This Privacy Notice explains how we collect, use and protect your personal data when you visit our website or interact with our demo and sales process.
1. Who we are
Controller: Clear & Young Ltd, trading as Elevate Labs AI (“we”, “us”). We are the controller of your personal data when you use our Site or interact with us about the Agency OS Portal Kit.
If you have any questions about this Notice or how we handle your data, you can contact us at: hello@elevatelabsai.com
2. Data we collect
We may collect and process the following categories of personal data:
Contact data – name, work email address, agency / studio name, role.
Business context – rough client count, team size, current tools and workflows (when you choose to share this in forms or calls).
Communication data – emails and messages about demos, support and sales.
Technical data – IP address, browser type, device information, time zone, basic usage logs and analytics data.
Transaction data – purchase records and payment confirmations. Card details are handled by our payment processor (for example Stripe); we do not store full card numbers.
3. How we use your data
We use your data to:
Send you the 3-minute demo and resources you request.
Provide access to the Agency OS Portal Kit and related services after purchase.
Communicate about onboarding steps, implementation guidance and important product updates.
Reply to your questions and support requests.
Send occasional newsletters or offers, where you’ve opted in or where permitted under applicable law.
Monitor and improve the Site and our marketing using aggregated analytics.
4. Legal bases for processing
Under UK GDPR and EU GDPR, we rely on the following legal bases:
Performance of a contract – for processing needed to send you the demo you requested, deliver the Portal Kit, onboard you as a customer and provide support.
Legitimate interests – for maintaining and improving the Site, preventing abuse, running basic analytics and limited B2B marketing that you would reasonably expect.
Consent – for sending newsletters or other marketing emails where required by law, and for certain cookies or tracking technologies where consent is needed.
Legal obligations – for retaining records necessary to comply with tax, accounting and regulatory requirements.
We do not routinely store or process any personal data belonging to your own clients inside our systems. When you deploy the Portal Kit, your end-client data lives in your own Airtable, Softr or other tools under your control.
5. Sharing your data
We only share your personal data where necessary for our operations, or where we have a legal basis to do so. Typical recipients include:
Service providers and processors who help us operate the Site or deliver the Portal Kit – for example Airtable, Softr, Stripe, Make/Zapier, Google (Analytics), Rebrandly (redirect links), and email service providers.
Professional advisers including accountants, lawyers or insurers where necessary.
Regulators or authorities where legally required.
We do not sell your personal data and we do not share it with third parties for their own marketing purposes.
6. International transfers
Some of our service providers are based outside the UK or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent legal mechanisms.
7. Data retention
We keep personal data only for as long as necessary for the purposes set out in this Notice, or as required by applicable law. Typical retention periods include:
Client and billing records: up to 7 years for tax and accounting purposes.
Demo requests and sales enquiries: up to 24 months unless you request deletion earlier.
Support communications: up to 24 months.
Analytics data: varies depending on the provider’s configuration.
8. Your rights
Under UK GDPR and EU GDPR, you have the following rights:
Access your personal data;
Correct inaccurate data;
Request deletion (in certain circumstances);
Request restriction of processing;
Object to processing based on legitimate interests;
Withdraw consent where processing is based on consent;