Privacy Policy
Last updated: March 2026
1. Controller
Elanova AI
The Netherlands
Email: contact@elanova.ai
Phone: +31 6 40747312
Elanova AI is the data controller within the meaning of the General Data Protection Regulation (GDPR / AVG).
2. What personal data we collect
We only collect personal data that you voluntarily provide to us:
- Contact information — name, email address, phone number, company name — when you reach out to us via email, phone, WhatsApp, or our website contact form.
- Message content — the text of your enquiry or conversation.
We do not use analytics services, tracking pixels, or any third-party data collection on this website.
Our hosting infrastructure (Cloudflare) automatically records server access logs containing IP addresses, browser user-agent strings, HTTP request paths, and timestamps. These logs are retained by Cloudflare for security, performance, and bot-mitigation purposes and are governed by Cloudflare's Privacy Policy. We do not export, analyse, or further process these logs ourselves.
3. Purpose and legal basis
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Responding to your enquiry | Legitimate interest (Art. 6(1)(f)) |
| Entering into or performing a contract | Performance of a contract (Art. 6(1)(b)) |
| Complying with legal obligations (e.g. tax records) | Legal obligation (Art. 6(1)(c)) |
4. Data sharing
We do not sell your data. We may share personal data with:
- Hosting provider — Cloudflare, Inc. (to deliver this website). Cloudflare processes data under its Privacy Policy and is certified under the EU-U.S. Data Privacy Framework.
- Email provider — Google LLC (Gmail) — contact form submissions are forwarded via Cloudflare Email Routing to our Gmail inbox so that we can respond to you. Google may process your name, email address, and message content as part of this delivery. Google LLC is certified under the EU–US Data Privacy Framework. See Google Privacy Policy and Google's Data Processing Agreement.
4a. International data transfers
Cloudflare, Inc. and Google LLC are headquartered in the United States. When your personal data is processed by these providers it may be transferred to and stored in the US. Such transfers are safeguarded by:
- The EU–US Data Privacy Framework — both Cloudflare and Google are certified DPF participants
- Standard Contractual Clauses (SCCs) as adopted by the European Commission (where additionally applicable)
You can verify Cloudflare's DPF certification at dataprivacyframework.gov.
5. Data retention
We retain your contact details and correspondence for as long as necessary to handle your enquiry or maintain our business relationship. Financial records are kept for the legally required period (7 years under Dutch tax law). After these periods, data is deleted.
6. Your rights
Under the GDPR you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data
- Restriction — limit how we process your data
- Data portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interest
To exercise any of these rights, email us at contact@elanova.ai. We will respond within 30 days.
You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.
7. Cookies
This website does not use cookies. See our Cookie Policy for details.
8. Security
We take appropriate technical and organisational measures to protect your personal data, including HTTPS encryption, security headers, and access controls.
9. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top indicates the most recent revision.