Privacypolicy.

Contact information you give us — name, business name, email, phone, business address — when you submit our contact form, book a discovery call, or sign up as a client.

Payment information collected by our PCI-compliant payment processor (Square). Elmnt does not store full card numbers; we store a tokenized reference for billing purposes.

Client portal data — change requests, support tickets, messages, and uploaded documents — created by you while using your dashboard.

Standard server logs — IP address, browser type, timestamps — used for security and uptime monitoring.

To deliver the services you signed up for: hosting, support, change requests, billing, reporting, and communication.

To send transactional emails — booking confirmations, billing receipts, support replies, and announcements relevant to your account.

To improve our services. We do not sell your data, and we do not use it to train external AI systems.

Our infrastructure providers — Supabase (database and auth), Resend (email delivery), Square (payments), Google (calendar and meeting links). Each provider is bound by their own privacy and security commitments.

Authorized Elmnt staff who need access to support your account. Each staff member's access is scoped by role (Owner, Admin, Client Care, Sales Rep, Developer) and audited via our activity log.

Law enforcement, only if compelled by valid legal process and only the specific data demanded.

We use a single session cookie to keep you logged in to your dashboard.

We use privacy-first analytics (Plausible) on the marketing site. No personal identifiers, no cross-site tracking, no ad networks.

Access — you can see everything we hold on you from inside your client dashboard.

Correction — update your details any time from Settings.

Deletion — close your account and request a full data wipe by emailing Projects@elmnt.media. Some financial records are retained as required by law.

Port-out — your data, your code, your domain. We package and transfer it on request (see Terms § Port-Out).

All data is transmitted over HTTPS. Database encryption at rest is provided by Supabase. Backups run daily; storage is encrypted.

Staff access is role-based with full audit logging. We rotate access on personnel changes and review permissions quarterly.

Elmnt services are intended for businesses. We do not knowingly collect data from anyone under 16.

Material changes to this policy are announced via the client dashboard and email at least 30 days before they take effect.