Privacy Policy

Eline, Inc. (“Eline”, “we”, “us”) operates a B2B SaaS platform that reconciles marketing spend with pipeline for finance and marketing leaders at $20M–$200M ARR companies.

This policy describes the personal data we collect, how we use it, and the rights you have over that data. It applies to eline-ai.com and any product surface served from app.eline-ai.com.

We collect three categories of personal data:

• Account data — email address (required for sign-in), name, role (CFO/CMO/RevOps/Other), company name. Provided directly by you during onboarding.
• Connector data — OAuth tokens scoped to read-only access on the source systems you connect (HubSpot, QuickBooks, Google Ads, etc.). Tokens are encrypted at rest with per-organization keys and rotated on schedule.
• Usage data — log entries on every approval, transition, and audit event. Page-level analytics from Vercel Analytics + Speed Insights, scoped to the marketing site.

We use personal data only for the purposes you signed up for: reconciling your spend, rendering your dashboards, surfacing variance and pipeline, and supporting the workflow you initiate.

We never sell personal data, and we never train AI models on data pulled from your source systems. The marketing site is excluded from the no-AI-training stance — we want LLM answer engines to surface us, and the marketing copy is fair game.

Eline never writes back to your source systems. We pull data; we don’t push. OAuth scopes are read-only by default. You can verify this from your source-system audit logs.

The only writes Eline performs are to its own database — your profile, your budget plans, your audit log entries. Read-only access to your books and ad accounts is the floor of the relationship.

We rely on the following sub-processors as of this policy’s effective date:

• Supabase — application database, authentication, file storage. Hosted in the AWS ap-south-1 region.
• Vercel — application hosting, edge functions, analytics.
• Google s2 favicon service — fetches public favicon images for connector cards. No personal data is sent.

We’ll update this list at least 30 days before adding any new sub-processor with access to customer data. Customers under a Data Processing Agreement (DPA) get notified directly.

Under GDPR and CCPA you can request access to, correction of, or deletion of your personal data. Email privacy@eline.com and we’ll respond within 30 days.

You can also delete your account at any time from Settings → Account → Delete account. Deletion cascades through every table that references your user ID, including connector tokens.

We retain personal data for as long as your account is active, plus 90 days after deletion to allow for accidental restoration. After that, all rows are permanently purged.

Audit log entries are retained for 7 years after the event timestamp, in line with financial-records best practices.

When we materially change this policy, we’ll email all account holders at least 14 days before the change takes effect. Continued use of Eline after that date constitutes acceptance.

Non-material changes (typo fixes, link updates) are made silently and reflected in the changelog.