Legal

Privacy Policy

Last updated: May 2026

The short version

You own your data. We do not sell it. We do not train AI on it. We collect what we need to run the platform, store it on AWS in regions you choose, and let you export or delete it any time. Full GDPR and CCPA rights apply.

1. Who we are

ElasticFunnels (EF, we, us) is operated by Elastic Funnels, LLC, a Delaware company. We provide a SaaS platform for building, testing, and scaling online sales funnels. A Delaware C-Corp parent with a Romanian operating subsidiary is in progress; this Privacy Policy will be updated when that conversion completes.

2. What data we collect

We collect the following categories:

  • Account data. Name, email, password (hashed with bcrypt), company name, role, billing information.
  • Usage data. Pages, funnels, contacts, orders, automations, and other content you create or upload.
  • Customer data. The contact and order records you bring into your CRM through forms, integrations, or import.
  • Technical data. IP address, user agent, request logs, error logs, performance metrics. Used for security, debugging, and operations.
  • Cookies. Session cookies for authentication. Optional analytics cookies for aggregate usage stats. We do not place third-party advertising cookies on this marketing site.

3. How we use it

To run the Service: authenticate you, render pages and funnels, process payments, send notifications, and provide support.

To improve the Service: aggregate usage analytics, error monitoring, performance metrics. Always anonymized or aggregated.

To meet legal obligations: tax reporting, fraud prevention, lawful requests from regulators.

4. AI and your data

AI features in EF run on credits included with your plan and are processed through third-party AI providers selected by EF under standard zero-retention agreements. EF does not retain prompts or outputs beyond what is needed to operate the feature, and EF never trains any model on your data.

You can disable AI features per-user from the workspace settings.

5. Sub-processors

We use the following sub-processors to run the Service:

VendorPurposeRegion
Amazon Web Services (AWS)Hosting, compute, databases, storageUS-East / EU-West (configurable)
BunnyCDNStatic asset CDNGlobal edge
StripeSubscription billing for EF (your customers are processed via the gateway you configure)US
Postmark / SendGridTransactional email (account, billing notifications)US
TwilioSMS for 2FA and call-center features (optional)US

A current list with addresses and DPAs is available on request. We notify customers in advance of new sub-processors.

6. Sharing

We do not sell your data. We share data only with sub-processors above, and only as needed to run the Service. We may share data when legally required (subpoena, lawful regulator request) and we will notify you unless legally prohibited.

7. Retention

Account data: while your account is active, plus 30 days after closure for data export. Then deleted from production.

Backups: encrypted backups retained 90 days for disaster recovery. Then overwritten.

Logs: 90 days for security and debugging.

Tax and billing records: 7 years for compliance.

8. Security

TLS 1.2+ for all traffic. AES-256 at rest for databases and backups. Role-based access control with audit logs. SSO and 2FA available. Annual penetration test. Vulnerability disclosure program at [email protected].

If a breach affects your data, we notify you within 72 hours per GDPR Article 33 expectations.

9. Your GDPR rights (EU/EEA, UK, Switzerland)

Under GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data ("right to erasure").
  • Restrict or object to processing.
  • Data portability (export in machine-readable format).
  • Withdraw consent for any processing based on consent.
  • Lodge a complaint with your supervisory authority.

To exercise any of these rights, email [email protected]. We respond within 30 days.

Legal basis: contract (running the Service for you), legitimate interest (security, anti-fraud, product improvement), consent (optional cookies and marketing emails).

10. Your CCPA / CPRA rights (California)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, or share.
  • Delete personal information we collect from you.
  • Correct inaccurate personal information.
  • Opt out of the sale of personal information (we do not sell, but the right is yours regardless).
  • Limit use of sensitive personal information.
  • Non-discrimination for exercising any of these rights.

To exercise any right, email [email protected] with the subject "CCPA request."

11. Children

The Service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have, email us and we will delete it.

12. International data transfers

If you are in the EU/EEA, UK, or Switzerland and we transfer your data to the US, we use Standard Contractual Clauses approved by the European Commission. EU customers can choose AWS EU-West hosting from workspace settings to keep data in the EU.

13. Changes

We may update this policy. For material changes, we email you and post a banner on the dashboard at least 30 days in advance.

14. Contact

Privacy questions: [email protected]. Security disclosures: [email protected]. EU representative on request.

Questions? Email [email protected].

Pages, checkout, CRM, attribution, and call center on one data layer. Built for affiliates, vendors, agencies, and ecommerce brands who run paid traffic.

Platform

Features Split Testing AI Page Builder Custom Checkouts CRM & Automations Analytics Templates Integrations

Solutions

For Affiliates For Vendors For Agencies For Ecommerce For SaaS Course Creators Enterprise

Company

About Us Pricing Blog Changelog Contact Book a Demo

Resources

Documentation Template Library vs ClickFunnels Privacy Policy Terms of Service Refund Policy

© 2026 ElasticFunnels. All rights reserved.

[email protected]