E'lir
Get demo
Legal

Privacy Policy

Effective date: April 16, 2026

1. Who we are

Elir is a revenue operations (RevOps) automation platform operated by Scimus US, a company registered in Delaware, United States, with its address at 717 N. Union Street, Suite 20, Wilmington, DE 19805.

When this policy refers to “Elir,” “we,” “us,” or “our,” it means Scimus US and the Elir platform at my.elir.app.

2. Data we collect

Account information

When you register, we collect your name, email address, and a password (stored as an argon2id hash — we never store plaintext passwords).

Organization & workspace data

You create a workspace (organization) during registration. We store its name and an auto-generated slug used to provision your isolated tenant database.

Contact information from inquiries

When you request a demo, fill out a contact form, or otherwise provide your name, email address, or phone number, we collect and store that information. By providing your phone number, you consent to receive calls and/or SMS messages from us related to your inquiry, our services, and relevant updates. Message and data rates may apply. You may opt out of SMS communications at any time by replying STOP to any message or by contacting us directly.

Integration data

When you connect third-party services (e.g., GoHighLevel, Google Ads, Google Analytics, Search Console, Zoho Invoice, Zoho People, Meta Ads, LinkedIn Ads), we sync data from those services into your tenant database on your behalf. This may include:

  • CRM data: contacts, companies, deals, pipeline stages, conversations
  • Marketing data: ad campaigns, ad spend, search queries, visitor sessions
  • Financial data: invoices, payments, project costs, employee rates

We access this data solely through the OAuth tokens or API keys you provide. We do not access accounts you have not explicitly connected.

OAuth credentials

Access tokens, refresh tokens, and API keys you provide for integrations are encrypted at rest using AES-256-GCM before storage. We never store them in plaintext.

Usage data

We collect basic server access logs (IP address, request path, timestamp) for security and debugging purposes. We do not use third-party analytics or tracking scripts on the application.

3. How we use your data

  • Provide the service — sync, store, and analyze your revenue operations data as you direct through the platform.
  • Communicate with you — respond to inquiries, provide demos, send service notifications, and contact you by email, phone, or SMS regarding our services if you have provided your contact details.
  • Maintain security — authenticate your sessions, enforce role-based access controls, and detect unauthorized access.
  • Improve the platform — diagnose bugs and improve performance using aggregated, non-identifying operational metrics.

We do not sell, rent, or share your data with third parties for advertising or marketing purposes.

4. Communications & consent

By providing your email address or phone number through our website, demo request forms, or during registration, you consent to receive communications from us, including:

  • Follow-up calls and emails related to your demo request or inquiry
  • SMS messages about our services, product updates, or scheduling
  • Transactional messages related to your account (security alerts, billing, maintenance)

Opting out: You may opt out of promotional communications at any time. For SMS, reply STOP to any message. For email, use the unsubscribe link in the message or contact us at anatolii@thescimus.com. Transactional messages related to your active account cannot be opted out of while the account remains active.

We comply with the Telephone Consumer Protection Act (TCPA), CAN-SPAM Act, and applicable state and federal communications regulations.

5. Data storage & security

Your data is stored on dedicated infrastructure hosted by Hetzner Online GmbH in Falkenstein, Germany (European Union). Each customer organization gets its own isolated PostgreSQL database — your data is never co-mingled with other customers' data.

Security measures include:

  • TLS encryption for all data in transit (HTTPS everywhere)
  • AES-256-GCM encryption for stored OAuth credentials
  • Per-tenant database isolation (separate database per organization)
  • JWT-based authentication with RS256 signatures and short-lived access tokens
  • Role-based access control with per-page permissions
  • Daily encrypted database backups with 14-day retention
  • Firewall restricted to ports 22, 80, and 443 only

6. Third-party services

We rely on the following third-party infrastructure:

  • Hetzner Online GmbH (Germany) — server hosting and network
  • Let's Encrypt — TLS certificate issuance
  • GitHub — source code hosting (your data is not stored on GitHub)

The integration providers (Google, Meta, Zoho, GoHighLevel, LinkedIn, etc.) are services you choose to connect. We access their APIs on your behalf using credentials you provide. Each provider has its own privacy policy governing data they hold.

7. Data retention

We retain your data for as long as your account is active and you maintain an active workspace. If you delete your account or request data deletion, we will remove your data from our production systems within 30 days. Encrypted backups containing your data may persist for up to 14 additional days before automatic expiration.

Contact information provided through demo requests or inquiries is retained for up to 24 months after your last interaction with us, unless you request earlier deletion.

8. Your rights

For all users

You may at any time:

  • Access and export your data through the platform's UI or by contacting us
  • Update or correct your account information
  • Disconnect any integration (which stops further data syncing from that provider)
  • Request deletion of your account and all associated data
  • Opt out of SMS and promotional email communications

For EU/EEA residents (GDPR)

You additionally have the right to:

  • Request a portable copy of your personal data
  • Restrict or object to certain processing activities
  • Lodge a complaint with your local data protection authority

Our legal basis for processing is: (a) contractual necessity (to provide the service you signed up for), (b) consent (for communications where you provided your contact details), and (c) legitimate interest (to maintain security and improve the platform).

For California residents (CCPA)

You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information.

9. Cookies

Elir uses a single httpOnly secure cookie to maintain your authentication session (a refresh token). We do not use third-party tracking cookies, advertising pixels, or analytics scripts. The landing site at elir.app does not set any cookies.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or through a notice in the application. The “effective date” at the top of this page indicates when the policy was last revised.

11. Contact

For privacy-related questions, to exercise your data rights, or to opt out of communications, contact us at:
anatolii@thescimus.com

Scimus US
717 N. Union Street, Suite 20
Wilmington, DE 19805
United States