Privacy Policy
Last updated: 12 June 2026
1. Who we are
The data controller for your personal data is Elify. If you have any questions about this policy or how your data is handled, please contact us at: elify.general@gmail.com · elify.dk
2. What data we collect and why
We collect only the minimum data necessary to provide the Service.
2.1 Data you provide directly
- Your email address, if you register for cross-device login. Used to send your magic login link.
- The PDF documents you upload for analysis. These may contain personal data such as names, property addresses, CVR numbers, or CPR numbers if present in the original document.
- Payment information. Processed directly and securely by Stripe. We do not store card numbers or payment details on our servers.
2.2 Data generated automatically
- A session token to associate your upload with your summary result.
- A timestamp of when the upload occurred.
- The AI-generated summary text, which is retained in your account until you delete it or close your account.
We use localStorage (browser storage) to remember your cookie consent choice under the key elify-cookie-consent. This is not a cookie and contains no personal data.
If you click Accept all on the consent banner, Google Analytics (GA4) is loaded and sets first-party analytics cookies (_ga, _ga_*) in your browser. These are used solely to understand aggregate site usage — pages viewed, visit duration, and approximate country derived from IP. We do not use this data for advertising or profiling. If you choose Only required or Decline, no analytics cookies are set and GA4 is not loaded. To change your choice at any time, clear your browser's local storage for elify.dk (browser developer tools → Application → Local Storage).
3. Legal basis for processing (GDPR Article 6)
- Consent (Art. 6(1)(a)): You give explicit consent before uploading any document. You may withdraw this consent at any time. Where you have accepted analytics cookies, processing of analytics data is also based on your consent, which you may withdraw at any time (see §2.2).
- Contract performance (Art. 6(1)(b)): Processing is necessary to deliver the summary you have purchased.
- Legitimate interests (Art. 6(1)(f)): We retain minimal technical logs to ensure service security and stability.
4. How we store and protect your data
Your data is stored in the European Union (Frankfurt, Germany) using Supabase, an EU-hosted database and storage provider. All data is encrypted in transit (HTTPS/TLS) and at rest.
- Uploaded PDF documents are stored in a private, access-controlled storage bucket. They are not publicly accessible and are automatically deleted 24 hours after your summary has been delivered.
- Summary results are stored in a secure database row linked to your account token and are retained until you delete them or request erasure.
5. Third-party processors
We use the following third-party services to deliver the Service. Each acts as a data processor under a Data Processing Agreement (DPA) with us:
| Processor | Purpose | Data location |
|---|---|---|
| Anthropic (Claude API) | Processes the text content of your uploaded document to generate a plain-language summary. Anthropic does not use API data to train its models. | United States (standard contractual clauses) |
| Supabase | EU-hosted database and file storage. | EU (Frankfurt) |
| Stripe | Payment processing. Subject to its own privacy policy and PCI-DSS compliance. We share only the minimum data required to process your transaction. | EU / United States |
| Resend | Transactional email delivery for magic login links. | United States (standard contractual clauses) |
| Netlify | Hosting and serverless functions. No document content is stored by Netlify. | EU / United States |
| Google Analytics (GA4) | Analytics — pages viewed, visit duration, and approximate country derived from IP. Only activated if you give analytics consent. Google does not receive your document content. See Google's privacy policy. | United States (standard contractual clauses) |
6. How long we keep your data
- Uploaded PDF documents: deleted automatically 24 hours after your summary is delivered.
- Summary results: retained until you delete them or close your account.
- Payment records: retained for 5 years as required by Danish bookkeeping law (Bogføringsloven).
- Account data (email): retained until account closure or erasure request.
7. Your rights under GDPR
As a data subject, you have the following rights:
- Right of access (Art. 15): Request a copy of all personal data we hold about you.
- Right to rectification (Art. 16): Ask us to correct inaccurate data.
- Right to erasure (Art. 17): Ask us to delete your personal data. We will comply within 30 days, except where we are legally required to retain data (e.g. payment records).
- Right to restriction (Art. 18): Ask us to limit how we use your data.
- Right to data portability (Art. 20): Receive your summary data in a machine-readable format.
- Right to withdraw consent (Art. 7(3)): Withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.
- Right to lodge a complaint: You have the right to complain to the Danish Data Protection Authority (Datatilsynet) at datatilsynet.dk.
To exercise any of these rights, contact us at elify.general@gmail.com. We will respond within 30 days.
8. Children
The Service is not directed at or intended for use by anyone under the age of 18. We do not knowingly collect personal data from children.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this document. Continued use of the Service after changes constitutes acceptance of the updated policy.
10. Contact
For any privacy-related questions or requests, contact us at: elify.general@gmail.com