Privacy Policy
Last updated: April 8, 2026
1. Introduction
This Privacy Policy explains how ExplosionAI GmbH (“Explosion”, “we”, “us”, “our”) collects, uses, and protects your information when you use the Ellf platform (“the Service”). We are committed to protecting your privacy and handling your data transparently.
2. Data Controller
Explosion is the data controller for the personal data processed through the Service. For contact details, see Section 11.
3. Data We Collect
Account Data
When you create an account, we collect:
- Name and email address
- Organization name (if applicable)
- Billing information (processed by our payment provider)
Usage Data
We collect anonymized usage telemetry to improve the Service, including:
- Feature usage patterns and session duration
- Error reports and performance metrics
- API request metadata (endpoints called, response times)
Customer Data
Customer Data refers to any data you upload, submit, or process through the Service, including text, annotations, datasets, and model artifacts. We process Customer Data solely to provide the Service to you.
Chat Assistant Data
When you start using Ellf, conversation logs and artifacts from the in-app chat – which enable handover to your local coding assistant – are stored in our database. This allows you to begin project planning immediately, before your data-private cluster has been set up. Once your cluster is running, you can migrate this data to your cluster, after which all new chat assistant data is stored on your cluster instead of our servers.
4. How We Use Your Data
We use your data to:
- Provide, maintain, and improve the Service
- Process payments and manage your account
- Send service-related communications
- Respond to support requests
- Comply with legal obligations
We do not use your Customer Data to train machine learning models, and we do not sell your data to third parties.
5. Data Processing and Storage
Cluster Architecture
If you use the Ellf cluster feature, your Customer Data is processed on infrastructure under your control – either locally or in your own cloud account. In this case, Customer Data does not pass through our servers.
Chat Assistant Data Before Cluster Setup
Before your cluster is set up, chat assistant data (conversation logs and handover artifacts) is stored in our database to allow you to start using Ellf immediately. This data is stored only as long as needed to provide the chat and handover functionality and is migrated to your cluster as soon as you choose to do so. After migration, no new chat assistant data is stored on our servers, and any previously stored data is deleted from our database.
Cloud Processing
For cloud-based features (e.g. the virtual assistant), data is processed in transit and is not stored beyond the duration of a request. We do not retain copies of your Customer Data after processing is complete.
6. Subprocessors
We use the following subprocessors to provide the Service. Customer Data is only shared with subprocessors to the extent necessary to deliver the specific functionality described.
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Anthropic | LLM inference for virtual assistant | Prompts and responses (not retained after processing) | United States |
| Stripe | Payment processing | Billing and payment information | United States |
| Google Cloud | Infrastructure and hosting | Account data, usage telemetry | United States |
| Mandrill | Transactional email delivery | Email addresses, message content | United States |
We will notify registered users at least 30 days in advance of any changes to this list.
7. Data Retention
- Account Data: retained for the duration of your account, plus 30 days after deletion
- Usage Data: retained in anonymized form for up to 12 months
- Customer Data: not retained beyond the duration of processing; deleted immediately after each request
- Chat Assistant Data: stored on our servers only until your cluster is set up and the data is migrated; deleted from our database upon migration
- Billing Records: retained as required by applicable tax and accounting regulations
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at contact@explosion.ai.
9. Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS) and at rest
- Access controls and authentication
- Regular security reviews
- Incident response procedures
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email at least 14 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
11. Contact
For questions about this Privacy Policy or to exercise your data rights, contact us at contact@explosion.ai.