Privacy

Privacy notice for website visitors.

Last updated 27 May 2026. This page covers data we collect from visitors to eltrus.ai. If you are an Eltrus client, your end-customers' Personal Data is governed separately by the Data Processing Agreement bundled with your MSA. The trust page summarises that separately.

Who we are

Eltrus Limited is the data controller for this website. Irish private company limited by shares, CRO number 795239. Registered office: Cillcuaigh, Lakeview Hill, Barnacranny, Bushypark, Galway, Ireland, H91 C9NK.

For privacy questions or requests, email hello@eltrus.ai.

What we collect

If you fill out the contact form, we collect your brand name, your name, your email address, the link you provide, and whatever you write in the message field.

If you email us directly, we keep the email, your email address, and any attachments you send.

If we contact your brand first, we may hold basic business contact details collected from public sources (your storefront, public press, public LinkedIn or social profile, Apollo.io B2B database). This may include brand name, website, public role and email, and a short note on why we thought the brand might be a fit.

The site processes basic technical data through Cloudflare hosting: IP address, browser type, device information, pages visited, timestamps, form-submission metadata, and security logs.

Why we use it

To reply to enquiries, schedule audit calls, follow up on relevant prospects, keep the site secure, maintain business records, and deliver contracted work if you become a client.

Lawful bases: taking steps before entering a contract, performing a contract, legitimate interests, consent where we ask for it, and legal obligations where accounting, tax, company, or dispute records have to be kept.

Our legitimate interests are running a small AI customer-ops services business, replying to people who contact us, keeping the site secure, maintaining business records, and making proportionate business-to-business contact with brands that appear relevant. You can object to direct marketing at any time by emailing hello@eltrus.ai.

We do not add you to a mailing list without permission. We do not sell or rent contact data.

Who else receives it

We use a small number of service providers to run the website and receive enquiries. The Part B "operations vendors" list on the trust page is the canonical list. The ones that touch website-visitor Personal Data are:

  • Cloudflare, Inc. (USA + EU edge POPs) for hosting, edge security, DNS, and the Worker that processes the contact form. EU-US Data Privacy Framework certified.
  • Resend (USA) for delivering contact form submissions to our inbox. Email content + sender metadata only.
  • Google Fonts for font delivery (IP address, basic browser metadata).
  • Apollo.io, Inc. (USA, DPF-certified) for public B2B contact data on prospective clients (no end-customer data).
  • Cal.com, Inc. (USA + EU edge, DPF-certified) for calendar booking, where used.

For US-based providers we rely on the EU-US Data Privacy Framework, supplemented by Standard Contractual Clauses (SCC Module 1 controller-to-controller, or Module 2 where the provider is a processor) where prudent.

We may disclose information if required by law, tax, accounting, company-record, security, or dispute-resolution obligations.

How long we keep it

If you contact us but do not become a client, we normally delete form submissions and supporting emails after 12 months, unless we need to keep a shorter or longer record for a legal, accounting, security, or dispute-related reason.

If you become a client, we keep project and billing records for the life of the engagement and for a reasonable period afterwards, typically up to seven years for tax, accounting, and contractual reasons.

Prospecting notes about brands we decide not to contact, or that ask not to be contacted, are kept only as long as needed to manage outreach and suppression lists.

Your rights

Under GDPR you can ask us to confirm what personal data we hold about you, send you a copy, correct it, delete it, restrict how it is used, object to certain uses, or receive it in a portable format where that right applies. If we rely on consent, you can withdraw that consent at any time.

Providing form details is not a statutory requirement, but if you do not provide enough information we may not be able to reply.

This website itself does not use automated decision-making or profiling that produces legal or similarly significant effects. (Our paid service does deploy AI on a Client's helpdesk; that processing is governed by the DPA between Eltrus and the Client, with Article 22 thresholds set out in the AI Governance Schedule.)

Email hello@eltrus.ai and we will respond within one month unless GDPR allows a longer period for a complex request.

If you are unhappy with how we have handled your data, you can complain to the Irish Data Protection Commission at dataprotection.ie.

Cookies and analytics

At the moment this site does not use advertising cookies or tracking pixels. Cloudflare may process basic technical data for hosting, security, and cookieless analytics. If we later add analytics or marketing tools that store or read information on your device and are not strictly necessary, we will ask for consent where required.

Client end-customer data

If you engage Eltrus to deploy AI on your customer support inbox, the data flowing through that engagement (your customers' tickets, names, emails, etc.) is governed by the GDPR Article 28 Data Processing Agreement bundled with your MSA, not by this notice. The DPA covers documented instructions, sub-processors (Anthropic, OpenAI, Cloudflare, 1Password), international transfers (DPF + SCC Module 3), 24-hour breach notification, deletion on termination, and audit rights. Summary on the trust page; full text on request.

Changes to this notice

We update this notice when our practices change. The "last updated" date at the top reflects the most recent material change. Past versions are kept on request.