Legal / Privacy

Privacy Policy

ELION SYSTEMS LTD

Company Number: 517350260

Tel Aviv, Israel

Last Updated: 21 June 2026

Important Notice. This Privacy Policy is not a generic website privacy policy. It is an enterprise-grade legal document governing the privacy and data handling practices of ELION SYSTEMS LTD in connection with its website, platform, AI-powered business communication services, front-office automation solutions, and related operations.

Your Privacy Rights at a Glance

Convenience Summary Only. This summary is provided for ease of reference only and does not modify, limit, or replace the full Privacy Policy below.

  • B2B Platform ELION is primarily a B2B platform.
  • Controller / Processor Model ELION generally acts as a Data Processor for Customer Data handled on behalf of business customers, and acts as a Data Controller for account management, billing, support, security, website analytics, marketing, and internal business operations.
  • Categories of Individuals ELION may process information relating to customers, prospects, leads, patients, consumers, callers, website visitors, and end users who interact with ELION customers.
  • Customer Data Sale ELION does not sell Customer Data to third parties.
  • Data Export Customers may request data export before termination by contacting privacy-request@elionagent.com.
  • Age Threshold The Platform is intended for individuals aged 18 years or older.

01Introduction / Scope

This Privacy Policy is not a generic website privacy policy. It is an enterprise-grade legal document governing the privacy and data handling practices of ELION SYSTEMS LTD in connection with its website, platform, AI-powered business communication services, front-office automation solutions, and related operations. ELION is primarily a business-to-business (B2B) platform. In the course of providing its services, ELION may process information relating to customers, prospects, leads, patients, consumers, callers, website visitors, and end users who interact with ELION Customers.

02Definitions

“ELION”, “Company”, “we”, “us”, “our”

ELION SYSTEMS LTD, Company Number 517350260, registered in Tel Aviv, Israel.

“Customer”

The business entity that subscribes to, accesses, or uses our Platform.

“End User”

Any individual who interacts with ELION customers through our Platform, including prospects, leads, patients, consumers, callers, and website visitors.

“Platform”

The multi-tenant SaaS platform and related services providing AI-powered business communication and front-office automation solutions.

“Personal Data”

Any information relating to an identified or identifiable natural person, as defined by applicable data protection legislation.

03Controller / Processor Distinction

Under applicable data protection laws, the distinction between a Data Controller and a Data Processor is paramount.

ELION as a Data Processor

ELION generally acts as a Data Processor (or Service Provider) when processing Customer Data, End User Data, Call Data, Conversation Data, and other operational data on behalf of our business Customers to provide the Platform services. In such capacities, Customers retain the obligations of a Data Controller.

ELION as a Data Controller

ELION acts as a Data Controller with respect to data processed for account management, billing, support, security, website analytics, marketing, and internal business operations.

04Multi-Tenant SaaS Architecture

ELION operates a multi-tenant SaaS architecture. Customer environments are logically separated as part of the Platform design. Additional security, segregation, and dedicated enterprise deployment options may be introduced over time to address evolving operational, security, and compliance requirements.

05Categories of Personal Information / Data Categories

We may process the following categories of data:

Account Data

  • User IDs
  • Authentication credentials
  • Roles
  • Permissions
  • Account status
  • Subscription information

Customer Business Data

  • Company information
  • Services
  • Operational information
  • Opening hours
  • Internal business rules

End User / Lead Data

  • Names
  • Emails
  • Phone numbers
  • Communications
  • Requests
  • Preferences

Call Data

  • Caller information
  • Recipient information
  • Call duration
  • Call metadata
  • Timestamps
  • Call status
  • Audio recordings

Conversation Data

  • Voice conversations
  • Chat conversations
  • WhatsApp conversations
  • Transcripts
  • Summaries
  • Conversation history
  • Detected intents

Appointment Data

  • Bookings
  • Schedules
  • Appointment history
  • Modifications
  • Cancellations

Knowledge Base Data

  • FAQs
  • Business documents
  • Uploaded files
  • Operational content
  • Pricing information
  • Customer-provided knowledge

AI Configuration Data

  • Prompts
  • Instructions
  • Escalation rules
  • Workflows
  • Voice settings
  • Language settings

Analytics Data

  • Usage metrics
  • Events
  • Clicks
  • Sessions
  • Funnels
  • Dashboards

Technical Data

  • IP addresses
  • Browser information
  • Operating systems
  • Devices
  • Timestamps
  • Security logs
  • Audit information

Marketing Data

  • Referral sources
  • Campaign identifiers
  • UTM parameters
  • Analytics identifiers
  • Cookie identifiers

Consent Data

  • Cookie preferences
  • Marketing preferences
  • Opt-ins
  • Opt-outs
  • Consent history

Billing Data

  • Invoices
  • Subscription information
  • Tax information
  • Payment status

Support Data

  • Support requests
  • Tickets
  • Communications
  • Attachments

Integration Data

  • CRM integrations
  • Telephony integrations
  • Calendar integrations
  • WhatsApp integrations
  • API credentials

06Purposes of Processing and Legal Basis Framing

Processing may be carried out for service provision, account administration, communications handling, analytics, security, support, compliance, and legitimate business operations. Processing activities are conducted subject to applicable law and Customer responsibilities where ELION acts as a Data Processor. ELION relies on appropriate legal bases such as the performance of a contract, legitimate interests, legal obligations, or consent, as strictly applicable under relevant jurisdictional frameworks.

07Voice AI Processing

ELION provides AI-powered voice solutions. Voice AI processing includes call recording, speech processing, transcription, AI response generation, appointment scheduling, lead qualification, escalation handling, and call routing. These processing activities are executed strictly in accordance with Customer configurations and instructions.

08WhatsApp AI Processing

ELION engages in processing activities related to WhatsApp and business messaging platforms. This involves inbound and outbound message handling, intent detection, and automated conversational flows designed to facilitate business communication on behalf of our Customers.

09AI Analytics, Business Intelligence & Follow-Up Engine

Our platform includes tools for business analytics, operational optimization, lead management, and customer communication. To this end, the system processes interests, preferences, customer intent, lead prioritization, lead scoring, conversation categorization, sentiment analysis, AI-generated recommendations, conversion likelihood indicators, and follow-up recommendations. ELION does not make fully automated decisions producing legal or similarly significant effects concerning End Users.

10AI Use of Customer Data

ELION may use Customer Data to configure, personalize, optimize, and improve the performance of the AI agent exclusively for that specific Customer. ELION does not use Customer Data to train a general-purpose AI model for other customers unless expressly authorized or otherwise disclosed. ELION may utilize one or more AI providers and reserves the right to replace, supplement, or modify AI providers over time.

11Customer Data Ownership

The Customer retains all rights, title, and interest in Customer Data. ELION does not acquire ownership of Customer Data. Any Customer-provided knowledge bases, documents, workflows, prompts, instructions, and configurations remain solely associated with the specific Customer environment.

12No Data Sale

ELION unequivocally does not sell Customer Data to third parties.

13Special Category Data and Regulated Sectors

Our Platform may be utilized by Customers operating in regulated sectors, including healthcare, medical, dental, physiotherapy, veterinary, legal, and financial sectors. ELION is strictly a technology platform and not a healthcare provider, medical practitioner, law firm, financial advisor, insurer, licensed professional, or regulated decision-maker. Customers remain solely responsible for determining the appropriate legal bases, obtaining required consents, providing sufficient notices, and fully complying with applicable sectoral laws and regulations.

14Service Providers, Technology Stack and Subprocessors

To deliver our services effectively, ELION utilizes third-party infrastructure and service providers. Current providers may include Supabase, Vercel, Vapi, OpenAI (through Vapi and related AI services), Twilio, Meta / WhatsApp Business, PostHog, Google Workspace, Google Drive, GitHub, GoDaddy, and Stripe (planned future billing provider). ELION may add, replace, or remove subprocessors, AI providers, infrastructure providers, and service providers as the Platform evolves.

15Hosting and Data Residency

The current primary data region utilized by ELION is Supabase, located in US-East-1, North Virginia, United States. Over time and subject to enterprise requirements, ELION may support United States hosting, European hosting, dedicated enterprise hosting, and customer-specific hosting arrangements.

16International Transfers

ELION serves Target Markets including Israel, the European Union, the United Kingdom, the United States, the United Arab Emirates, and Australia. Cross-border transfers of personal data may occur where required for service delivery, support, infrastructure operations, analytics, communications, or other legitimate business purposes. Where applicable, such transfers may be supported by contractual safeguards, data processing terms, recognized adequacy or transfer mechanisms, or other lawful measures recognized under the GDPR, UK GDPR, Israeli law, applicable United States frameworks, UAE privacy requirements, Australian privacy law, and related implementing rules or guidance.

17Cookies, Analytics and Website Technologies

We may deploy cookies, web beacons, and similar tracking technologies in connection with website analytics, marketing data, and consent management (e.g., PostHog), subject to applicable notices and consent mechanisms as required by law.

18Data Retention

ELION retains personal data in accordance with the following schedule, subject to lawful extension provisions for security, fraud prevention, dispute resolution, legal compliance, backups, business continuity, platform improvement, and legitimate business purposes:

Data TypeStandard Retention Period
Audio Recordings12 months
TranscriptsDuration of customer account
AI SummariesDuration of customer account
LeadsDuration of customer account
AppointmentsDuration of customer account
Knowledge BaseDuration of customer account
Technical Logs12 months
Account Deletion30 days following account closure

19Data Export and Portability Requests

Customers may request the export of their data prior to account termination by formally contacting privacy-request@elionagent.com.

20Security Measures

ELION implements reasonable technical and organizational measures to safeguard data, which include authentication, access controls, encryption in transit, provider-level encryption at rest, logging, monitoring, and backups. Notwithstanding these measures, ELION does not guarantee absolute security. Additional security measures may be introduced over time.

21Government Requests and Legal Disclosures

ELION may disclose information only where strictly required by applicable law, binding court order, lawful governmental request, or to protect the rights, safety, security, or integrity of ELION, its Customers, or the public.

22Data Breach Response

ELION maintains reasonable technical and organizational safeguards and is committed to complying with applicable legal and contractual obligations regarding data breach notifications.

23Data Subject / Privacy Rights

Data subject rights may vary significantly by jurisdiction. Individuals seeking to exercise privacy rights may direct their inquiries to privacy-request@elionagent.com. Where ELION acts solely as a Data Processor, such requests may need to be directed through and addressed by the relevant Customer acting as the Data Controller.

24Children

The Platform is intended for individuals aged 18 years or older.

25Changes to this Privacy Policy

ELION reserves the right to update this Privacy Policy from time to time to reflect operational, legal, or regulatory modifications.

26Contact Details

Company Name: ELION SYSTEMS LTD

Company Number: 517350260

Registered Address: Tel Aviv, Israel

Privacy Contact: privacy@elionagent.com

Privacy Requests: privacy-request@elionagent.com

27Frequently Asked Questions

Is ELION a data controller or a data processor?

ELION generally acts as a Data Processor (or Service Provider) when processing Customer Data, End User Data, Call Data, Conversation Data, and other operational data on behalf of business customers to provide the Platform services. ELION acts as a Data Controller with respect to data processed for account management, billing, support, security, website analytics, marketing, and internal business operations.

Does ELION sell customer data?

No. ELION unequivocally does not sell Customer Data to third parties.

What types of data may be processed through the Platform?

Depending on the relevant use case and configuration, ELION may process Account Data, Customer Business Data, End User / Lead Data, Call Data, Conversation Data, Appointment Data, Knowledge Base Data, AI Configuration Data, Analytics Data, Technical Data, Marketing Data, Consent Data, Billing Data, Support Data, and Integration Data.

How does ELION use AI in its services?

ELION may use Customer Data to configure, personalize, optimize, and improve the performance of the AI agent exclusively for that specific Customer. ELION does not use Customer Data to train a general-purpose AI model for other customers unless expressly authorized or otherwise disclosed. ELION may utilize one or more AI providers and reserves the right to replace, supplement, or modify AI providers over time.

Does ELION make fully automated decisions with legal or similarly significant effects?

No. ELION does not make fully automated decisions producing legal or similarly significant effects concerning End Users.

Where is data hosted?

The current primary data region utilized by ELION is Supabase, located in US-East-1, North Virginia, United States. Over time and subject to enterprise requirements, ELION may support United States hosting, European hosting, dedicated enterprise hosting, and customer-specific hosting arrangements.

Which third-party providers may be involved?

Current providers may include Supabase, Vercel, Vapi, OpenAI (through Vapi and related AI services), Twilio, Meta / WhatsApp Business, PostHog, Google Workspace, Google Drive, GitHub, GoDaddy, and Stripe (planned future billing provider). ELION may add, replace, or remove subprocessors, AI providers, infrastructure providers, and service providers as the Platform evolves.

How long is data retained?

ELION retains personal data in accordance with the retention schedule set out in this Privacy Policy, subject to lawful extension provisions for security, fraud prevention, dispute resolution, legal compliance, backups, business continuity, platform improvement, and legitimate business purposes.

How can customers request export of their data?

Customers may request the export of their data prior to account termination by formally contacting privacy-request@elionagent.com.

How can privacy rights be exercised?

Individuals seeking to exercise privacy rights may direct their inquiries to privacy-request@elionagent.com. Where ELION acts solely as a Data Processor, such requests may need to be directed through and addressed by the relevant Customer acting as the Data Controller.