About

Features

How it works

FAQ

Get in Touch

Privacy Policy

(Personal Data Processing Policy) of the Elastix Software

1. Introduction

COLLABO TECH LTD, License No: CL12226, registered at Unit IH-00-01-03-OF-05, Level 3 IH-00-01CP-05, Dubai International Financial Centre, Dubai, United Arab Emirates (hereinafter — "Controller"), is the data controller within the meaning of DIFC Data Protection Law No. 5 of 2020 (hereinafter — "DIFC DPL") and ensures the protection of personal data processed in connection with the operation of the Elastix Software and website (hereinafter — "Website").

1.2. This Policy describes what personal data we collect, for what purposes and on what legal bases we process it, how we ensure its security, and what rights data subjects have. As a provider of an AI-powered platform, we pay particular attention to transparency regarding how data may be used for training, improving and operating our models.

1.3. This Policy is an integral part of the User Agreement published on the Website. By accepting the terms of the User Agreement, the User (Representative) confirms that they have read this Policy.

1.4. Any use of the Website or the Elastix Software in any form constitutes the User's (Representative's) acceptance of the terms of this Policy in full without any exceptions or limitations. By accepting this Policy, the User (Representative) consents to the processing by the Controller of personal data for the purposes set out in this Policy and to the transfer of personal data to third parties in the cases listed in this Policy. If the User (Representative) does not agree with the terms of this Policy, they must immediately cease using the Website and the Software.

1.5. By using the Website with a web browser that accepts cookies, the User (Representative) accepts the terms of collection and processing by the Controller of data from cookies for the purposes set out in this Policy, and the transfer of such data to third parties in the cases specified in Section 7 of this Policy. Disabling and/or blocking the web browser's cookie acceptance option constitutes a prohibition on their collection and processing by the Controller.

2. Categories of Data Subjects

2.1. This Policy applies to the following categories of data subjects:

(a) Representatives — natural persons (employees, authorised representatives) accessing the Software on behalf of legal entities or sole proprietors, including persons registering an account, using an account or taking other actions in the Software interface;

(b) Anonymous Website Visitors — natural persons visiting the Website without completing registration; in respect of them, technical data is processed in accordance with clause 3.1(c) of this Policy;

(c) User's Client Data — personal data of natural persons (employees, counterparties and other third parties) independently uploaded by Users to the Software in the course of using it. In these relationships, the User is the data controller and the Controller is the processor acting on the User's instructions in accordance with Article 19 DIFC DPL.

3. Categories of Personal Data Processed

3.1. Depending on the category of data subject and the manner of interaction with the Software, the Controller processes the following data:

(a) Account Data: full name, email address, job title, organisation name, information provided at registration;

(b) Platform Usage Data: queries submitted to AI functions, generated results, nature and patterns of interface interaction, session duration;

(c) Technical Data: IP address, device type, browser model and version, operating system, referral source, cookie data and similar tracking technologies;

(d) Payment Data: information on the selected plan, transaction history. Payment instrument details (card and account numbers) are processed exclusively by certified payment providers and are not transmitted to the Controller;

(e) Feedback and Communications Data: messages sent to the support service, survey responses, reviews;

(f) AI Interaction Data: prompts, input data and results obtained when using the Software's AI functionality.

3.2. The Controller does not intentionally collect special categories of personal data (health information, biometric data, political opinions and other data within the meaning of Article 8 DIFC DPL).

4. Legal Bases for Processing Personal Data

4.1. Personal data is processed on the following legal bases in accordance with Article 10 DIFC DPL:

(a) Performance of a contract — processing necessary to provide access to the Software and to perform the User Agreement and/or the Subscription Agreement;

(b) Legitimate interests of the Controller — ensuring the technical operability, integrity and information security of the Software; detecting, preventing and investigating unauthorised access, fraudulent actions and violations of the Software's Terms of use; analysis of aggregated (anonymised) Software usage metrics for the purpose of improving service quality; protection and enforcement of the Controller's rights, including in pre-litigation and litigation proceedings;

(c) Consent of the data subject — sending marketing communications, use of anonymised interaction data for AI model training;

(d) Legal obligation — compliance with applicable legal requirements, including financial and regulatory requirements.

4.2. For Representatives subject to Regulation (EU) 2016/679 (GDPR), the listed bases correspond to the following GDPR bases: performance of a contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), consent (Art. 6(1)(a)), legal obligation (Art. 6(1)(c)).

5. Processing of Data Using AI

5.1. The Elastix platform anonymizes and processes data uploaded by Users prior to the application of AI models. The results of such processing (AI Content) are provided in accordance with Section 5 of the User Agreement.

5.2. Anonymised interaction data may be used to improve the Controller's AI models with the User's consent. The procedure for expressing and withdrawing such consent is determined in the account settings.

5.3. The Controller does not apply automated decision-making with significant legal effects on natural persons without human involvement.

5.4. A data subject may at any time withdraw consent to the use of their interaction data for AI model training by submitting a request to: info@elastix.one.

6. Purposes of Personal Data Processing

6.1. The Controller processes personal data for the following purposes:

  • (a) providing, operating and continuously improving the Software;

  • (b) authenticating Users and ensuring account security;

  • (c) processing payments and managing plans and subscriptions;

  • (d) personalising the interface and providing relevant features;

  • (e) conducting analytics and studying the nature of User interaction with the Software;

  • (f) improving and training AI systems — with consent and after data anonymisation;

  • (g) sending service notifications, Software update information and marketing materials — with consent;

  • (h) processing support requests and resolving technical issues;

  • (i) performing the Controller's legal obligations and ensuring compliance with the Terms of Service.

7. Transfer of Personal Data to Third Parties

7.1. The Controller does not sell personal data to third parties. Transfer of data is possible only in the following cases:

(a) Infrastructure and cloud service providers: organisations providing hosting, data storage and computing operations for the functioning of the Software;

(b) Analytics services: for analysis of Software usage; data are transferred in anonymised form where possible;

(c) Payment processors: for the secure processing of payment transactions under the Subscription Agreement;

(d) AI infrastructure providers: sub-processors ensuring the operation of AI models and training pipelines, in anonymised form;

(e) Government and regulatory authorities: where required by applicable law, as well as for the protection of the Controller's legitimate interests and the prevention of fraud.

7.2. An up-to-date list of sub-processors and partners to whom personal data may be transferred is available upon request sent to: info@elastix.one.

7.3. All persons to whom personal data are transferred are required to ensure adequate protection of personal data on the basis of applicable data processing agreements.

8. Rights of Data Subjects

8.1. In accordance with the DIFC DPL, a data subject has the right to:

  • (a) obtain information about personal data being processed and the conditions of their processing;

  • (b) request rectification of inaccurate or incomplete personal data;

  • (c) request restriction of or objection to processing of personal data in cases provided for by law;

  • (d) withdraw consent to processing of personal data previously given on the basis of consent; withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

8.2. For Representatives in the EEA, the additional rights provided under the GDPR apply: the right to restriction of processing (Art. 18), the right to data portability (Art. 20), the right to object to processing (Art. 21), the right to lodge a complaint with the supervisory authority at their place of residence.

8.3. To exercise any of the rights listed above, the data subject sends a request to: info@elastix.one. The Controller reviews the request and sends a response within 30 (thirty) calendar days of its receipt.

8.4. Procedure for submitting a request to cease processing of personal data. In the event of a need to cease processing personal data, discovery of the fact of their unlawful processing or for other grounds provided by applicable law, the data subject sends the Controller a written request. The request shall contain:

  • (a) full name of the data subject;

  • (b) identification document details (number, date of issue and issuing authority);

  • (c) a list of personal data in respect of which cessation of processing is requested.

The request shall be sent to: info@elastix.one.

9. Security Measures

9.1. The Controller takes all necessary and sufficient legal, organisational and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, dissemination and other unlawful actions, in accordance with the requirements of DIFC DPL No. 5 of 2020.

10. Amendments to This Policy

10.1. The Controller reserves the right to unilaterally amend this Policy. The new version enters into force upon its publication on the Website.

10.2. For material changes affecting the processing of personal data, the Controller will notify registered Representatives by email at least 30 (thirty) calendar days before the changes take effect.

10.3. Continued use of the Software after the changes take effect constitutes acceptance of the updated Policy. If the Representative does not accept the new version, they are entitled to cease using the Software and submit an account deletion request in accordance with clause 8.4 of this Policy.

11. Applicable Law

11.1. This Policy, the relationship between the User (Representative) and the Controller arising in connection with its application, and matters not regulated by this Policy, are governed by the laws of the Dubai International Financial Centre (DIFC), including DIFC Data Protection Law No. 5 of 2020.

11.2. This Policy is drafted in and shall be construed in accordance with the English language.

12. Contact Information

Data Controller:

COLLABO TECH LTD License No: CL12226 Unit IH-00-01-03-OF-05, Level 3 IH-00-01CP-05, Dubai International Financial Centre, Dubai, United Arab Emirates

Email: info@elastix.one

Version dated 01 April 2026