Privacy Policy
Effective Date: September 12, 2025
Who We Are. Elevation Advisor (“Elevation Advisor,” “we,” “us,” “our”) provides business software for landscape construction and related trades. This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with our websites and Services (collectively, the “Sites/Services”).
1) Scope
This Policy applies to personal information we process about website visitors, prospects, customers, and their users. It does not apply to third‑party websites or services that we do not control. Where we process personal information as a processor on behalf of a business customer (e.g., Customer Content inside your account), our processing is governed by our Data Processing Addendum (DPA) with that customer.
2) Categories of Personal Information We Collect
- Identifiers & Contact Data (name, email, phone, business address, device identifiers, IP address).
- Account & Commercial Data (login credentials, subscription plan, transaction history).
- Usage & Device Data (app and page interactions, browser/device type, referral URLs, crash logs, diagnostics, cookies/SDKs).
- Support & Communications (support tickets, call/chat recordings where permitted by law).
- Payment Data (tokenized payment instrument details processed by our PCI‑compliant payment processor; we do not store full card numbers).
- Job/Project Data (business records you upload to operate your account).
3) Sources
We collect information directly from you, automatically from your device (cookies/SDKs), from your employer or account owner, and from service providers (e.g., payment, analytics, communications).
4) How We Use Personal Information
- Provide, secure, and troubleshoot the Services
- Set up and manage accounts and billing
- Analyze usage and improve features
- Communicate service notices and respond to inquiries
- Send marketing communications with your consent (or where permitted by law), with opt‑out options
- Detect, investigate, and prevent security, fraud, or abuse
- Comply with law and enforce our Terms
5) Cookies and Tracking; Your Choices
We use cookies/SDKs for authentication, preferences, analytics, and (if enabled) marketing. You can manage cookies in your browser or via our consent tool. If we use cross‑context behavioral advertising, we will provide a “Do Not Sell or Share My Personal Information” link and honor Global Privacy Control (GPC) signals where required.
6) Disclosures of Personal Information
We share personal information with:
- Service Providers/Processors (hosting, payment processing, analytics, communications, customer support) under contracts restricting use to our instructions.
- Business Partners or Integrations you enable.
- Legal/Compliance recipients (to comply with law or protect rights/safety).
- Corporate Transactions (merger, acquisition, reorganization), subject to this Policy’s protections.
We do not sell personal information and do not share it for cross‑context behavioral advertising unless we state otherwise in the cookie banner and provide opt‑outs.
7) Data Retention
We retain personal information as long as necessary for the purposes above, to comply with legal obligations, and to resolve disputes. We apply documented retention periods and delete or de‑identify data when no longer needed.
8) Security
We maintain administrative, technical, and physical safeguards designed to protect personal information (e.g., encryption in transit, access controls, logging, vulnerability management). No system is perfectly secure; you are responsible for maintaining the security of your account and credentials.
9) Children’s Privacy
Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child provided us information, contact us and we will take appropriate steps.
10) State Privacy Rights (U.S.)
Depending on where you live (e.g., California and certain other states), you may have rights to know/access, correct, delete, opt‑out of sale/sharing, and limit use of sensitive personal information. We will verify your request and respond within the timeframe required by law. Authorized agents may submit requests with valid proof of authority. To exercise rights, email [email protected] or use the links we provide on the Sites.
11) California Notice (CCPA/CPRA)
We provide a California Notice describing categories, purposes, sources, and disclosures, along with instructions to exercise CPRA rights and opt‑outs (including GPC). We do not sell or share personal information for cross‑context behavioral advertising unless disclosed via our banner and preference center.
12) Washington Notice
We do not intend to collect or process “consumer health data” under Washington’s My Health My Data Act and request that customers do not input such data into the Services. If your use case involves consumer health data, contact us to arrange additional terms and controls.
13) International Users; GDPR
If we offer the Services to individuals in the EU/EEA/UK, we will identify a legal basis for processing (e.g., contract necessity, legitimate interests, consent), honor GDPR rights (access, rectification, erasure, restriction, portability, objection), and use appropriate transfer safeguards (e.g., SCCs). EU/UK residents can contact us at [email protected] to exercise rights.
14) Data Processor Commitments (for Customers)
Where we act as processor for Customer Content, we:
- Process only on documented instructions;
- Impose confidentiality, security, and subprocessor obligations;
- Assist with data subject requests and incident notices;
- Offer a DPA with standard contractual clauses where applicable;
- Provide a list of subprocessors upon request.
15) Changes to this Policy
We may update this Policy; we will post the updated version with an effective date, and notify you of material changes where required.
16) Contact
Questions or requests: [email protected]