Privacy Policy

1. Introduction and Commitment to Privacy

eliSec ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you visit our website, use our mobile applications, and access our services (collectively, the "Platform"). Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Platform.

2. Information We Collect

We may collect information about you in a variety of ways. The information we may collect includes:

3. Use of Your Information

We use the information we collect for various purposes:

• Account Management: Create, maintain, and manage your user account and profile
• Service Provision: Deliver the Platform's features and functionality, including SEC filing aggregation, alerts, and analysis
• Transaction Processing: Process subscription payments, billing, and manage refunds
• Communication: Send account notifications, service updates, and respond to your inquiries
• Personalization: Customize your experience and recommend relevant content based on your usage
• Analytics and Improvement: Analyze usage patterns, identify trends, and improve Platform functionality
• Security and Fraud Prevention: Detect, prevent, and address fraud, abuse, and security issues
• Legal Compliance: Comply with applicable laws, regulations, and legal obligations
• Marketing and Promotion: Send promotional emails, newsletters, and updates (with your consent)
• Research: Conduct research and analytics to enhance our services and user experience

4. Disclosure and Sharing of Your Information

We may share your information in the following circumstances:

5. Stripe Payment Processing

We use Stripe, Inc. ("Stripe") to process all payment transactions on our Platform. When you subscribe or make a payment:

• Payment Data Handling: Your credit/debit card details are transmitted directly to Stripe using secure encryption. We do NOT store, process, or have access to your full card numbers.
• Stripe Compliance: Stripe is PCI-DSS Level 1 compliant and handles all sensitive payment data in accordance with industry security standards.
• Secure Tokens: Stripe generates unique payment tokens that allow us to initiate recurring charges without accessing your actual card information.
• Billing Information: We store billing address, cardholder name, and last four digits of your card for billing and fraud prevention purposes.
• Stripe's Privacy Policy: Stripe's collection and use of your payment information is governed by Stripe's Privacy Policy, available at https://stripe.com/privacy
• Webhook Data: Stripe sends us payment confirmation data (transaction ID, amount, date, status) through secure webhooks for billing records.

6. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to enhance your experience and collect usage data:

• Essential Cookies: Required for Platform functionality and security
• Analytics Cookies: Track usage patterns and improve Platform performance
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Track marketing effectiveness and user behavior

Most browsers allow you to control cookies through settings. However, disabling cookies may impact Platform functionality. We do not respond to Do Not Track signals at this time.

7. Security of Your Information

We implement comprehensive administrative, technical, and physical security measures to protect your personal information:

• SSL/TLS encryption for data transmitted over the internet
• Secure data storage with access controls and authentication
• Regular security audits and vulnerability assessments
• Employee training on data protection and privacy practices
• Intrusion detection and prevention systems
• Firewall protection and network segmentation

8. Data Retention

We retain your personal information for as long as necessary to:

• Provide the Platform and services you requested
• Maintain your account and fulfill our legal obligations
• Resolve disputes and enforce our agreements
• Comply with applicable laws and regulations

When information is no longer needed, we securely delete or anonymize it. However, we may retain certain information for legal, regulatory, or business purposes as permitted by law.

9. Your Privacy Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

To exercise any of these rights, please contact us using the information in Section 12.

10. CCPA and State Privacy Rights

If you are a California resident, under the California Consumer Privacy Act (CCPA), you have the right to:

• Know what personal information we collect and how we use it
• Know whether your personal information is sold or shared with third parties
• Request deletion of your personal information (subject to exceptions)
• Access and download your personal information
• Opt out of the sale or sharing of your personal information
• Be free from discrimination for exercising your CCPA rights
• Have a consumer rights agent authorized to make requests on your behalf

Similar rights may apply in other states (Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Kentucky, Louisiana, Massachusetts, Minnesota, Mississippi, Missouri, Montana, Nebraska, New Hampshire, New Jersey, New York, Ohio, Oregon, Rhode Island, Tennessee, Texas, Utah, Vermont, Virginia, Washington).

To submit a CCPA or state privacy request, contact us at privacy@elisec.net with "Privacy Request" in the subject line. We will respond within 45 days.

11. GDPR and EU Privacy Rights

If you are a resident of the European Union, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectify inaccurate or incomplete data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge complaints with your supervisory authority

We process personal data on the basis of your consent or our legitimate business interests. For data subject requests, contact us at privacy@elisec.net. We will respond within 30 days.

12. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States, which may have different data protection laws. By using our Platform, you consent to the transfer of your information to countries outside your country of residence. We implement appropriate safeguards, including standard contractual clauses and adequacy decisions, to protect your information.

13. Third-Party Links and Services

Our Platform may contain links to third-party websites and services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information. Your use of third-party services is governed by their terms and policies, not ours.

14. Contact Us About Your Privacy

If you have questions about this Privacy Policy or your personal information, please contact us at privacy@elisec.net

15. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Any changes will be effective immediately upon posting to the Platform. We will notify you of material changes via email or prominent notice on the Platform. Your continued use of the Platform after changes constitutes acceptance of the modified Privacy Policy.

16. California "Shine the Light" Law

Under California Civil Code Section 1798.83 ("Shine the Light" law), California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. To submit such a request, please contact us at privacy@elisec.net with "Shine the Light Request" in the subject line.