01

Controller and scope

The controller for Elyno is the legal entity identified below. This policy applies to the Elyno applications, api.elyno.app, this website and related support services.

Legal entity
Elyno
Registered address
Privacy email
Application identifier
com.elyno.elyno

For account and service administration, Elyno acts as controller. When a business user uploads documents containing data about customers, suppliers or employees, that business may be the controller and Elyno processes the content to provide the requested service.

02

Categories of data

Elyno processes only the categories needed for account security, document workflows, AI assistance, synchronization and support.

CategoryExamplesMain useTypical retention

Business documents may incidentally contain personal, financial, tax or government identifier data. Users should upload only information relevant to their business workflow and must have authority to process it.

03

Purposes and legal bases

Provide the service

Account access, synchronization, document analysis, invoices, reports, bank matching and support are processed to perform the user agreement.

Security and improvement

Rate limiting, audit history, fraud prevention, troubleshooting and service reliability are based on legitimate interests, balanced against user rights.

Permission-based features

Camera, photo library, files, microphone and notifications are used only after the user chooses the feature or grants the operating-system permission.

Legal obligations

Limited information may be retained or disclosed where required by applicable law, a binding authority request, security obligations or the establishment of legal claims.

Elyno does not sell personal data, does not use it for cross-app advertising and does not currently include third-party advertising or behavioural analytics SDKs.

This public website uses browser localStorage only to remember the selected language. It does not set advertising cookies or store support and privacy form contents; submitting a form opens the user's email application.

04

Service providers and recipients

Data is shared only when needed for a selected feature, infrastructure operation, legal compliance or store distribution.

05

International transfers

Some providers may process data outside the user’s country or the EEA. Where required, Elyno relies on an adequacy decision, Standard Contractual Clauses or another lawful transfer mechanism and applies data-minimisation and access controls.

06

Retention and backups

  • Account and business recordsStored while the account is active and until the user deletes the item or account, unless a legal hold applies.
  • Sessions and security dataAccess tokens last up to 24 hours; refresh sessions last up to 90 days and can end earlier on logout, revocation or account deletion. Short-lived rate-limit records are removed after expiry.
  • Support correspondenceKept while the account or ticket is active and may be retained for up to 24 months after closure for continuity, security and legal claims, unless deletion is required sooner.
  • AI provider processingRequests are retained by the configured AI provider only under its API terms and enterprise controls; Elyno keeps resulting account records until they are cleared or deleted.
  • BackupsEncrypted or access-restricted backups, when enabled, may retain deleted data for up to 90 days before rotation. Backup data is isolated and used only for disaster recovery.

A business user remains responsible for any statutory retention period that applies to its accounting or tax records. Elyno does not preserve deleted records to satisfy that obligation unless legally required to do so.

07

Security

Elyno uses encrypted network transport, salted password hashing, protected mobile credentials, authenticated user-scoped file routes, private database access, encrypted server-side API secrets, rate limits and audit records. No system can guarantee absolute security, so users should protect their devices and account credentials.

08

Your privacy rights

Subject to applicable law, users may request access, correction, portability, deletion, restriction or objection, and may withdraw consent without affecting earlier lawful processing. Users may also complain to their competent data protection authority.

Open privacy request page
09

Account and data deletion

Users can delete their account in Profile → Delete account or request deletion on the Privacy page. After verification, Elyno removes the account, profile, documents, managed files, bank transactions, chat history, generated records and support data from active systems. Processor deletion is requested where necessary. Residual backup copies expire within the backup period. Data required by law, security or legal claims may be isolated and retained only for that purpose.

10

Device permissions

Camera and photo/file access let users upload documents; microphone access records voice input for transcription; notifications provide task reminders. Elyno does not access these sources continuously, and permissions can be revoked in device settings.

11

Children

Elyno is a business service and is not directed to children. Users must be legally able to enter the service agreement and should not upload children’s data unless it is lawful, necessary and appropriately protected.

12

Apple and Google disclosures

The App Store privacy details and Google Play Data safety answers must remain consistent with this policy, including third-party processing. Apple and Google separately process store account, download, device and payment information under their own privacy policies.

13

Changes to this policy

The effective date is updated when this policy changes. Material changes may also be announced in the app or by email where required. Earlier versions may be requested from the privacy contact.

14

Contact

Contact the controller for privacy questions or exercise your rights using the details below.

Legal entityElyno
Registered address
Privacy email
Support email