Privacy Policy

1. Introduction

ElbiFlow is a product and trademark of ElbiNet LLC (“ElbiNet,” “we,” “us,” or “our”). ElbiNet operates the ElbiFlow platform: a multi-tenant SaaS for managing service requests, tickets, technicians, inventory, and customer communications.

This Policy applies to personal data we process in connection with: (i) our marketing website (elbiflow.com), (ii) the ElbiFlow application, and (iii) related support channels. By using our services, you acknowledge that you have read and understood this Policy.

2. Our Role & Scope

ElbiNet LLC operates in two capacities depending on the context:

Controller— for data we collect directly, such as marketing-site visitors, prospects who submit a contact form, and billing contacts of our customers. For these, we determine the purposes and means of processing.
Processor — for data that our customers (tenants) upload into their workspaces (e.g., their own end-users, field technicians, devices, service requests). Tenants are the controller of that data; we process it on their instructions under our Data Processing Addendum (DPA).

If you are an end-user of a tenant (for example, a customer of a company using ElbiFlow), please direct privacy requests to that tenant first. We will assist the tenant in responding.

3. Data We Collect

We collect the following categories of personal data:

Account data— name, email address, hashed password, role, tenant membership, profile photo, language, timezone.
Tenant content— service requests, tickets, devices, parts, photos, location coordinates, maintenance records, chat and comment messages, and other data our customers choose to store.
Billing data— plan selection, subscription status, invoice metadata, and billing contact. Payment card information is collected and processed directly by our payment provider (Stripe); we do not store full card numbers on our servers.
Communications— messages you send through our contact form, support requests, and email correspondence.
Usage and device data— IP address, browser type, operating system, referrer, pages visited, timestamps, and session identifiers collected through logs.
Location data— when a tenant’s workflow requires it, field technicians may share coordinate data for route navigation and on-site verification. This is controlled by the tenant’s configuration.
Cookies and similar technologies— see Section 6.

4. How We Use Data

We use personal data to:

Provide, operate, and maintain the ElbiFlow platform and related features;
Authenticate users, enforce role-based access control, and preserve tenant isolation;
Process payments, manage subscriptions, and issue invoices;
Send transactional messages (e.g., password reset, ticket assignments, notifications);
Provide customer support and respond to inquiries;
Monitor, debug, and improve performance, reliability, and security;
Detect, prevent, and respond to fraud, abuse, and security incidents;
Comply with legal obligations and enforce our agreements;
With your consent, send product updates and marketing communications (you may opt out at any time).

5. Legal Bases (GDPR)

If you are in the European Economic Area, the United Kingdom, or another region with similar protections, we rely on the following legal bases:

Contract— to provide the service you (or your organization) have subscribed to.
Legitimate interests— to secure the platform, prevent abuse, analyze aggregate usage, and improve the product, where not overridden by your rights.
Legal obligation— to comply with tax, accounting, and other applicable laws.
Consent— for non-essential cookies and optional marketing communications. You may withdraw consent at any time.

6. Cookies & Tracking

We use a minimal set of cookies and similar technologies:

Strictly necessary— authentication session, CSRF protection, tenant routing, and preferences (e.g., theme). These cannot be disabled.
Functional— remember UI choices such as language and timezone.
Analytics— if enabled, aggregate, privacy-respecting metrics about how the product is used. We do not sell browsing data.

You can control cookies through your browser settings. Blocking strictly necessary cookies will prevent the platform from functioning.

8. International Transfers

ElbiFlow may process personal data in countries other than the one where you reside. When we transfer data outside your jurisdiction, we use appropriate safeguards such as Standard Contractual Clauses and equivalent mechanisms to ensure an adequate level of protection.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy:

Account and tenant content — for the duration of the subscription, plus a limited grace period after termination to allow export and recovery.
Billing and tax records — as required by applicable law (typically several years).
Backups — rolled over on a defined schedule and overwritten automatically.
Logs and telemetry — retained for a short window and then deleted or aggregated.

When data is no longer needed, it is deleted or irreversibly anonymized.

10. Security

We implement technical and organizational measures designed to protect personal data, including:

Encryption in transit (HTTPS/TLS) and at rest for sensitive fields;
Password hashing using modern algorithms;
Strict tenant isolation enforced at the application and data layer;
Role-based access control (RBAC) with least-privilege defaults;
Audit logs for sensitive actions;
Regular dependency updates and security reviews;
Access controls and background checks for personnel with production access.

No system is fully immune to risk. If we become aware of a personal-data breach that affects you, we will notify you and, where required, the competent authority without undue delay.

11. Your Rights

Subject to applicable law, you have the right to:

Access — obtain a copy of the personal data we hold about you;
Rectification — correct inaccurate or incomplete data;
Erasure — request deletion of your personal data;
Restriction — limit how we process your data in certain situations;
Objection — object to processing based on legitimate interests or direct marketing;
Portability — receive your data in a machine-readable format;
Withdraw consent — at any time, where processing is based on consent;
Lodge a complaint — with your local data protection authority.

To exercise these rights, contact us at [email protected]. If your data is stored within a tenant workspace, we will forward your request to the relevant tenant (controller) and assist them in responding.

12. Children

ElbiFlow is a business-to-business product and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

13. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the “Last updated” date at the top. If changes are material, we will provide a more prominent notice (e.g., an in-app banner or email). Your continued use of the service after the effective date constitutes acceptance of the updated Policy.

14. Contact

If you have questions or concerns about this Policy or our processing activities, contact us at:

Controller: ElbiNet LLC
Email: [email protected]
Support: [email protected]
Address: 17350 State Hwy 249, Ste 220 #28467, Houston, TX 77064, USA

1. Introduction

2. Our Role & Scope

ElbiNet LLC operates in two capacities depending on the context:

Controller— for data we collect directly, such as marketing-site visitors, prospects who submit a contact form, and billing contacts of our customers. For these, we determine the purposes and means of processing.
Processor — for data that our customers (tenants) upload into their workspaces (e.g., their own end-users, field technicians, devices, service requests). Tenants are the controller of that data; we process it on their instructions under our Data Processing Addendum (DPA).

If you are an end-user of a tenant (for example, a customer of a company using ElbiFlow), please direct privacy requests to that tenant first. We will assist the tenant in responding.

3. Data We Collect

We collect the following categories of personal data:

Account data— name, email address, hashed password, role, tenant membership, profile photo, language, timezone.
Tenant content— service requests, tickets, devices, parts, photos, location coordinates, maintenance records, chat and comment messages, and other data our customers choose to store.
Billing data— plan selection, subscription status, invoice metadata, and billing contact. Payment card information is collected and processed directly by our payment provider (Stripe); we do not store full card numbers on our servers.
Communications— messages you send through our contact form, support requests, and email correspondence.
Usage and device data— IP address, browser type, operating system, referrer, pages visited, timestamps, and session identifiers collected through logs.
Location data— when a tenant’s workflow requires it, field technicians may share coordinate data for route navigation and on-site verification. This is controlled by the tenant’s configuration.
Cookies and similar technologies— see Section 6.

4. How We Use Data

We use personal data to:

Provide, operate, and maintain the ElbiFlow platform and related features;
Authenticate users, enforce role-based access control, and preserve tenant isolation;
Process payments, manage subscriptions, and issue invoices;
Send transactional messages (e.g., password reset, ticket assignments, notifications);
Provide customer support and respond to inquiries;
Monitor, debug, and improve performance, reliability, and security;
Detect, prevent, and respond to fraud, abuse, and security incidents;
Comply with legal obligations and enforce our agreements;
With your consent, send product updates and marketing communications (you may opt out at any time).

5. Legal Bases (GDPR)

If you are in the European Economic Area, the United Kingdom, or another region with similar protections, we rely on the following legal bases:

Contract— to provide the service you (or your organization) have subscribed to.
Legitimate interests— to secure the platform, prevent abuse, analyze aggregate usage, and improve the product, where not overridden by your rights.
Legal obligation— to comply with tax, accounting, and other applicable laws.
Consent— for non-essential cookies and optional marketing communications. You may withdraw consent at any time.

6. Cookies & Tracking

We use a minimal set of cookies and similar technologies:

Strictly necessary— authentication session, CSRF protection, tenant routing, and preferences (e.g., theme). These cannot be disabled.
Functional— remember UI choices such as language and timezone.
Analytics— if enabled, aggregate, privacy-respecting metrics about how the product is used. We do not sell browsing data.

You can control cookies through your browser settings. Blocking strictly necessary cookies will prevent the platform from functioning.

8. International Transfers

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy:

Account and tenant content — for the duration of the subscription, plus a limited grace period after termination to allow export and recovery.
Billing and tax records — as required by applicable law (typically several years).
Backups — rolled over on a defined schedule and overwritten automatically.
Logs and telemetry — retained for a short window and then deleted or aggregated.

When data is no longer needed, it is deleted or irreversibly anonymized.

10. Security

We implement technical and organizational measures designed to protect personal data, including:

Encryption in transit (HTTPS/TLS) and at rest for sensitive fields;
Password hashing using modern algorithms;
Strict tenant isolation enforced at the application and data layer;
Role-based access control (RBAC) with least-privilege defaults;
Audit logs for sensitive actions;
Regular dependency updates and security reviews;
Access controls and background checks for personnel with production access.

No system is fully immune to risk. If we become aware of a personal-data breach that affects you, we will notify you and, where required, the competent authority without undue delay.

11. Your Rights

Subject to applicable law, you have the right to:

Access — obtain a copy of the personal data we hold about you;
Rectification — correct inaccurate or incomplete data;
Erasure — request deletion of your personal data;
Restriction — limit how we process your data in certain situations;
Objection — object to processing based on legitimate interests or direct marketing;
Portability — receive your data in a machine-readable format;
Withdraw consent — at any time, where processing is based on consent;
Lodge a complaint — with your local data protection authority.

12. Children

13. Changes to This Policy

14. Contact

If you have questions or concerns about this Policy or our processing activities, contact us at:

Controller: ElbiNet LLC
Email: [email protected]
Support: [email protected]
Address: 17350 State Hwy 249, Ste 220 #28467, Houston, TX 77064, USA

1. Introduction

2. Our Role & Scope

3. Data We Collect

4. How We Use Data

5. Legal Bases (GDPR)

6. Cookies & Tracking

7. Sharing & Sub-processors

8. International Transfers

9. Data Retention

10. Security

11. Your Rights

12. Children

13. Changes to This Policy

14. Contact

Privacy Policy

1. Introduction

2. Our Role & Scope

3. Data We Collect

4. How We Use Data

5. Legal Bases (GDPR)

6. Cookies & Tracking

7. Sharing & Sub-processors

8. International Transfers

9. Data Retention

10. Security

11. Your Rights

12. Children

13. Changes to This Policy

14. Contact