Privacy Policy

Data controller and contact

Eliot lite SARL is the controller responsible for the processing described in this policy. If you have questions or want to exercise your rights, contact us at privacy@eliot-sarl.com or by mail at Eliot lite SARL, Privacy Office, CS 20015, 254 Rue de Vendôme, 69003 Lyon, France.

Information we collect

Depending on your relationship with us we may process the following categories of data:

• Account identifiers: names, business contact details, email addresses, and Supabase user IDs created when you register or are invited to the platform.
• Role information: assignment history for agents and SLH hosts, payout preferences, and audit logs that record when accounts are activated, suspended, or updated.
• Transactional records: sales, payouts, and commission adjustments submitted by finance or operations teams as part of marketplace participation.
• Support interactions: messages you send to our support or compliance teams, including follow-up notes that document the status of your request.
• Usage data: technical logs captured automatically when you access the platform (such as IP address, device details, browser type, time stamps, and error diagnostics). We use this data to monitor performance, detect suspicious activity, and improve security.

Why we use your data

We process personal data for the following purposes:

• to create and administer accounts for agents, SLH hosts, finance, and admin staff;
• to operate the marketplace, manage commissions, and calculate payouts;
• to secure access, monitor suspicious logins, and enforce role-based permissions;
• to respond to support requests and document regulatory obligations;
• to send essential service communications, policy updates, and incident notifications;
• to comply with legal obligations such as bookkeeping, tax reporting, and court orders.

Our legal bases include performance of a contract, compliance with legal obligations, and legitimate interests in maintaining a secure, reliable platform. We only rely on consent for optional communications that you can opt out of at any time.

Security and storage

Access to personal data is restricted by role-based permissions enforced through Supabase row-level security policies and server-side session validation. Sensitive credentials are encrypted and only decrypted when strictly necessary. We store data in the European Union and apply industry-standard safeguards such as TLS encryption in transit, hashed passwords, audit logging, and regular access reviews.

We retain data only for as long as necessary to deliver the service, meet contractual obligations, or comply with legal retention periods. When data is no longer required it is securely deleted or anonymised.

Sharing and international transfers

We do not sell personal data. We share information with trusted processors that help us run the platform (cloud hosting, analytics limited to operational metrics, customer support tooling). Each processor is bound by a data processing agreement and only receives the minimum data required. When data is transferred outside the European Union, we use safeguards such as the EU Standard Contractual Clauses or rely on adequacy decisions.

Your rights

You have the right to access, correct, delete, and restrict the processing of your personal data, as well as the right to data portability and to object to processing based on legitimate interests. If you gave consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Submit your request by emailing privacy@eliot-sarl.com. We will respond within one month and may request additional information to verify your identity before fulfilling sensitive requests.

Opt-out instructions

Updates to this policy

We may update this privacy policy to reflect changes in our services or legal obligations. Significant updates will be announced through the platform or by email. The revision date at the top of this page indicates the latest version.