Trust Center
How ELEVO protects your business data. In plain language, without claiming audits we do not have.
Loosely framed to NIST CSF 2.0 (Identify · Protect · Detect · Respond · Recover) · Not a statement of certification.
You deserve direct answers. This page explains what we do to protect your business and what your agents can and cannot do with your account. If you need more detail, email team@elevo.dev.
Your data is isolated by row, not by promise
Every customer row in our database is gated by Postgres Row-Level Security (RLS). The policy that decides whether row X is visible to user Y runs inside the database itself — not in our application code. That means a bug in our app cannot let one customer see another customer's rows. RLS is on for every table that holds your data, and we run an automated check every day to make sure nothing slips through.
No agent spends money without your confirmation
When an agent reaches a step that costs money — buying an ad, sending an outbound email at scale, paying a service — it pauses and asks you. The same is true for irreversible actions like deletes or publishing to a public channel. The decision to allow the step lives with you, not the agent. We call this "confirm-before-act" and it is the default for every agent surface.
What each connector can and cannot do
When you connect an external account (Instagram, Facebook, X, LinkedIn, Threads, Google Business, Shopify, etc.), ELEVO only asks for the permissions it needs to do the job you asked for. Read-only connectors stay read-only — they cannot post, message, or change settings on the connected account. Posting connectors are scoped to the channels you authorised. You can see the live list of connectors and what each one is allowed to do from your Settings page.
Your data is never used to train AI models
Prompts and generated content are processed by the AI model providers we use, under agreements that prohibit them from training their models on your data. We do not sell, license, or share your data with third parties for advertising or model-training purposes.
Every agent action is logged
When an ELEVO agent runs, it leaves a record: which agent ran, on whose behalf, when, what it changed, and what it cost. You can see the full history of any agent run on your Agent View board, and the security team can audit drift the same way. We run automated checks for drift in our own access controls every day.
Revoke a connector or delete your data, any time
You can revoke a connected account from your Settings page; the connector's tokens are wiped from our database the same minute and the connector goes inert. You can delete your entire ELEVO account from the same page. We will purge your personal data within 30 days, except where law obliges us to keep an invoice trail (HMRC requires 7 years for invoices). The full process is in our Privacy Policy.
If something goes wrong, you hear from us
If we discover a security incident that affects your data, we will email you directly within 72 hours of confirming the incident. We will tell you what happened, what we did about it, and what — if anything — you should do. We are not perfect; we will tell you when we are not.
What we do not claim (yet)
ELEVO does not currently hold a SOC 2 Type II audit, ISO 27001 certification, or HIPAA attestation. We will not publish any of these badges until they are true. If your organisation requires them to onboard us, tell us at team@elevo.dev and we will discuss the timeline.
Security researcher or responsible disclosure: team@elevo.dev