Privacy Policy
Elavite ("we", "us") provides an agentic customer-support service that connects to a business's support email inbox, learns its support procedures, and helps resolve customer tickets. This policy explains what we collect, how we use it, and the choices you have. Questions: team@elavite.co.
Information we collect
- Account and contact information: your name, business name, and email address when you sign up or contact us.
- Gmail data (with your explicit authorization): if you connect a
Google account, we access the mailbox you authorize via Google's OAuth consent flow,
using the
gmail.modifyscope. This lets Elavite read messages (including archived mail), create labels and drafts, and send replies from your address. - Usage data: operational logs of the actions our service performs on your behalf (for example, when a draft was created or a reply was sent).
How we use Gmail data
- To sync your support conversation history into your private workspace.
- To build your business's private support knowledge base (procedures, policies, and reply templates distilled from your support history).
- To classify incoming support requests and prepare draft replies, and, only for categories you explicitly approve, to send replies on your behalf.
- To apply organizational labels (for example, "Needs human") inside your mailbox.
Google API Limited Use disclosure. Elavite's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Gmail data only to provide the support-automation features you request. We do not use Gmail data for advertising, do not sell it, do not use it to train generalized AI or machine-learning models, and do not transfer it to third parties except as necessary to provide the service, comply with law, or as part of a merger or acquisition with prior notice.
Where your data lives
Synced email and the knowledge base derived from it are stored in an isolated, per-customer workspace on infrastructure we control. OAuth refresh tokens are encrypted at rest. Each customer's data is segregated; no customer can access another's data.
Sharing
We do not sell personal information. We share data only with subprocessors strictly necessary to operate the service (for example, hosting and network providers), under confidentiality obligations, or where required by law.
Retention and deletion
We retain synced data while your account is active. You may disconnect your Google account at any time from your Google Account permissions page, which revokes our access immediately. On request to team@elavite.co, we will delete your synced data and derived knowledge base within 30 days.
Security
We use TLS for all data in transit, encrypt OAuth credentials at rest, restrict access to production systems, and keep an append-only audit log of every action taken in a connected mailbox.
Changes
We will post any changes to this policy on this page and update the date above. Material changes will be announced to affected customers by email.