ellivate.ai

Privacy Policy

What we collect, and why.

Last updated: April 19, 2026

Ellivate is a publishing platform for personal software. To make that work we collect a small amount of account information and store the apps and data you choose to upload. We don't sell your data, we don't track you across other apps or websites, and we don't run ads.

Information we collect

Account data
Email address, username, and optional profile picture. These are required to give you an account, associate your published apps with you, and let people you invite find you by username. Authentication is handled by Clerk.
Content you publish
The source code, assets, and manifest of each app you publish to Ellivate. We store these on Cloudflare R2 (zip archives) and run them on Railway or Cloudflare Pages.
App data
When an app you publish saves data through the Ellivate cloud store (e.g. a grocery list, notes), that data is scoped to your account and stored encrypted at rest. We don't read or share it. You can delete it at any time by deleting the app.
Connected accounts
If you connect an external service (e.g. an Airbnb login) so your apps can act on your behalf, we store the resulting browser session encrypted at rest and inject it only into the apps you attach it to. You can revoke connections at any time from the dashboard.
Billing information
If you subscribe to a paid plan, payment details (card, address, name) go directly to Stripe, our payment processor. Ellivate only stores Stripe's customer ID, subscription ID, and status — never your card number or full address.
Device identifiers for push notifications
When you sign into the Ellivate mobile app we register an Expo push token so we can send notifications when an app is shared with you or when your own apps finish publishing. Uninstalling the app or signing out removes the token.
Crash and error data
If the app hits an unexpected error we send a crash report to Sentry so we can fix it. Crash reports include the error and a stack trace; they do not include your email, app data, or payment information.
Basic analytics
We log app view events (country, city, coarse referrer) so publishers can see how often their apps are used. We do not store IP addresses alongside events and do not use third-party analytics or advertising trackers.

How we use this information

  • Run your account, your published apps, and your app data.
  • Send you transactional emails and push notifications.
  • Process subscription payments through Stripe.
  • Diagnose and fix errors.
  • Comply with legal obligations.

We do not use your data to train machine-learning models and we do not sell your data.

Who we share data with

We share only the minimum needed to run the service, and only with processors who are contractually bound to handle data on our behalf:

  • Clerk — authentication and profile images.
  • Stripe — payment processing.
  • Cloudflare — static asset hosting, file storage, and DNS.
  • Railway — compute for apps you publish and the Ellivate API.
  • Vercel — hosting for the marketing site and dashboard.
  • Expo — mobile push notification delivery.
  • Sentry — crash and error reporting.

Third-party integrations you connect to

You can connect third-party accounts (Google, Strava, Slack, etc.) to your Ellivate account so the tools you build can use those services on your behalf. These are your connections, not Ellivate's, but we proxy the data flow and act as the technical custodian of your OAuth tokens. Each connection is opt-in, scope-by-scope visible at consent time, and revocable from your Connections dashboard at any time.

OAuth tokens are encrypted at rest. When you disconnect, the token is immediately revoked at the provider (best effort) and marked for deletion in our database. Data the connected provider returns to your tools is not retained by Ellivate beyond the proxy hop — your tools choose whether to persist it via ellivate.set / ellivate.collection / ellivate.blob.

Google (Calendar)
When you connect Google, we receive your Google account identifier (the OIDC sub claim) and email address for connection labeling, plus access tokens for the scopes you grant (e.g. calendar.events). We call Google APIs only when a tool you authored explicitly invokes the integration. Google's privacy policy: policies.google.com/privacy.
Strava
When you connect Strava, we receive your Strava athlete ID and basic profile (username, name) for connection labeling, plus access tokens for the scopes you grant (e.g. read, activity:read). We call Strava APIs only when a tool you authored explicitly invokes the integration. Strava data your tools fetch may be passed to an LLM inference provider (see below) only if your tool code chooses to include it in an ellivate.reason call. We do not aggregate Strava data across users, do not use it for analytics, and do not share it with parties other than the inference providers listed below. Strava's privacy policy: strava.com/legal/privacy.
Slack
When you connect Slack, we receive your Slack user ID, workspace ID, and team metadata for connection labeling, plus access tokens for the scopes you grant (e.g. chat:write). We call Slack APIs only when a tool you authored explicitly invokes the integration. Slack's privacy policy: slack.com/trust/privacy.

AI inference providers

When a tool you author calls ellivate.reason (Ellivate's built-in AI primitive), the prompt — including any data your tool chose to include in it — is sent to a large-language-model provider for inference. The provider is chosen by the model name in the call (Anthropic for claude-* models, OpenAI for gpt-* models, Google AI for gemini-* models). The default is Anthropic; OpenAI and Google AI are available only if you have added the corresponding API key to your account.

All three providers operate under API terms that prohibit using your prompt data to train their models:

  • Anthropic — does not use API inputs or outputs to train models; see Commercial Terms.
  • OpenAI — API data has been excluded from training by default since March 2023; see Enterprise Privacy.
  • Google AI — paid-tier API usage is excluded from training; see Gemini API Terms.

The prompt sent to the provider and the response received are retained in Ellivate's database for diagnostics and audit-trail purposes. This retention is subject to the same account-deletion timeline as the rest of your data (see below). If a tool you author processes data from a connected integration (Strava, Google Calendar, etc.) and passes that data to ellivate.reason, that data is included in the inference call. We treat this as a feature of the tool you wrote, not a separate consent step — but we mention it here so the data flow is explicit.

How long we keep data

We keep your account and app data for as long as your account is active. When you delete an app, its source code and cloud store data are purged within 30 days. When you delete your account we delete your user record, all your apps, your app data, connected accounts, and payment info within 7 days. Crash reports at Sentry are retained for up to 90 days. Billing records we're legally required to retain stay for up to seven years.

Your rights

You can access, correct, export, or delete your data at any time. Account and billing data is manageable from the dashboard; for everything else email info@ellivate.ai. If you live in the EU, UK, California, or another jurisdiction with its own privacy law (GDPR, UK GDPR, CCPA, etc.), those rights apply to you and we will honor them.

Children

Ellivate is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has created an account, email us and we'll delete it.

Changes to this policy

If we make material changes we'll post the new version here and update the date at the top. For significant changes affecting your rights we'll email you before they take effect.

Contact

Questions about this policy or your data? Email info@ellivate.ai.