Elative Solutions OÜ is committed to protecting your privacy and ensuring the security of your personal information. By using the Sites, you acknowledge that you have read and accepted this Privacy Policy. If you do not agree, please discontinue using our Sites immediately.

1. Who We Are

Elative Solutions OÜ, a company registered in Estonia, acts as the Data Controller for personal data collected through our Sites. We are committed to compliance with GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), CPRA (California Privacy Rights Act), and PIPEDA (Personal Information Protection and Electronic Documents Act, Canada).

If you have any questions regarding your privacy, you may contact us at:

• Legal Entity: Elative Solutions OÜ
• Email: [email protected]
• Postal Address: Ahtri tn 12, Kesklinna linnaosa, Harju maakond, 10151 Tallinn, Estonia, EU

2. Data Collection and Processing

We collect personal data including but not limited to contact information, customer transaction details, user data, technical data, and marketing preferences. We gather this data through direct interactions (such as when you sign up, purchase, or contact support), automated tracking (cookies and analytics), third-party service integrations, and publicly available sources.

Under GDPR, we process data based on contractual necessity, legitimate interest, consent, and legal obligations. Personal data means any information capable of identifying an individual. It does not include anonymised data.

We may process the following categories of personal data:

Communication Data

Any communication you send to us through contact forms, email, text, social media messaging, or any other channel. We process this data to respond to enquiries, maintain records, and comply with legal obligations.

Customer Data

Details related to purchases including your name, billing address, delivery address, email address, phone number, and payment details. We process this to supply the goods and services you have purchased and to maintain transaction records.

User Data

Data about how you use our Sites including interactions with content, session history, and engagement levels. We process this to improve user experience and platform functionality.

Business Infrastructure Data

Where members use our platforms to manage their own coaching or consulting business, we may process data relating to their client contact records, funnel configurations, CRM settings, and automation sequences stored within the platform. This data is processed solely to provide the contracted service. Members retain full ownership of their own client data at all times.

Technical Data

IP addresses, login data, browser details, session lengths, device information, and analytics tracking. This helps us optimise our Sites and detect security threats.

Marketing Data

Preferences regarding marketing communications, promotions, and advertising.

Phone Numbers and AI Communications

If you provide your phone number, we may use it to send SMS messages, WhatsApp messages, or AI-generated outbound communications based on your stated preferences.

We do not collect sensitive personal data including race, ethnicity, religious beliefs, biometric data, or criminal records.

3. How We Collect Your Personal Data

We collect data in the following ways:

• Direct interactions: account registration, purchases, newsletter sign-ups, or contacting customer support
• Automated tracking: cookies, tracking pixels, and analytics tools when you interact with our Sites
• Third-party sources: if you connect third-party platforms such as Google or Facebook, we may receive relevant user data
• Publicly available sources: such as business directories or professional records

4. Use of Cookies and Tracking Technologies

Our Sites use cookies and other tracking technologies to enhance functionality, improve user experience, and support marketing and analytics. When you first visit, a cookie consent banner allows you to accept or reject non-essential cookies. You can also manage cookie preferences through your browser settings.

a. What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences, enhance your browsing experience, and improve functionality. Cookies may be first-party (set by our Sites) or third-party (set by advertising or analytics providers).

b. Types of Cookies We Use

• Essential Cookies: necessary for the operation of the Sites, enabling basic functions like page navigation, secure logins, and fraud prevention
• Performance Cookies: collect information about how visitors use our Sites to optimise performance and improve user experience
• Functional Cookies: allow our Sites to remember choices you make, such as language preferences or login details
• Marketing and Advertising Cookies: track your online activity to deliver targeted advertisements relevant to your interests

c. Third-Party Cookies

Some cookies on our Sites are placed by third-party service providers including Google Analytics, Facebook Pixel, and payment providers. These third parties may use cookies in accordance with their own privacy policies, which we recommend reviewing.

d. Managing Cookies

You may adjust your browser settings to block or delete cookies, opt out of third-party tracking through https://optout.aboutads.info, or use our cookie consent banner to manage non-essential cookie preferences. If you disable certain cookies, some parts of our Sites may not function correctly.

5. Marketing Communications and Consent

We only send marketing communications with your explicit consent. We use double opt-in for email subscriptions. You may opt out at any time by clicking the unsubscribe link in any email or contacting us at [email protected].

SMS Opt-In: by opting in, you agree to receive text messages from us. You may unsubscribe at any time by replying STOP. Opting out of marketing communications will not affect essential service-related communications.

6. Third-Party Advertising and Marketing

We use third-party advertising services including Meta (Facebook and Instagram Ads) and Google Ads to promote our products and services. These platforms may collect and process user data through technologies such as Facebook Pixel and Google Analytics.

If you prefer not to receive personalised advertising, you may opt out through:

• Google Ads Settings: https://adssettings.google.com
• Facebook Ad Preferences: https://www.facebook.com/settings/?tab=ads
• Your Online Choices (EU users): https://www.youronlinechoices.com
• Network Advertising Initiative Opt-Out: https://optout.networkadvertising.org

For California Residents: submit a CCPA Opt-Out Request to [email protected] with your full name and account email. We will process your request within 30 days.

7. GoHighLevel CRM — Third-Party Infrastructure

Elative Solutions OÜ uses GoHighLevel as the underlying CRM and technical infrastructure for CoachSuite Pro and Altitude Club. GoHighLevel is a third-party software-as-a-service platform that processes certain member and contact data on our behalf as a data processor.

Data processed within GoHighLevel infrastructure may include contact records, CRM entries, automation sequences, funnel configurations, email communications, and SMS messages. GoHighLevel operates servers in the United States. Data transfers from the EU to GoHighLevel are governed by Standard Contractual Clauses (SCCs) in compliance with GDPR and Schrems II requirements.

Members who store their own client data within the platform remain the data controller for that client data. Elative Solutions OÜ processes that data solely as a data processor acting on the member's instruction. Members are responsible for ensuring they have obtained appropriate consent from their own clients before uploading or storing client data within the platform.

8. Data Security and Retention

We implement industry-standard security measures including data encryption, controlled access, and routine security audits. We retain personal data for the following periods:

• Account and Transaction Data: 6 years for tax and legal compliance
• Marketing Data: retained until you unsubscribe or withdraw consent
• Analytics and Behavioural Data: 12 months unless removed earlier
• Inactive Accounts: deleted after 2 years of inactivity unless required for legal reasons
• Support and Enquiry Data: 12 months after last contact
• Security Logs: 6 months for security monitoring
• AI Logs: 6 months unless required for security or fraud prevention
• Email Logs: up to 2 years for legal compliance

9. International Data Transfers

We operate globally and your data may be transferred outside the European Economic Area (EEA) to countries including the United States, Canada, Australia, and the United Kingdom. We ensure data protection through Standard Contractual Clauses (SCCs) under GDPR, and where applicable, additional safeguards such as encryption, pseudonymisation, and access controls. We have Data Processing Agreements in place with key third-party service providers.

10. CCPA Notice for California Residents

California residents have the following rights under CCPA and CPRA:

• The right to know what personal data is collected
• The right to request deletion of collected personal data
• The right to opt out of data selling or sharing

We do not sell personal data. However, third-party analytics and advertising services may collect data as defined under CCPA. To exercise your rights, email [email protected] with the subject line CCPA Opt-Out Request. We will process your request within 30 days.

11. PIPEDA Notice for Canadian Residents

Under PIPEDA, Canadian residents have the following rights:

• The right to request access to their personal data
• The right to challenge the accuracy of collected information
• The right to file a complaint with the Office of the Privacy Commissioner of Canada

To exercise your rights under PIPEDA, contact us at [email protected].

12. SMS, WhatsApp, and AI-Generated Communications

We may use SMS, WhatsApp, and AI-generated outbound messages to provide service notifications, reminders, marketing promotions, and platform updates. By providing your phone number and opting in, you expressly consent to receive such messages. You may opt out at any time by replying STOP, updating your account preferences, or contacting [email protected].

WhatsApp messages may be processed by Meta Platforms, Inc. Data transfers are governed by Standard Contractual Clauses under GDPR. We do not sell or share your WhatsApp number with third-party advertisers. Compliance framework: GDPR (EU and UK), CCPA (California), TCPA (United States), CASL (Canada).

13. Use of AI and Automated Processing

We use Artificial Intelligence and automated technologies to enhance our services, including:

• AI-powered tools for customer support, enquiry handling, and service recommendations
• Automated SMS, email, and WhatsApp responses based on user queries
• The Altitude AI CoPilot, which uses aggregated and anonymised coaching business data drawn from platform usage to generate targeted business intelligence for members. Individual member data is not shared with other members.
• Personalisation and automated content recommendations based on platform activity

AI does not make decisions with significant legal or financial consequences unless explicitly stated. Under GDPR Article 22 and CCPA/CPRA, you have the right to be informed about AI-driven decisions, to request human intervention, and to object to AI-based profiling. To exercise these rights, contact [email protected].

14. Your Legal Rights

Under global data protection laws, you have the right to:

• Access your personal data
• Correct or update inaccurate data
• Request deletion of personal data
• Restrict or object to certain types of data processing
• Request data portability
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond to all legitimate requests within one month. There is no fee to exercise your rights unless a request is clearly unfounded, repetitive, or excessive. We may need to verify your identity before processing certain requests.

If you are not satisfied with how we handle your data, you have the right to complain to the Estonian Data Protection Inspectorate or your local EU supervisory authority at https://edps.europa.eu.

15. Third-Party Links

Our Sites may contain links to third-party websites, plug-ins, or applications. These third parties may collect personal data independently. We are not responsible for their data handling practices and encourage you to read their respective privacy policies.

16. Third-Party Data Sharing

We share personal data with trusted third-party service providers for payment processing, analytics, and marketing. These include:

• Google Analytics: website analytics
• Facebook Pixel: advertising analytics
• Stripe and other payment providers: payment processing
• Email marketing providers: email delivery and automation
• GoHighLevel: CRM and platform infrastructure for CoachSuite Pro and Altitude Club

We have Data Processing Agreements with these providers to ensure compliance with GDPR, CCPA, and PIPEDA. We do not sell personal data to third parties for advertising purposes.

17. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Updates will be reflected in the Effective Date at the top of this document. Continued use of our Sites after such modifications constitutes acceptance of the revised terms. We will make reasonable efforts to notify users of material changes via email or a notice on the relevant Site.