Privacy Policy
Effective: June 19, 2026
This policy covers the elisity.com website and our marketing activities. If your organization uses the Elisity platform, the processing of product data is governed by your customer agreement and our Data Processing Agreement, available at https://www.elisity.com/customer-terms-of-service-dpa.
Who we are
Elisity Inc.
6203 San Ignacio Avenue
San Jose, CA 95119
https://www.elisity.com
Elisity is the data controller for personal information collected through elisity.com, meaning we decide how and why that information is used. For anything related to your privacy, contact us at privacy@elisity.com.
We do not have an establishment in the European Union. Our processing of EU and UK personal information through this site is occasional, low risk, and does not involve large-scale processing of special categories of data, so we rely on the exemption in Article 27(2) of the EU and UK GDPR and have not appointed an Article 27 representative.
Information you provide to us
When you fill out a form on our site, such as a contact or demo request form, we collect your first and last name, email address, job title, company name, phone number, and anything you include in the message field.
When you email an address displayed on our site, we collect your email address and whatever you include in the message, such as your name, phone number, or signature block.
When you download a resource, register for a webinar or event, or subscribe to our newsletter, we collect the contact details you provide on the registration form.
If you are a customer or prospective customer, we keep your contact information in our customer relationship management (CRM) system and use it to communicate with you by email and phone, including to make offers to you.
Providing information is always your choice. Our forms are voluntary; if you choose not to fill one out, we simply cannot deliver the gated resource, demo, or registration you requested.
Information we collect automatically
When you visit elisity.com, we automatically collect some information through cookies and similar technologies: your IP address, browser and device information, the pages you view, the pages that referred you to us, and your approximate location derived from your IP address. The “Cookies and how to control them” section explains which tools do this and the choices you have.
AI Resource Center and chat assistant
Our website includes an AI chat assistant that helps you find resources and build a resource kit. Here is how it handles your information.
What we collect. When you use the chat assistant, we collect the messages you send and the assistant’s responses, together with technical details such as your IP address and browser type. If you request a resource kit, we also collect the contact details you provide (such as name, email, and company) and the resources you selected.
How AI processes it. Your messages are sent to our AI provider to generate responses. Our AI provider processes this content under a zero-data-retention agreement: it is not retained after a response is generated, and it is not used to train AI models.
How we use it. We use chat conversations to answer your questions, recommend relevant resources, operate and improve the assistant, and, where you provide contact details, to follow up about your request. Conversations may be reviewed by our team for these purposes.
How long we keep it. We keep chat conversations and associated technical data for the period stated in “How long we keep your information,” after which they are deleted or de-identified. Contact details you submit are kept under the CRM retention practices described there.
Please do not share sensitive information. The chat assistant is a general information tool. Do not enter confidential, sensitive, or personal health information (including any patient or protected health information) into the chat.
Your choices. You can use the assistant without providing contact details. To request access to, or deletion of, information we hold about you, use the contact address in the “How to contact us” section.
Cookies and how to control them
Cookies are small text files placed on your device. We use them, along with similar technologies such as pixels and scripts, to run the site, measure how it is used, and support our advertising.
When you first visit elisity.com, a cookie consent banner appears. What it does depends on where you are:
- If you are visiting from the European Economic Area, the United Kingdom, Switzerland, or Canada, non-essential cookies stay off until you opt in.
- If you are visiting from the United States, non-essential cookies are on by default and you can opt out.
- If you are visiting from the United States and your browser sends a Global Privacy Control (GPC) signal, we treat it as a valid request to opt out of targeted advertising and the “sale” or “sharing” of your information for that browser. If we can link your browser to you, for example because you have submitted a form to us, we apply the opt-out to your personal information in our systems as well, not just to that browser.
You can change your mind at any time by reopening the cookie banner through the cookie settings link on our site, or by clicking the “Your Privacy Choices” link in the footer of any page.
These are the third-party technologies on our site:
- Our website, CRM, forms, and marketing platform. This platform sets cookies needed to run the site, plus analytics cookies that connect your browsing to forms you submit, so we know which pages interested you. Privacy policy: https://legal.hubspot.com/privacy-policy
- Our website analytics and tag-management provider. Measures pages viewed, referring pages, device and browser information, and approximate location. The provider states that it derives only coarse location from your IP address and then discards the IP. You can also block this analytics in any browser with the provider’s opt-out add-on: https://tools.google.com/dlpage/gaoptout. Privacy policy: https://policies.google.com/privacy
- LinkedIn Insight Tag. Advertising measurement and retargeting. Described in “Interest-based advertising” below. Privacy policy: https://www.linkedin.com/legal/privacy-policy
- AdRoll, an advertising service operated by NextRoll, Inc. Advertising and retargeting. Described in “Interest-based advertising” below. Privacy notice: https://www.nextroll.com/privacy
- A content and search-optimization provider that collects usage data about how content on our site is found and viewed, data the provider describes as typically aggregate and non-identifiable, processed on our behalf. Privacy policy: https://www.brightedge.com/privacy
- Embedded videos (YouTube and Vimeo). See “Links and embedded content” below.
A complete list of the cookies we set, including how long each lasts, is available in the cookie consent tool through the cookie settings link.
Some browsers offer a “Do Not Track” setting. There is no common standard for it, and our site does not respond to those signals. We do honor Global Privacy Control signals as described above.
Interest-based advertising
We advertise to business audiences, and we work with trusted advertising partners to do it. When you visit our site, each collects information from your browser through cookies and similar technologies: browser and device data, your IP address, and pageview behavior (which pages you visited and when). They use it to show you Elisity ads on other websites and platforms after you leave our site. This practice is called retargeting or interest-based advertising.
Our advertising partners assign a cookie or similar identifier to your browser and collect device information, IP address, and your activity on our site, which they use for advertising and retargeting under their own privacy notices. We upload our marketing contact lists to our advertising partners as hashed (scrambled) contact lists so they can match our ads to business contacts. There is no direct automated sync between our CRM and our advertising accounts. Our advertising partners may also receive hashed email addresses from our forms or our uploaded lists to improve matching. If you opt out of the sale or sharing of your information (through the “Your Privacy Choices” link, a GPC signal, or by emailing us), we also remove your contact details from any advertising list syncs within 15 business days.
For one of our advertising partners (the LinkedIn Insight Tag), the partner collects the page URL, referrer, IP address, device and browser characteristics, and timestamps. Per that partner’s documentation, it truncates or hashes IP addresses, removes direct identifiers within seven days, and deletes the remaining pseudonymized data (data that no longer directly identifies you) within 180 days. The partner gives us only aggregate reports about our audience and ad performance; it does not share visitor-level personal data with us.
These partners decide for themselves how they use the data they collect, so their own privacy notices apply alongside this one.
You can opt out of interest-based advertising in any of these ways:
- Click the “Your Privacy Choices” link in the footer of any page on our site.
- Use the cookie settings on our site to turn off advertising cookies.
- Turn on Global Privacy Control in your browser; we honor it for US visitors, and where we can link your browser to you we apply the opt-out to your information in our systems as well.
- Opt out of AdRoll directly: https://app.adroll.com/optout/safari (or by email-based request at https://app.adroll.com/optout/email).
- Opt out of LinkedIn retargeting without a LinkedIn account: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. LinkedIn members can also adjust advertising preferences in their LinkedIn settings.
- Use the industry opt-out tools: https://optout.aboutads.info (Digital Advertising Alliance, US, also reachable at https://youradchoices.com/control), https://thenai.org/how-to-opt-out/ (Network Advertising Initiative), https://www.youronlinechoices.eu (EU and UK), and https://youradchoices.ca/en/tools (Canada).
Opting out does not remove ads from your browsing. It means the ads you see are less tailored to you.
How we use your information
We use the information described above to:
- Respond to you. When you request a demo, fill out a contact form, or email us, we use your details to answer and follow up. Where GDPR applies, we do this to take the steps you have requested before entering a contract.
- Deliver what you signed up for. Resource downloads, webinar and event registrations, and newsletter subscriptions, on the same legal ground.
- Market our services to business contacts. We send marketing where you have consented or where law otherwise permits. Where we rely on legitimate interests, that interest is marketing our services to business audiences. Every marketing email includes an unsubscribe link, and you can object to direct marketing at any time.
- Operate and improve the website and chat assistant, based on our legitimate interest in running useful, reliable tools you choose to use.
- Measure and advertise. Analytics and advertising cookies run on the consent choices described in the cookies section. Where GDPR applies, the legal basis is your consent, which you can withdraw at any time through the cookie settings.
- Keep the site secure. We use technical data such as IP addresses and logs based on our legitimate interest in protecting the site and our visitors.
- Meet legal obligations, where we are required to keep or disclose information.
Personal information submitted through a quote or private offer system is used only to identify you as the customer.
We do not use automated systems, on their own, to make decisions that have legal or similarly significant effects on you. The chat assistant recommends content; it does not make decisions about people.
How we share your information
Service providers. We share personal information with providers who process it on our behalf, under contracts that limit their use of it to providing services to us:
- Our AI provider, which powers our chat assistant and processes conversation content under a zero-data-retention agreement: content is not retained after a response is generated and is not used to train AI models.
- Our hosting and database providers.
- Our website, CRM, forms, and marketing email provider.
- Our website analytics and tag-management provider, as described in the cookies section.
- Error- and log-monitoring providers that keep the site reliable. Conversation text and IP addresses are redacted before they reach those tools.
- Our content and search-optimization provider.
Advertising partners. As described in “Interest-based advertising,” our advertising partners collect identifiers, device data, and pageview activity on our site and use them under their own privacy notices.
About “selling” and “sharing.” We do not sell your personal information for money. We do share certain information (cookie identifiers, IP address, and pageview activity) with the advertising partners named above so they can show you our ads elsewhere. California law calls this “sharing” for cross-context behavioral advertising; other state laws call it processing for “targeted advertising.” Some laws treat this kind of disclosure as a “sale” even when no money changes hands. If yours does, the same opt-out applies. You can opt out at any time using the methods in the interest-based advertising section. We do not knowingly sell or share the personal information of anyone under 16.
Corporate transactions. If Elisity is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We would require the recipient to honor commitments consistent with this policy.
Legal requirements. We may disclose personal information when required by law or legal process, or when we reasonably believe disclosure is necessary to protect the rights, safety, or property of Elisity, our visitors, or others.
International data transfers
Elisity is a US company, and information collected through this site is processed in the United States. It may also be processed in other countries where our service providers operate. If you visit from the European Economic Area, the United Kingdom, or Switzerland, this means your information is transferred outside your home jurisdiction. The United States has different privacy laws than Europe, so we use safeguards approved by European regulators for these transfers. Where our service providers are certified under the EU-US Data Privacy Framework (including the UK Extension and the Swiss-US Data Privacy Framework), we rely on that certification. Otherwise, we rely on the European Commission’s Standard Contractual Clauses, supplemented by the UK Addendum or International Data Transfer Agreement for transfers from the UK. Contact us if you want more detail about these safeguards or a copy of the relevant clauses (with commercial terms removed).
How long we keep your information
- Chat conversations and associated technical data: up to 12 months, then deleted or de-identified.
- Form submissions and CRM contact records: for as long as we have an active business relationship or ongoing engagement with you, in line with our records retention practices, and only for purposes connected to that business relationship.
- Server and security logs: 90 days.
- Cookies: lifetimes for each cookie are listed in the cookie consent tool.
In general, we keep personal information only as long as needed for the purposes described in this policy, plus any period required by law or needed for administrative, legal, or security purposes.
Your privacy rights
If you are in the European Economic Area or the United Kingdom
You have the right to:
- Access the personal data we hold about you and receive a copy.
- Correct inaccurate data.
- Have your data erased, except data we must keep for administrative, legal, or security purposes.
- Restrict how we process your data in certain situations.
- Receive data you provided to us in a portable format, where we process it by automated means based on consent or contract.
- Object to processing based on our legitimate interests.
You can object to direct marketing at any time, and we will stop. This right is absolute. The fastest route is the unsubscribe link in any marketing email.
Where processing is based on consent, you can withdraw it at any time, as easily as you gave it: through the cookie settings for cookies, the unsubscribe link for email, or our contact address for anything else. Withdrawal does not affect the lawfulness of processing that happened before it.
You also have the right to lodge a complaint with your data protection authority: the authority in the EU member state where you live or work (a list is at https://edpb.europa.eu), or the Information Commissioner’s Office (https://ico.org.uk) in the UK.
We respond to rights requests free of charge, within one month. For complex requests, the law allows us to extend that by up to two further months; we will tell you if we need to.
If you are in the United States
Depending on your state of residence, you may have the right to:
- Confirm whether we process your personal information; know what we collect, where it comes from, why we use it, and who we disclose it to; and obtain a copy in a portable and, where technically feasible, readily usable format.
- Correct inaccurate personal information.
- Delete your personal information, subject to standard legal exceptions.
- Opt out of the “sale” or “sharing” of personal information and of targeted advertising. Click the “Your Privacy Choices” link in the footer of any page, use the cookie settings on our site, use the opt-out links in the interest-based advertising section, or send a Global Privacy Control signal, which we honor for US visitors. If we can link your browser to you, for example because you submitted a form, we apply the opt-out to your personal information in our systems as well, not just to that browser.
- Opt out of profiling used to make decisions with legal or similarly significant effects. We do not use your information this way, as described above.
- Not be discriminated against for exercising any of these rights.
These rights apply even if we hold your information because you are a business contact at a customer or prospect.
In the categories used by California law, here is what we collect, whether we sell or share it, and how long we keep it:
| Category | What it includes and where it comes from | Sold or shared? | Retention |
|---|---|---|---|
| Identifiers | Name, email, phone, company; you provide these through forms, email, and the chat assistant. IP address, collected automatically. | IP address and cookie identifiers are shared with our advertising partners. | CRM records: length of the business relationship. Logs: see the server and security log window above. |
| Professional information | Job title and employer, from forms you submit. | No. | Length of the business relationship. |
| Commercial information | Resources downloaded, webinar and event registrations, quote or offer interactions. | No. | Length of the business relationship. |
| Internet activity | Pages viewed, referring pages, browser and device data, chat messages. Collected automatically and through the chat assistant. | Pageview activity is shared with our advertising partners. | Cookies: lifetimes listed in the cookie consent tool. Chat: the window stated in the retention section. Logs: the server and security log window above. |
| Approximate location | Derived from your IP address. | No. | Same as internet activity. |
We disclose all of these categories to the service providers listed in “How we share your information.” We do not knowingly collect sensitive personal information through this site, and we ask you not to submit it (see the chat assistant section). We do not use or disclose personal information in ways that would require a “Limit the Use of My Sensitive Personal Information” option.
Verification. We will only ask for what we need to verify a request, as described under “How to submit a request.” We never require you to create an account, and we do not require verification for opt-out requests.
Authorized agents. You may use an authorized agent to submit a request. We require the agent’s signed permission from you, and we may still verify your identity directly.
Timing. We confirm receipt of access, correction, and deletion requests within 10 business days and respond within 45 calendar days. If we need more time, we may extend once by another 45 days and will tell you why. Opt-out requests take effect within 15 business days.
Appeals. If we decline your request, you may appeal by replying to our decision. We will respond in writing within 45 days, explaining the reasons. If you are not satisfied, you may contact the Attorney General in your state.
How to submit a request
Email us at privacy@elisity.com with the right you want to exercise. For access, correction, and deletion requests, we verify your identity by matching the information you give us against our records, for example by confirming you control the email address on file. For cookie and advertising opt-outs, the “Your Privacy Choices” footer link, the cookie settings, and GPC are the most direct routes. Unsubscribing from marketing email is separate from, and in addition to, these rights: every marketing message we send includes an unsubscribe link.
Children’s privacy
Our website is for business audiences and is not directed at children under 16. We do not knowingly collect personal information from children, and we do not knowingly sell or share the personal information of anyone under 16. If you believe a child has provided us personal information, contact us and we will delete it.
Security
We use appropriate technical and organizational measures to protect personal information, matched to the nature of the data we handle. Elisity maintains a security and compliance program; you can read about it on our SOC 2 compliance page, available under the Company section of our site. That said, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
Links and embedded content
Pages on our site may link to other websites and may include embedded content such as videos hosted by YouTube or Vimeo. Embedded content behaves as if you visited the host’s website directly: the host may collect data about you, set cookies, and monitor your interaction with the content, especially if you are logged in to an account with that host. Their privacy policies apply: https://policies.google.com/privacy for YouTube and https://vimeo.com/legal/privacy/policy for Vimeo. We are not responsible for the privacy practices of other websites.
Changes to this policy
When we change this policy, we will post the updated version on this page with a new effective date. For material changes, we will post a notice on this page calling out what changed. We encourage you to check back periodically.
How to contact us
Elisity Inc.
6203 San Ignacio Avenue
San Jose, CA 95119
privacy@elisity.com
We are happy to answer questions about this policy or how we handle your information.
