Privacy policy

Last updated: 3 June 2026

Elemra AI respects your privacy. This policy describes how we collect and use personal data when you use our website (elemra.com) and related services, in line with UK GDPR, the UK Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) where they apply.

Who we are

Elemra AI is the data controller for personal data processed through this website. Contact: hello@elemra.com.

Information we collect

  • Information you provide — for example name, email, company, and message when you contact us or book a consultation.
  • Website usage (optional) — if you consent to analytics, we process information such as pages viewed, approximate location, device and browser details, and events collected by Google Analytics 4 (via Google Tag Manager). This may involve cookies and similar technologies as described in our Cookie policy.
  • Technical and security data — standard server, hosting, and security logs may include IP addresses and request metadata. We use these to operate and protect the site.

Lawful bases

  • Contract / pre-contract — responding to enquiries and delivering agreed services.
  • Consent — non-essential cookies and analytics (where not strictly necessary), and marketing communications where we ask for permission.
  • Legitimate interests — operating and securing the site, understanding aggregate product interest where compatible with your rights, and limited business administration.
  • Legal obligation — where we must comply with law or regulatory requests.

How we use your information

We use personal data to:

  • Respond to enquiries and deliver our services;
  • Improve the website and user experience (with consent where required);
  • Send updates or marketing only where you have opted in;
  • Comply with law and protect our legitimate security interests.

We do not sell your personal data.

International transfers

Some providers we use (including Google) may process data in the United Kingdom, European Economic Area, United States, or other countries. Where data is transferred outside the UK/EEA, we rely on appropriate safeguards recognised under UK GDPR (such as the UK extension to the EU-US Data Privacy Framework where applicable, UK international data transfer agreements / addendum, or standard contractual clauses), together with supplementary measures where appropriate. You may request more detail about transfers by contacting us.

Retention

We keep personal data only as long as needed for the purposes above, including legal, accounting, and reporting requirements. Analytics data is subject to retention settings in Google Analytics and our configuration of those tools.

Security

We implement appropriate technical and organisational measures to protect personal data. No method of transmission over the internet is completely secure; we work to reduce risk in line with good industry practice.

Your rights

Under UK GDPR you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability, in each case subject to applicable law. You may withdraw consent for optional analytics at any time via cookie settings or your browser. You may lodge a complaint with the ICO (ico.org.uk) if you believe your rights have been infringed.

To exercise your rights, contact hello@elemra.com. We aim to respond within one month.

Voice assistant on elemra.com

If you choose to use the optional voice assistant on our website, we process additional data so the conversation can run and so we can follow up on your enquiry.

  • What we collect — audio from your microphone (processed in real time), transcripts of the conversation, and any contact details you provide (for example name, email, company, and a summary of your needs). We also log session metadata such as timing and usage limits to operate the service fairly and securely.
  • Providers — voice and speech services are provided by ElevenLabs (conversation and transcription). Content lookups may use our CMS (Sanity). Session and lead data may be stored in Supabase (UK/EU hosting where applicable). CRM tasks may be created in ClickUp; notification email may be sent via Resend.
  • Lawful basis — we rely on your consent when you accept the voice assistant before the microphone is used. We may also rely on legitimate interests to secure and improve the service, and on pre-contract steps when you ask us to follow up.
  • Retention — transcripts and lead records are kept only as long as needed to respond, deliver services, and meet legal or accounting requirements, then deleted or anonymised where possible.
  • Your choices — you can decline the assistant and use the contact form instead. You can withdraw consent for future voice sessions by not using the feature. To request access, correction, or deletion of data from a voice session, email hello@elemra.com.

Third-party services

We use subprocessors that process data on our behalf, including hosting, email, CMS (Sanity), analytics (Google), voice (ElevenLabs), database and edge functions (Supabase), CRM (ClickUp), and other tools needed to run the business. Their use is governed by contracts and documented where required.

Changes

We may update this policy from time to time. The "Last updated" date reflects the latest version.