ELIKSIR

Legal

Eliksir Privacy Policy

How Eliksir collects, uses, shares, and protects personal data when you use the website, application, and related services.

Last updated: 2026-05-30

This Privacy Policy explains how Eliksir collects, uses, shares, and protects personal data when you use the Eliksir website, application, and related services (together, the "Service").

Eliksir is operated by Alberto Olias Ibor ("Eliksir", "we", "us", or "our"). For data protection purposes, this operator is the controller of your personal data unless this Policy says otherwise.

1. Scope

This Privacy Policy applies to personal data we process when you:

  • Visit the Service’s website(s)
  • Create an account or use the Service;
  • Upload content, create projects, or generate outputs
  • Make purchases, manage billing, or contact support
  • Otherwise interact with us in connection with the Service

This Policy does not apply to third-party websites, services, or platforms that we do not control, even if they are linked from the Service.

2. Categories of personal data we collect

Depending on how you use the Service, we may collect the following categories of personal data.

2.1 Account and identity data

This may include:

  • name or display name;
  • email address;
  • authentication identifiers;
  • account IDs generated by our authentication provider;
  • profile details you choose to provide; and
  • organization or billing identity details if you use the Service for a business.

2.2 Project and content data

This may include:

  • project names and metadata;
  • uploaded tracks, audio files, lyrics, images, prompts, scripts, treatments, and creative instructions;
  • track-analysis data and project workflow state;
  • generated storyboards, images, videos, and related output files; and
  • messages you exchange with the Service, including AI-assisted creative conversations.

2.3 Billing and transaction data

This may include:

  • subscription status;
  • plan selection;
  • credits balance and ledger activity;
  • purchase history;
  • billing portal activity;
  • payment-related customer IDs, invoice references, and transaction metadata from our payment provider; and
  • limited payment-status information needed to reconcile purchases and refunds.

We do not intentionally store full payment card numbers in our systems. Payment-card processing is handled by our payment processor.

2.4 Technical and usage data

This may include:

  • IP address;
  • browser, device, and operating-system information;
  • log files and request metadata;
  • timestamps and event records;
  • error, performance, and diagnostic information; and
  • security and abuse-prevention signals.

2.5 Support and communications data

This may include:

  • messages you send to support or legal/privacy contacts;
  • survey or feedback submissions;
  • account or billing questions;
  • bug reports; and
  • any attachments or information you choose to provide in those communications.

3. Sources of personal data

We collect personal data from several sources:

  • directly from you, when you create an account, upload content, make purchases, contact us, or otherwise use the Service;
  • automatically, when you access the website or app;
  • from service providers, such as authentication and payment providers; and
  • from generation or infrastructure partners, where needed to provide outputs, detect abuse, or confirm service events.

4. How we use personal data

We use personal data for the following purposes.

4.1 To provide and operate the Service

For example, to:

  • create and manage accounts;
  • authenticate users;
  • host projects, uploads, and outputs;
  • analyze uploaded tracks;
  • generate storyboards and videos;
  • deliver outputs and enable playback or download;
  • process subscriptions, top-ups, and billing events; and
  • maintain project and account state.

4.2 To secure the Service and prevent abuse

For example, to:

  • monitor misuse, fraud, and unauthorized access;
  • enforce entitlement, payment, and usage rules;
  • investigate suspected policy violations;
  • maintain logs and audit records; and
  • protect users, service providers, and the public.

4.3 To support, troubleshoot, and improve the Service

For example, to:

  • diagnose bugs, outages, and performance issues;
  • respond to support requests;
  • review failed or blocked generations;
  • improve reliability, workflow clarity, and safety controls; and
  • develop, test, and refine product features.

4.4 To comply with legal obligations

For example, to:

  • comply with accounting, tax, and recordkeeping obligations;
  • respond to lawful requests from public authorities;
  • enforce our agreements; and
  • establish, exercise, or defend legal claims.

5. Legal bases for processing

If the GDPR, UK GDPR, or similar EEA/UK data protection law applies, we generally rely on one or more of the following legal bases:

  • Contract — where processing is necessary to provide the Service, manage your account, process purchases, deliver outputs, or otherwise perform our agreement with you.
  • Legitimate interests — where processing is necessary for service security, abuse prevention, fraud detection, diagnostics, support, service improvement, internal administration, or protection of our legal and business interests, provided those interests are not overridden by your rights.
  • Legal obligation — where processing is necessary to comply with tax, accounting, legal-process, regulatory, or law-enforcement obligations.
  • Consent — where we specifically ask for consent and rely on it under applicable law.

6. How we share personal data

We do not sell your personal data.

We may share personal data in the following circumstances.

6.1 Service providers and processors

We may share personal data with providers that help us operate the Service, such as providers for:

  • authentication and identity management (for example, Clerk);
  • billing and payment processing (for example, Stripe);
  • hosting, infrastructure, storage, database, and content delivery services;
  • AI or model services used to power creative assistance, storyboard generation, or video generation (for example, OpenAI and the video/model providers we use from time to time);
  • customer support or communications tooling, if used; and
  • security, monitoring, or incident-response tooling, if used.

These providers may process personal data on our behalf or, in some cases, as independent controllers for their own services.

6.2 AI and generation providers

To provide the Service, we may send relevant portions of your project content, prompts, scripts, creative instructions, and related metadata to third-party AI or model providers involved in creative assistance or content generation.

The exact provider used may vary over time based on product configuration, quality, cost, availability, or operational decisions.

6.3 Legal and compliance reasons

We may disclose personal data where reasonably necessary to:

  • comply with law, regulation, court order, or lawful request;
  • enforce our Terms or other agreements;
  • detect, investigate, or prevent fraud, abuse, or security incidents; or
  • protect the rights, property, or safety of Eliksir, our users, service providers, or others.

6.4 Business transfers

If we are involved in a merger, acquisition, financing, sale of assets, or similar transaction, personal data may be disclosed as part of that process, subject to appropriate confidentiality measures.

7. International data transfers

Our service providers and infrastructure may be located in countries outside your country of residence, including outside the EEA/UK.

Where required by law, we will rely on an appropriate transfer mechanism for such transfers, such as adequacy decisions, standard contractual clauses, or another lawful basis.

8. Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, maintain security, resolve disputes, enforce agreements, and comply with legal obligations.

Retention periods depend on the type of data and how the Service is used. For example:

  • account information is typically retained while your account remains active and for a reasonable period afterward;
  • project data, uploaded files, and generated outputs may be retained while needed to operate the Service, preserve project functionality, honor your requests, or support backups and recovery;
  • billing, invoice, and transaction records may be retained as required for accounting, tax, and audit purposes;
  • logs and diagnostic records may be retained for security, fraud prevention, abuse investigation, and service reliability; and
  • backup copies may persist for a limited additional period before being overwritten or deleted.

Deleting a project or account may not immediately remove all associated data from active systems, logs, or backups.

9. Your rights

Depending on where you live, you may have rights regarding your personal data, including the right to:

  • access personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of personal data;
  • request restriction of processing;
  • object to certain processing;
  • request portability of certain personal data; and
  • lodge a complaint with a supervisory authority.

These rights are not absolute, and we may refuse or limit a request where permitted by law, including where data is needed for legal compliance, security, fraud prevention, dispute resolution, or exercise of legal claims.

To exercise privacy rights, contact privacy@eliksir.ai.

10. Security

We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

However, no internet or storage system is completely secure, and we cannot guarantee absolute security.

11. Cookies and similar technologies

The website and app may use cookies or similar technologies that are necessary for:

  • authentication;
  • session management;
  • security;
  • fraud prevention; and
  • basic site or service functionality.

Some of these technologies may be set by our authentication or infrastructure providers.

We do not currently describe any separate behavioral advertising program in this Policy. If we later introduce non-essential analytics, advertising, or tracking technologies that require additional notice or consent under applicable law, we will update this Policy and, where required, provide an appropriate notice or consent mechanism.

12. Children

The Service is NOT intended for children who are not legally able to use it under applicable law. We do not knowingly collect personal data from children in violation of applicable law.

If you believe a child has provided personal data to us unlawfully, contact privacy@eliksir.ai.

13. Third-party services

The Service may link to or integrate with third-party websites, services, or platforms. Their privacy practices are governed by their own policies, not this Privacy Policy.

We encourage you to review the privacy policies of any third-party services you interact with in connection with Eliksir.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice by posting the updated version on the website or in the Service, or by other reasonable means.

The updated version becomes effective when posted or on the effective date stated in it.

15. Contact

For privacy questions or requests, contact: privacy@eliksir.ai For general support, contact: support@eliksir.ai