Privacy Policy

Last update: 25/11/2025

Welcome to Eleganza.ai ("Website"). This Privacy Policy explains how EL7 TECH LTD, a legal entity incorporated and existing under the laws of Cyprus with its office located at Agias Faneromenis, 143-145 PATSIAS COURT, Flat/Office 201 6031, Larnaca, Cyprus, including its subsidiaries and affiliates (the "Company", "We", "Us", or "Our"), collects, uses, and protects personal data of our business clients, their representatives, and contacts ("User", "Users", "You", "Your") in compliance with:

EU General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR"), and
Cyprus Law 125(I)/2018 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data.

By engaging with Our Services or providing Us with your data, You confirm that You have read and understood this Privacy Policy.

This Privacy Policy should be read in conjunction with the Terms of Use, that collectively form the entire agreement (the "Agreement"). We kindly ask that You stop using the Website if You disagree with the Agreement. Continued use of the Website signifies your understanding and acceptance of the Agreement.

1.DEFINITIONS

1.1. Data Controller — an individual, whether natural or legal, who chooses how and why any Personal Data is or will be processed (alone, jointly, or in common with other individuals).

1.2. EL7 TECH LTD (a company duly registered under the laws of the Cyprus with principal office at Agias Faneromenis, 143-145 PATSIAS COURT, Flat/Office 201 6031, Larnaca, Cyprus) is the Data Controller that is responsible for the Personal Data collected and used within the scope of this Privacy Policy.

1.3. Personal data – any information relating directly or indirectly to a specific or identifiable natural person (User).

1.4. Personal data processing – any action (operation) or set of actions (operations) performed with or without automation tools on Personal data, including collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.5. Services – any services provided by the Company on the Website.

2.GENERAL INFORMATION

2.1. This Privacy Policy explains how We gather, use, and protect Your Personal Data.

2.2. It applies to all individuals who visit and use Our Website and, as a result, share their Personal Data with Us. The Policy also outlines Your options regarding how We handle Your Personal Data and how You may access or update it. We value Your privacy and are fully committed to safeguarding it.

2.3. If You decide to withdraw Your consent for the processing of Your Personal Data for marketing purposes, You may do so at any time. To opt out, simply click the "Unsubscribe" link included in any SMS or marketing email sent by Us or Our partners. You may also withdraw Your consent by emailing Us at info@eleganza.ai. Please note that withdrawing consent will not affect the lawfulness of any processing carried out before Your withdrawal.

2.4. This Privacy Policy applies exclusively to this Website. The Company does not manage and bears no responsibility for any third-party websites that Users may visit through links provided on the Website.

2.5. The Company does not verify the accuracy of the Personal Data submitted by Users and relies on the assumption that such data is truthful, complete, and kept up to date by the User.

3.CATEGORIES OF PERSONAL DATA

3.1. The Company may collect, store, process, use, and disclose the Personal Data provided by the User when accessing or using the Website and/or Services, in accordance with this Privacy Policy. By using any part of the Website or Services, the User authorizes the Company to collect, store, process, use, and disclose their Personal Data as outlined herein. The Company processes and utilizes the User's Personal Data to ensure the proper functioning of the Website and Services, as well as to safeguard the User's rights and legitimate interests in compliance with applicable law.

3.2. We collect and process only the data necessary to conduct business activities, including:

First name and last name
Business email address
Phone number
Company name
Company address (mandatory for invoicing and contracts)
Source (how you found out about us)

3.3. This Personal data is obtained through the completion of forms available on the Website. We do not collect or store credit/debit card data. All payments are processed by independent third-party payment providers such as Stripe (https://stripe.com/privacy), PayPal(https://www.paypal.com/us/legalhub/paypal/privacy-full#paypal_privacy_statemen).

3.4. We may disclose your Personal Information to third -parties to fulfill the purpose for which you provide the Personal Information, and for any purpose to which you consent within the limits defined by this policy. These may include сloud storage and data center providers – for secure storage and hosting of data; analytics platforms – to analyze usage patterns and improve the performance and user experience of our website; marketing and communication platforms – to send newsletters, promotional materials, or other communications you have opted to receive; recruitment and job-posting platforms – to manage job applications and related recruitment processes. We therefore encourage you to review the privacy policies of our partners available at the following links:

AWS (https://aws.amazon.com/privacy/?nc1=f_pr), Google (https://policies.google.com/privacy?hl=en-US), Meta (https://www.facebook.com/privacy/policy/), Hotjar (https://www.hotjar.com/legal/policies/privacy/), OpenAI (https://openai.com/policies/row-privacy-policy/), Anthropic Claude (https://www.anthropic.com/legal/privacy), Runway ML (https://runwayml.com/privacy-policy), Stable Diffusion (https://stablediffusionweb.com/private-policy), Intercom (https://www.intercom.com/legal/privacy).

3.5. All such third-party service providers are permitted to access and process Personal Information solely for the purpose of providing their services to us and are required to maintain at least the same level of protection over your Personal Information as described in this Privacy Policy. They are prohibited from using your Personal Information for any other purpose.

4.LEGAL BASIS AND PURPOSE OF PROCESSING

4.1. The Сompany collects and processes Users' Personal Data for the following purposes:

4.1.1. to verify the identity of the User;
4.1.2. to provide Services offered by the Company through the Website;
4.1.3. to provide customer support and respond to User inquiries, including processing requests, handling complaints, and providing technical assistance;
4.1.4. to communicate important information regarding updates, the availability of new Services etc;
4.1.5. to enhance and personalise the experience of using the Website and accessing the Company's Services;
4.1.6. to conduct market research, analyse market trends, and improve our Services and offerings;
4.1.7. to send marketing communications, special offers, and promotional materials (subject to User consent where required);
4.1.8. to prevent fraud and ensure the security of transactions and the Website;
4.1.9. to comply with legal obligations and protect the rights and legitimate interests of Users, the Website, and third parties;
4.1.10. to manage and process subscriptions, including processing automatic credit reloads, managing subscription upgrades and downgrades, and tracking subscription status and history;
4.1.11. to facilitate personalised communications, including sending credit reload notifications, providing subscription status updates, offering personalised discounts, and communicating exclusive promotions.

4.2. We handle and process Personal Data in full compliance with the applicable data protection laws and regulations, including:

4.2.1. If you are located in Cyprus, all Personal Data processing is carried out in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Processing of Personal Data (Protection of Individuals) Law of 2018 (Law 125(I)/2018).

4.2.2. If you reside in the European Union (EU), you have privacy rights, and all Personal Data processing is governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, also known as the General Data Protection Regulation ("GDPR").

4.3. The Company processes Personal data in accordance with Article 6 (1) GDPR. Processing is only lawful if at least one of the following applies:

Purpose (of processing)	Type of personal data	Legal grounds
Marketing (including email campaigns, advertising, targeting)	First name, last name, email address, phone number, company name (for B2B clients), country, user activity (email opens, clicks), social media profiles (if provided).	Only with Your explicit consent
Website analytics	IP address, cookies (technical, functional, analytical, marketing), device type, browser, location (city/country), visit time, on-page behavior, UTM tags.	Necessary for Our legitimate interests
Communication with clients and prospects	First name, last name, email address, phone number, message or inquiry, attached files, company or project information (if provided).	Necessary for the performance of a contract with You/ pre-contractual steps and for Our legitimate interests
Client registration and account management	First name, last name, email, phone number, country of residence, company/studio name, user role (designer, brand, dealer), password (hashed), profile settings, usage history, IP address.	Necessary for the performance of a contract with You
Processing customer feedback	First name, last name, review, position, company name, profile photo (if provided), link to website or social media.	Only with Your explicit consent
Employment of staff	First name, last name, date of birth, contact details, CV (resume), portfolio, bank account details, tax information, identity documents (for contracts), employment history.	Necessary for the performance of a contract with You
Recruitment and candidate search	First name, last name, CV (resume), other information.	Only with Your explicit consent
Fraud prevention	IP address, logins, timestamps, technical cookies, session ID, behavioral data (anomalous logins), device fingerprint, authentication (login) history.	Necessary for Our legitimate interests
Service provision	First name, last name, email, project history, files (3D scenes, images, comments), metadata (creation date, models used, brands), payment information (via Stripe/PayPal — tokenized).	Necessary for the performance of a contract with You
Partner relations	First name, last name, position, email, phone number, company name, country, business address, commercial terms, communication history, contracts, signed documents.	Necessary for the performance of a contract with You
Partner due diligence (pre-contract checks)	Company name, country of registration, tax ID/registration number, names of contact persons, financial history, reviews, reputational information (from public sources).	Necessary for Our legitimate interests
Payments, accounting, invoicing	First name, last name, email, bank account details, amounts, IBAN, company name, address, tax number, transaction data.	Necessary for the performance of a contract with You and to comply with a legal obligation
User support	First name, last name, inquiry history, technical data (browser, device, time, IP), chat or ticket messages.	Necessary for the performance of a contract with You and for Our legitimate interests
Content marketing, social media publications, brand cases	First name, profile photo, position, company, quotes/reviews, social media profiles (if provided), images of interiors or projects.	Only with Your explicit consent
Internal system performance analytics and product development	Technical logs, IP address, user ID, session duration, functional actions in the web application (anonymized upon storage).	Necessary for Our legitimate interests

4.4. You can withdraw Your consent at any time. This withdrawal will not affect the lawfulness of processing before withdrawal.

4.5. The Company has prepared Legitimate Interest Assessments (the "LIAs") in accordance with the GDPR.

4.6. Personal Data is processed with a high level of security and confidentiality, in full compliance with the GDPR. The information is not public and is accessible only to the User.

4.7. Under the GDPR, individuals whose data is processed have the rights which are explained in Section 8 of this Policy. These rights include, among others, the right of access (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), and the right to object (Article 21).

4.8. All matters regarding Your Personal Data are governed by Our Privacy Policy, and by using the Website, You consent to the collection and processing of this information. We therefore recommend that You read the Privacy Policy carefully.

4.9. If You have any questions, wish to exercise any of Your rights, or encounter any issues regarding Your Personal Data, please contact the Company at the following email address: info@eleganza.ai.

5.YOUR CONSENT

5.1. By accepting this Privacy Policy, You confirm that You have reached the age of majority or the legal age in Your jurisdiction (usually 18 or older), take full responsibility for Your actions, and understand the terms set out in this Privacy Policy.

5.1.1. Website is not directed towards, and We do not knowingly collect, use, disclose, sell, or share any information about children under the age of 18 or below the legal age of majority in their jurisdiction. If You become aware that a child has provided any personal data to Us while using Our Services, please email us at info@eleganza.ai and We will investigate the matter and, if appropriate, delete the personal data.

5.2. By submitting Your Personal Data to Us via the User Form, Website, or any other method, You expressly and unconditionally consent to and agree that We may, in accordance with this Privacy Policy:

5.2.1. process Your Personal Data in any way, including collection, storage, use, disclosure, sharing, and transfer (including cross-border transfers) of the Personal Data You provide, as well as Personal Data obtained through Your use of the Services (such as data collected automatically or from other sources); and
5.2.2. use Cookies and similar technologies to collect Your Personal Data.

5.3. We assume that all Users have carefully read this Privacy Policy and agree to its terms. If You do not agree with this Privacy Policy, You should refrain from using the Services immediately.

6.PRINCIPLES

6.1. We handle and process Personal Data in full compliance with applicable data protection laws, including the GDPR and the Processing of Personal Data (Protection of Individuals) Law of 2018 (Law 125(I)/2018) of Cyprus. In accordance with this law, the following key principles are observed when processing Personal Data:

6.1.1. Lawfulness, fairness, and transparency – Data is processed legally, fairly, and in a transparent manner.
6.1.2. Purpose limitation – Data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.
6.1.3. Data minimization – Only data necessary for the intended purposes is collected and processed.
6.1.4. Accuracy – Reasonable steps are taken to ensure that Personal Data is accurate, complete, and kept up to date.
6.1.5. Storage limitation – Personal Data is retained only for as long as necessary for the purposes for which it is processed.
6.1.6. Integrity and confidentiality – Data is processed securely to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.
6.1.7. Accountability – The Company is responsible for, and must be able to demonstrate, compliance with these principles.

7.DATA RETENTION AND DISCLOSURE

7.1. We retain personal data for the period necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. When retention is no longer necessary, data will be securely deleted or anonymised.

Category	Examples	Data retention Length
User data	First name, last name, email, phone number, country of residence, company/studio name, user role (designer, brand, dealer), password (hashed), profile settings, usage history, IP address.	For the duration of the user account and no longer than 1 year after its deactivation or deletion.
Marketing contacts	First name, last name, email address, phone number, company name (for B2B clients), country, user activity (email opens, clicks), social media profiles (if provided).	2 years
Website analytics data	IP address, cookies (technical, functional, analytical, marketing), device type, browser, location (city/country), visit time, on-page behavior, UTM tags.	1 year
Customer communications	First name, last name, inquiry history, technical data (browser, device, time, IP), chat or ticket messages.	2 years
Partner, brand, and dealer data	First name, last name, position, email, phone number, company name, country, business address, commercial terms, communication history, contracts, signed documents.	for the duration of the contract and no longer than 5 years after its termination.
Job applicant data	First name, last name, CV (resume), other information.	6 months after the completion of the selection process.
Employee and contractor data	First name, last name, date of birth, contact details, CV (resume), portfolio, bank account details, tax information, identity documents (for contracts), employment history.	for the duration of the contract and no longer than 7 years after its termination.
Financial, payment, and accounting documents	Invoices, bank details	7 years
Customer feedback	Feedback, case studies, media content	Until consent is withdrawn
Security technical logs	Log files, login attempts, IP addresses, device IDs	1 year

7.2. The Website may share User's Personal Data with third parties only in the following circumstances:

7.2.1. when required by applicable law or in response to valid requests from public authorities;
7.2.2. to protect and defend our rights or property;
7.2.3. to prevent or investigate possible wrongdoing in connection with Our Services;
7.2.4. to protect the personal safety of Users or the public;
7.2.5. in the event of any Personal data breach, we will notify affected Users and relevant supervisory authorities as required by applicable law;
7.2.6. we implement appropriate technical and organizational measures to protect Personal data, including:
- 7.2.6.1. encryption of data transmission using SSL technology;
- 7.2.6.2. regular security assessments and updates;
- 7.2.6.3. access controls and authentication procedures;
- 7.2.6.4. staff training on data protection and security practices.

7.3. We implement industry-standard safeguards, including access controls (strict authentication protocols), encryption and network security, a dedicated security team monitoring threats, incident response procedures.

7.4. The Company may have contractors and subsidiaries in other countries, including those outside the European Economic Area (EEA), who may access your Personal data. When We transfer your Personal data to third parties, we ensure that it is protected and used solely for the purposes specified in this Privacy Policy. This is achieved by:

using only certified services and products;
entering into data processing agreements with contractors and partners, including Standard Contractual Clauses (SCCs) adopted by the European Commission and compliant with EU data protection laws;
implementing technical and organizational measures to protect personal data while it is stored, processed, used, and transferred.

7.5. Despite these measures, no digital system is 100% immune to risks (e.g., evolving cyber threats). If a breach occurs, we will:

7.5.1. act immediately to mitigate harm;
7.5.2. notify affected users as legally required;
7.5.3. enhance defences to prevent recurrence.

8. YOUR RIGHTS UNDER GDPR

8.1. We recognize and uphold Your right to privacy and acknowledge the importance of safeguarding Personal Data. In accordance with the laws applicable to You, and subject to certain conditions, You are entitled to various rights regarding the Personal Data that We process.

8.2. The rights which Users have upon the GDPR:

8.2.1. Right to information. We provide transparent and clear information about the methods of collecting, controlling and processing Personal Data.
8.2.2. Right to access. You may contact Us to get confirmation as to whether or not We are processing Your Personal Data.
8.2.3. Right to withdraw Consent. In case Our processing is based on the Consent granted, You may withdraw the Consent at any time by contacting us. You can withdraw Your Consent at any time by replying to the email with Your withdrawal and Your Personal Data will be deleted in 48 hours.
8.2.4. Right to object. In case Our processing is based on Our legitimate interest to run, maintain and develop Our business, You have the right to object at any time to Our processing. We shall then no longer process Your Personal Data unless for the provision of Our Services or if We demonstrate other compelling legitimate grounds for Our processing that override Your interests, rights, and freedoms or for legal claims.
8.2.5. Right to restriction of the processing. You have the right to obtain restriction of processing of Your Personal Data, as foreseen by applicable data protection law, e.g. to allow Our verification of the accuracy of Personal Data after Your contesting of accuracy or to prevent Us from erasing Personal Data when Personal Data is no longer necessary for the purposes but still required for Your legal claims or when Our processing is unlawful. Restriction of processing may lead to fewer possibilities or the impossibility to use Our Services.
8.2.6. Right to Erasure ("Right to Be Forgotten"). You may request data deletion, except when processing is necessary for:
- Legal obligations
- Public interest
- Legal claims
- Freedom of expression.
8.2.7. Right to rectification. You have the right to request that We promptly correct any inaccurate Personal Data about You.
8.2.8. Right to data portability. You have the right to receive the Personal Data that You have provided to Us in a structured, commonly used, and machine-readable format, and to transfer this data to another controller without interference from Us.
8.2.9. Right not to be a subject to a decision based solely on automated processing. You have the right not to be subjected to a decision that is based solely on automated processing — including profiling — if such a decision produces legal effects concerning You or otherwise significantly affects You.
8.2.10. Right to lodge a complaint with a supervisory authority. You have the right to file a complaint with a supervisory authority if You believe that the processing of Your Personal Data infringes applicable data protection laws. You may submit such a complaint, in particular, in the Member State where You reside, work, or where the alleged violation occurred, without prejudice to any other administrative or judicial remedies available to You.
8.2.11. Right to an effective judicial remedy against a supervisory authority. You have the right to seek an effective judicial remedy if a supervisory authority issues a legally binding decision that affects You. This right applies without prejudice to any other administrative or non-judicial remedies available to You, ensuring that You may challenge such decisions before a competent court.
8.2.12. Right to an effective judicial remedy against a controller or processor. You have the right to seek an effective judicial remedy if You believe that Your rights under data protection laws have been violated due to the processing of Your Personal Data by a controller or processor in a manner that does not comply with GDPR. This right applies without prejudice to any administrative or non-judicial remedies available to You, including the right to lodge a complaint with a supervisory authority.
8.2.13. Right to compensation and liability. You have the right to receive compensation if You suffer material or non-material damage as a result of a controller's or processor's violation of GDPR. In such cases, the responsible controller or processor must compensate You for the harm caused.

8.3. How to use these rights. To exercise any of the above—mentioned rights, You should primarily use the functions offered by Our Services. If such functions are not sufficient for exercising such rights, You shall send Us a letter or email to the address set out below, including (but not limited to) the following information: full name, phone number, email address.

9.TRANSFER OF DATA

9.1. Your information, including Personal Data, may be transferred to and stored on servers located outside of Your state, province, country, or other governmental jurisdiction, where data protection laws may differ from those in Your jurisdiction.

9.2. Please note that We may transfer and process data, including Personal Data, within the European Union, regardless of whether You are located in the EU or elsewhere.

9.3. By accepting this Privacy Policy, continuing to use the Website, and submitting Your information, You consent to such transfers.

9.4. The Company is committed to taking all reasonable measures to ensure the security of Your data in accordance with this Privacy Policy. Personal Data will not be transferred to any organization or country unless appropriate safeguards are in place to protect the security and confidentiality of Your information.

9.5. Data Storage Location. Your personal data is stored exclusively on Amazon Web Services ("AWS") servers.

10.LINKS TO OTHER SITES

10.1. Our Service may contain links to other sites that are not operated by Us. If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

10.2. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

11.DO WE USE COOKIES

11.1. Yes. Cookies are small files that a site or its service provider transfers to Your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognise your browser and capture and remember certain information. They are also used to help Us understand Your preferences based on previous or current site activity, which enables Us to provide You with improved services. We also use cookies to help Us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

11.2. For more detailed information about the types of cookies We use, the purposes for which We use them, and Your options for managing cookie preferences, please refer to Our Cookie Policy, where all matters related to the use of cookies on Our website are fully regulated.

12.UPDATES TO THIS POLICY

12.1. We may update this Privacy Policy from time to time. The latest version will always be available on Our Website.

13.DATA PRIVACY CONTACT

13.1. Data Privacy Contact. Name: Privacy Department, e-mail: info@eleganza.ai. We will then check the matter and respond to Your requests.