Privacy Policy

We collect only what is needed to provide the service:

• Account details — your name, email address, and the sign-in identifiers used for passwordless (magic-link) authentication.
• Business and operating context — information you provide about your company, role, and how you work, including quiz and assessment responses, weekly reset inputs, goals, delegations, and self-reported scores.
• Usage and device data — basic, privacy-respecting analytics about how the site and app are used, and standard server logs.
• Marketing attribution — if you arrive via a campaign link or referral, we store a first- and last-touch marker so we understand which channels reach founders.

We do not ask for, and ask that you do not submit, special-category data (such as health or financial-account numbers) into free-text fields.

• To provide, secure, and improve ElevatedOS.
• To generate your weekly brief and operating-model insights. These are recommendations only — you approve, edit, or reject every one. Nothing acts on your behalf.
• To send transactional email you ask for or that the service requires.
• To understand product usage and the channels that reach founders.
• To meet legal, accounting, and security obligations.

To produce your brief and recommendations, the operating-model inputs you provide are sent to our AI provider (Anthropic) for processing and returned to you. We do not use your content to train third-party models. AI output is advisory; the system never takes external actions (it does not send, publish, spend, or email) without your explicit approval inside the app.

You can issue a personal access token to let your own AI agent connect to ElevatedOS over our agent (MCP) endpoint. Tokens are stored only as a one-way hash, are shown to you once, carry an expiry, and can be revoked at any time from Settings. A connected agent can read your operating model and propose actions into your review queue — it can never act on your behalf.

We use a small number of trusted processors, each handling only what their function requires:

• Supabase — database, authentication, and storage (hosted in the EU).
• Vercel — application hosting and delivery.
• Anthropic — AI processing of the inputs used to generate your brief.
• Polar — our merchant of record for purchases. Polar collects and processes payment details and applicable tax; we do not store your card information.
• Resend — delivery of transactional email.
• PostHog — privacy-respecting product analytics, when enabled.
• Calendly — scheduling, where you book a call.

We do not sell your personal information. Some providers are located outside South Africa; where information is transferred across borders, we rely on the safeguards available under POPIA and GDPR.

We use cookies that are necessary to keep you signed in and to record marketing attribution, and — where enabled — analytics cookies to understand usage. You can control cookies through your browser; turning off necessary cookies may break sign-in.

We keep personal information for as long as your account is active and as needed to provide the service, then for any period required to meet legal, tax, and security obligations. You can ask us to delete your account and associated personal information at any time.

Subject to applicable law, you may request access to, correction of, or deletion of your personal information, ask for a copy of it, or object to certain processing. To exercise any of these, contact us at the address below. You may also lodge a complaint with the South African Information Regulator.

We protect information with row-level access controls, encryption in transit, hashed credentials and access tokens, and least-privilege access. No system is perfectly secure, but we work to keep your information safe and to respond quickly if something goes wrong.

ElevatedOS is built for company founders and is not intended for anyone under 18. We do not knowingly collect information from children.

We may update this policy as the product evolves. When we make material changes, we will update the date above and, where appropriate, notify you.

Questions or requests about your information? Email us at privacy@elevatedos.io.