Privacy Policy for Elara

Elara Tech Ltd is the data controller responsible for determining the purposes and means of processing your personal data under GDPR.

Effective Date: 9/9/2025

Elara is a mobile application developed and operated by Elara Tech Ltd ("we," "us," or "our") that helps agencies manage events, staff scheduling, shift attendance, and invoicing. We are committed to protecting the privacy and security of your personal data. This Privacy Policy describes the information we collect, how we use and protect it, your rights in relation to it, and our compliance with the General Data Protection Regulation (GDPR).

This policy has been drafted in accordance with industry best practices and legal standards, including guidance from the UK Information Commissioner's Office (ICO) and the European Data Protection Board (EDPB).

1. Information We Collect

  • Personal Identifiable Information (PII): Name, email address, phone number, profile picture, and agency association.
  • Authentication Data: Your Clerk ID and login credentials (secured and encrypted).
  • Event & Work Participation: Events and campaigns you join, shifts attended, roles, and submitted invoices.
  • Device & Usage Data: Device model, operating system, IP address, and app usage logs.
  • Location Data: If enabled, we may collect approximate location data to support features like event check-in.

All data is collected with a clear legal basis and only to the extent necessary to deliver our services securely and efficiently. We do not use cookies or similar tracking technologies in the Elara mobile app.

2. How We Use Your Information

  • Facilitate event and shift scheduling and management
  • Enable communication between staff and agency managers
  • Process and track invoice submissions
  • Improve, personalize, and secure our services
  • Send important updates and push notifications
  • Monitor app performance and detect abuse

We ensure that all data usage aligns with the principles of purpose limitation, data minimization, and accuracy.

3. Legal Basis for Processing (GDPR Article 6)

  • Contractual necessity: To fulfill our contract with you or your agency
  • Legitimate interests: To improve services, ensure security, and support operational efficiency
  • Consent: For optional features (e.g., push notifications, location data) where you have given explicit consent
  • Legal obligation: To comply with applicable laws

You may withdraw your consent at any time where consent is the legal basis for processing. We do not rely on consent where another legal basis is more appropriate.

4. How We Share Your Information

Your personal data is shared in full with the agency you are affiliated with. This includes your profile information, event participation, submitted invoices, and any related communication. Agencies rely on this information to fulfill their contractual, operational, and legal obligations. While Elara Tech Ltd facilitates this data sharing, your rights under GDPR remain applicable to the extent permitted by law and contractual necessity. Specifically, requests for erasure or objection will not apply to core operational data required for agency functioning and legal compliance.

We may share your data with:

  • Your agency managers: To coordinate work schedules, invoice review, and team visibility
  • Third-party service providers: Such as Clerk (authentication), Render (hosting), and Neon (database)
  • Legal or regulatory authorities: When required to comply with legal obligations

We never sell your personal data to third parties. We use the following processors to help deliver our services securely and efficiently:

  • Clerk – User authentication and identity management
  • Render – Backend infrastructure and server hosting
  • Neon – Cloud PostgreSQL database management and storage

All third-party processors are governed by strict contractual terms in compliance with GDPR Article 28 and data processing agreements (DPAs).

5. International Data Transfers

If your personal data is transferred outside of the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or a valid adequacy decision by the European Commission. All transfers are assessed for risk and necessity.

6. Data Retention

We retain your personal data for as long as your account remains active, or as needed to:

  • Fulfill our contractual obligations
  • Comply with legal obligations
  • Maintain system backups and business analytics

We regularly review data retention periods and securely delete or anonymize data when no longer required. A detailed retention schedule is available upon request.

7. Your Rights Under GDPR

  • Right of access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data (“right to be forgotten”)
  • Right to restrict processing: You may ask us to temporarily stop non-essential processing of your data—such as analytics or optional features (e.g., push notifications, location tracking)—while a dispute or correction request is under review. Core operational data (including your event participation, shift attendance, and submitted invoices) will continue to be processed and accessible to your agency and Elara Tech Ltd because it is required for contractual performance, payroll, and legal compliance.
  • Right to data portability: Receive your data in a structured, commonly used format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Where processing is based on consent
  • Right to lodge a complaint: You may file a complaint with your local data protection authority in the EU or UK

To exercise your rights, contact us at [Insert Support Email]. We respond to all requests within 30 days in accordance with GDPR requirements.

8. Security

We do not use cookies or any browser-based tracking technologies in the Elara mobile application.

We take appropriate technical and organizational measures to secure your data, including:

  • Secure HTTPS connections
  • Role-based access control
  • Encrypted storage of authentication credentials
  • Regular vulnerability scans and security audits
  • Access logging and monitoring for suspicious behavior

Our systems and infrastructure are designed with privacy by design and by default.

9. Children’s Privacy

Elara is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under this age. If we become aware of such data, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If material changes are made, we will notify users via the app or email. We encourage you to review this policy periodically to stay informed about how we are protecting your information. Previous versions of this Privacy Policy are available upon request.

11. Automated Decision-Making

We do not use automated decision-making or profiling within the Elara application.

12. Contact Us

If you have questions or concerns about this Privacy Policy or how your data is handled, or to exercise your rights under GDPR, please contact:

Elara Tech Ltd
71-75, Shelton Street, Covent Garden, London, WC2H 9JQ
Email: support@elara-technology.com

You may also lodge a complaint with your local data protection authority in the EU or UK.