ELRIC

Privacy Policy

Last updated: May 4, 2026

1. Data controller

Accelerhate SAS Registered office: 31 Rue de la Rive, 44230 Saint-Sébastien-sur-Loire, France SIREN: 989 119 672 — Nantes Trade and Companies Register Intra-community VAT No.: FR18989119672 Share capital: EUR 99

Contact : jean@elric-ia.com
Accelerhate SAS — 31 Rue de la Rive, 44230 Saint-Sébastien-sur-Loire, France

2. Data collected

We collect the following data when you use Elric:

  • Account data : email address, company name, business sector
  • Imported documents : files uploaded to the Vault (PDF, DOCX, TXT, MD, images)
  • Conversations : messages exchanged with Elric and its agents
  • Meetings : meeting transcripts and summaries (via Recall.ai)
  • Company memory : information automatically extracted from conversations and documents
  • Usage data : number of runs, uploaded documents, time saved

3. Purposes of processing

  • Provide the Elric service (AI agents, document analysis, meeting transcription)
  • Improve agent relevance through company memory
  • Manage your account and subscription
  • Send service-related notifications (briefings, alerts)
  • Ensure service security and performance

4. Legal basis

  • Performance of contract : processing required to provide the service (Art. 6.1.b GDPR)
  • Legitimate interest : service improvement and security (Art. 6.1.f GDPR)
  • Consent : optional marketing communications (Art. 6.1.a GDPR)

5. Hosting and subprocessors (general)

ServiceProviderLocation
DatabaseSupabase (PostgreSQL)EU (eu-west-1, Ireland)
Application hostingVercel (SOC 2 Type II)EU / US (edge)
Artificial intelligenceGoogle (Gemini)US
PaymentsStripe (PCI DSS)US
Meeting transcriptionRecall.aiEU (eu-central-1)
Outgoing transactional emailResendUS

6. Google data and Limited Use compliance

When you connect a Google account to Elric (Google Drive, Gmail, Google Calendar, Google Sheets), Elric requests only the OAuth scopes strictly required for the features you use.

Data retrieved through Google APIs is used exclusively to provide the features requested by the user. It may be indexed in your workspace Vault for RAG search and sent to the Google Gemini API only when executing an action you initiate.

Elric’s use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including its Limited Use requirements.

  • Elric never uses Google data for advertising.
  • Elric never sells Google data.
  • Elric does not transfer Google data to third parties except technical subprocessors required to provide the service.
  • No human reads your Google data except with explicit consent, for security reasons, to comply with law, or when data is anonymized and aggregated for maintenance.
  • Google data is not used to train general-purpose AI models.
  • Google Drive : drive.file — access only to files selected through Google Picker or created by the application.
  • Gmail : no scope requested since May 2026. Outgoing emails are sent through Resend.
  • Google Calendar : calendar and calendar.events — read upcoming events and create/update events at your request.
  • Google Sheets : drive.file — access only to sheets selected by you or created by the application.

Revoking access to your Google data.

  • Disconnect an integration from Elric: Settings → Integrations or via /connect.
  • Revoke access directly with Google: Google Account → Security → Third-party apps with account access.

Outgoing email via Resend (May 2026 →). All emails Elric sends on your behalf are sent from our transactional infrastructure, Resend, under the elric-ia.com domain.

  • The From header is explicit: "Elric (assistant of [Your Name]) <assistant@elric-ia.com>".
  • The Reply-To header is set to your email address.
  • Elric does not read your incoming emails.
  • Resend processes only emails you explicitly approve before sending.
  • No sent email is used for model training, advertising, or transferred to an unnecessary third party.

7. Retention period

  • Account data : kept while the account is active and deleted within 30 days after account deletion
  • Documents and conversations : kept while the workspace exists
  • Meeting recordings : videos deleted after 7 days by Recall.ai; transcripts and summaries are retained
  • Technical logs : 90 days maximum

8. Your rights (GDPR)

You have the following rights:

To exercise these rights: Settings → Data & privacy in the application, or by email.

Data export and deletion are available self-service in your account settings.

  • Right of access : obtain a copy of your data
  • Right to rectification : correct your data
  • Right to erasure : delete your account and all your data
  • Right to portability : export your data in JSON format
  • Right to object : object to certain processing activities
  • Right to restriction : restrict the processing of your data

9. Security

For more details, see our security page. Security

  • AES-256 encryption of OAuth credentials
  • Row-Level Security (RLS) on all database tables
  • HTTP security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options
  • Prompt-injection protection
  • Workspace-level rate limiting
  • SSRF protection on outbound webhooks

10. Cookies

Elric uses only technical cookies required for the service to operate:

No advertising or third-party tracking cookies are used.

  • Supabase authentication cookie : user session
  • CSRF cookie : OAuth callback protection

11. Changes

This policy may be updated. If a substantial change is made, you will be notified by email or through the application.

12. Contact

For any question about data protection:

Contact : jean@elric-ia.com
Accelerhate SAS — 31 Rue de la Rive, 44230 Saint-Sébastien-sur-Loire, France