar tokens, are encrypted at rest.
- Access to production systems is restricted to the operator over a private network.
No system is perfectly secure. If a breach affects your personal data, we will notify you and the relevant authority where the law requires it.
9. Recording other people
If you use Elyvo to transcribe a meeting, you may be recording other participants. Laws on recording and consent differ by country, and in many places you must inform participants or obtain their consent. You are responsible for complying with those laws. Elyvo provides a tool; it does not obtain consent on your behalf.
10. Children
Elyvo is not intended for anyone under 16, and we do not knowingly collect data from children. If you believe a child has given us data, contact us and we will delete it.
11. Changes to this policy
We may update this policy as the product changes. The date at the top always reflects the current version. If a change materially affects how we handle your data, we will tell you in the app or by email.
12. Contact
Questions, requests, or complaints: [email protected].