1. Data controller
Accelerhate SAS
Registered office: 31 Rue de la Rive, 44230 Saint-Sébastien-sur-Loire, France
SIREN: 989 119 672 — Nantes Trade and Companies Register
Intra-community VAT No.: FR18989119672
Share capital: EUR 99
Contact : jean@elric-ia.com
Accelerhate SAS — 31 Rue de la Rive, 44230 Saint-Sébastien-sur-Loire, France
2. Data collected
We collect the following data when you use Elric:
- Account data : email address, company name, business sector
- Imported documents : files uploaded to the Vault (PDF, DOCX, TXT, MD, images)
- Conversations : messages exchanged with Elric and its agents
- Meetings : meeting transcripts and summaries (via Recall.ai)
- Company memory : information automatically extracted from conversations and documents
- Usage data : number of runs, uploaded documents, time saved
3. Purposes of processing
- Provide the Elric service (AI agents, document analysis, meeting transcription)
- Improve agent relevance through company memory
- Manage your account and subscription
- Send service-related notifications (briefings, alerts)
- Ensure service security and performance
4. Legal basis
- Performance of contract : processing required to provide the service (Art. 6.1.b GDPR)
- Legitimate interest : service improvement and security (Art. 6.1.f GDPR)
- Consent : optional marketing communications (Art. 6.1.a GDPR)
5. Hosting and subprocessors (general)
| Service | Provider | Location |
|---|
| Database | Supabase (PostgreSQL) | EU (eu-west-1, Ireland) |
| Application hosting | Vercel (SOC 2 Type II) | EU / US (edge) |
| Artificial intelligence | Google (Gemini) | US |
| Payments | Stripe (PCI DSS) | US |
| Meeting transcription | Recall.ai | EU (eu-central-1) |
| Outgoing transactional email | Resend | US |
6. Google data and Limited Use compliance
When you connect a Google account to Elric (Google Drive, Gmail, Google Calendar, Google Sheets), Elric requests only the OAuth scopes strictly required for the features you use.
Data retrieved through Google APIs is used exclusively to provide the features requested by the user. It may be indexed in your workspace Vault for RAG search and sent to the Google Gemini API only when executing an action you initiate.
Elric’s use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including its Limited Use requirements.
- Elric never uses Google data for advertising.
- Elric never sells Google data.
- Elric does not transfer Google data to third parties except technical subprocessors required to provide the service.
- No human reads your Google data except with explicit consent, for security reasons, to comply with law, or when data is anonymized and aggregated for maintenance.
- Google data is not used to train general-purpose AI models.
- Google Drive : drive.file — access only to files selected through Google Picker or created by the application.
- Gmail : no scope requested since May 2026. Outgoing emails are sent through Resend.
- Google Calendar : calendar and calendar.events — read upcoming events and create/update events at your request.
- Google Sheets : drive.file — access only to sheets selected by you or created by the application.
Revoking access to your Google data.
- Disconnect an integration from Elric: Settings → Integrations or via /connect.
- Revoke access directly with Google: Google Account → Security → Third-party apps with account access.
Outgoing email via Resend (May 2026 →). All emails Elric sends on your behalf are sent from our transactional infrastructure, Resend, under the elric-ia.com domain.
- The From header is explicit: "Elric (assistant of [Your Name]) <assistant@elric-ia.com>".
- The Reply-To header is set to your email address.
- Elric does not read your incoming emails.
- Resend processes only emails you explicitly approve before sending.
- No sent email is used for model training, advertising, or transferred to an unnecessary third party.
7. Retention period
- Account data : kept while the account is active and deleted within 30 days after account deletion
- Documents and conversations : kept while the workspace exists
- Meeting recordings : videos deleted after 7 days by Recall.ai; transcripts and summaries are retained
- Technical logs : 90 days maximum
8. Your rights (GDPR)
You have the following rights:
To exercise these rights: Settings → Data & privacy in the application, or by email.
Data export and deletion are available self-service in your account settings.
- Right of access : obtain a copy of your data
- Right to rectification : correct your data
- Right to erasure : delete your account and all your data
- Right to portability : export your data in JSON format
- Right to object : object to certain processing activities
- Right to restriction : restrict the processing of your data
9. Security
For more details, see our security page. Security
- AES-256 encryption of OAuth credentials
- Row-Level Security (RLS) on all database tables
- HTTP security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options
- Prompt-injection protection
- Workspace-level rate limiting
- SSRF protection on outbound webhooks
10. Cookies
Elric uses only technical cookies required for the service to operate:
No advertising or third-party tracking cookies are used.
- Supabase authentication cookie : user session
- CSRF cookie : OAuth callback protection
11. Changes
This policy may be updated. If a substantial change is made, you will be notified by email or through the application.
12. Contact
For any question about data protection:
Contact : jean@elric-ia.com
Accelerhate SAS — 31 Rue de la Rive, 44230 Saint-Sébastien-sur-Loire, France