← Elornia

Privacy Policy

Last updated: 15 May 2026

1. Introduction

This Privacy Policy explains how Elornia (ABN 55 277 361 331), an Australian sole trader, ("we," "us," "our"), collects, uses, stores, and shares your personal information when you use the Service at elornia.com (the "Service").

We are committed to handling your data carefully and in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Where users in other jurisdictions are involved, we also aim to comply with applicable laws including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), to the extent applicable.

This Policy is part of our Terms of Service. Defined terms used here have the meanings given in the Terms.

2. Information We Collect

2.1 Information you provide.

When you create an account or use the Service, we collect:

  • Email address: used for account creation, authentication, password recovery, and service communications
  • Date of birth: used solely to verify you are 18 or older; we store the date but do not use it for marketing or profiling
  • Password: stored only as a cryptographic hash (we cannot read your password)
  • Conversation content: messages you send to AI characters, choices you make in stories, and the AI's responses
  • Account preferences: such as notification settings, character preferences, and similar configurations
  • Support communications: when you contact us, we keep records of the correspondence

2.2 Information collected automatically.

When you use the Service, we automatically collect:

  • Technical data: IP address, browser type, device type, operating system, language settings, time zone
  • Usage data: pages viewed, features used, session duration, error logs, performance metrics
  • Authentication data: login timestamps, session tokens, security events

2.3 Information from third parties.

When you make a payment, we receive limited information from our payment processor (Stripe): specifically, payment confirmation, the last four digits of your card, card type, and country. We do not receive or store your full card number, CVV, or banking credentials.

2.4 Cookies and similar technologies.

We use cookies and similar technologies for:

  • Essential function: authentication, session management, security
  • Preferences: remembering your settings
  • Performance and analytics: understanding how the Service is used (aggregate, not individual)

You can control cookies through your browser settings. Disabling essential cookies will prevent the Service from functioning correctly.

We do not use cookies for advertising or third-party tracking.

3. How We Use Your Information

We use your information to:

(a) Provide the Service: authenticate you, deliver content, generate AI responses, save your progress, process payments, and operate Premium features; (b) Personalize your experience: remember preferences, surface relevant stories and characters, and provide continuity in your interactions; (c) Communicate with you: send service-related emails (account verification, password reset, billing notifications), notify you about Service changes, and respond to your inquiries; (d) Maintain safety: detect and respond to abuse, harmful content, attempted exploitation of safety systems, and risks to user wellbeing; (e) Improve the Service: analyze aggregate usage patterns to identify bugs, performance issues, and areas for improvement (without using identifiable conversation content for training, see Section 4); (f) Comply with legal obligations: respond to lawful requests from authorities, enforce our Terms, and protect our legal rights.

4. AI and Conversation Data: Important Commitments

4.1 We do not train AI models on your conversations.

Your conversation content is not used to train, fine-tune, or otherwise improve any AI model, neither ours nor any third-party model. This is a firm commitment.

4.2 Anthropic does not train on our API traffic.

The AI models that power Elornia are accessed through Anthropic's API. Anthropic's policy is that they do not train their models on data submitted via the API. Your conversations sent through Anthropic's infrastructure are not used to improve their models.

4.3 What happens to your messages?

When you send a message:

  • The message is stored in our database against your account so we can show you your conversation history
  • The message and recent context is sent to Anthropic's API to generate the AI response
  • The AI response is stored in our database and shown to you
  • Vector embeddings (mathematical representations) of your messages may be generated via Voyage AI to enable memory features, and stored in our database

We retain conversation history so you can return to ongoing stories. You can delete individual conversations or your entire account (which deletes all associated conversation data) at any time.

4.4 Limited human access.

In rare circumstances, authorized personnel may need to view conversation data:

  • To investigate technical issues you report to support
  • To investigate abuse or violations of our Terms
  • To respond to lawful requests from authorities
  • To comply with legal obligations

We do not access conversation data for routine purposes. When access occurs, it is logged and limited to the minimum necessary.

5. Sharing Your Information

We share information only as described below.

5.1 Third-party service providers.

We use the following providers, each of which receives the information necessary to perform its function:

ProviderPurposeData shared
Anthropic (US)AI model inferenceYour messages and recent conversation context (sent at message time, not retained by Anthropic for training)
Stripe (US, AU)Payment processingEmail, billing details, transaction information
Supabase (US/EU regions)Database, authentication, file storageMost data described in this Policy is stored on Supabase infrastructure
Voyage AI (US)Text embedding generation for memory featuresMessage text (returned as numerical vectors)
Vercel (US, global edge)Web hostingTechnical request data, IP addresses

These providers are contractually obligated to handle data securely and only for the purposes we engage them. They may have their own privacy policies which apply in addition to ours.

5.2 Legal requirements.

We may disclose information if required to do so by law, valid legal process, or to:

  • Comply with a court order, subpoena, or government request
  • Protect our rights, property, or safety, or that of users or the public
  • Investigate or prevent fraud, abuse, or threats to safety
  • Enforce our Terms

5.3 Business transfers.

If we sell, transfer, or restructure the business, your information may be transferred to the new operator subject to equivalent privacy commitments. We will notify you if this happens.

5.4 With your consent.

We will share information for any other purpose if you give us specific consent to do so.

5.5 We do not sell your data.

We do not sell your personal information to third parties. We do not share it for advertising purposes.

6. International Data Transfers

Several of our service providers are located outside Australia, primarily in the United States and European Union. Your information will be transferred to and processed in these jurisdictions.

We require service providers to maintain appropriate security and privacy protections. However, the privacy laws of these jurisdictions may differ from Australian law and may not provide the same level of protection. By using the Service, you consent to these international transfers.

7. Data Retention

We retain your information for as long as your account is active and for a reasonable period afterward to:

  • Comply with legal obligations (such as tax and financial record requirements; typically 5-7 years for billing records)
  • Resolve disputes
  • Enforce our agreements
  • Maintain backups for disaster recovery

When you delete your account:

  • Your account, profile, and conversations are removed from active systems
  • Backups containing your data may persist for up to 90 days before being overwritten
  • Limited records (e.g., billing transactions, abuse reports if applicable) may be retained where required by law or for legitimate operational reasons

8. Security

We take reasonable technical and organizational steps to protect your information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest where applicable
  • Cryptographic password hashing
  • Access controls limiting who can view data
  • Logging of administrative access
  • Regular review of our infrastructure and dependencies

No system is perfectly secure. If we become aware of a security breach affecting your information, we will notify you and the relevant authorities as required by law.

You can help protect your account by using a strong unique password, enabling any available security features, and notifying us immediately of suspicious activity.

9. Your Rights

You have the following rights regarding your personal information.

9.1 Access.

You can request a copy of the personal information we hold about you.

9.2 Correction.

You can update most account information directly in your settings. For information you cannot edit yourself, contact us.

9.3 Deletion.

You can delete your account at any time through your settings, which will remove your conversations and account data as described in Section 7. You can also request deletion of specific data by contacting us.

9.4 Portability.

You can request your data in a structured, machine-readable format.

9.5 Objection and restriction.

You can object to certain types of processing or request that we restrict how we use your data, where applicable law gives you that right.

9.6 Withdrawal of consent.

Where we rely on your consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

9.7 Complaint.

If you have a privacy concern we have not addressed satisfactorily, you can complain to:

  • Australia: Office of the Australian Information Commissioner: oaic.gov.au
  • EU/EEA: Your local data protection authority
  • California: California Attorney General's office

To exercise any of these rights, contact us at izzy@elornia.com. We will respond within a reasonable time, typically within 30 days. We may need to verify your identity before fulfilling certain requests.

10. Children

Elornia is for users 18 and older. We do not knowingly collect personal information from anyone under 18. If we discover we have collected information from someone under 18, we will delete it.

If you are a parent or guardian and believe a minor has accessed our Service or provided us with personal information, please contact us at izzy@elornia.com immediately.

11. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will notify you via email or through the Service. The "Last updated" date at the top of this Policy reflects when the latest version took effect.

Continued use of the Service after changes take effect indicates your acceptance of the updated Policy.

12. Contact Us

For privacy-related questions, requests, or complaints:

Email: izzy@elornia.com Business name: Elornia ABN: 55 277 361 331 Location: Victoria, Australia

We aim to respond to privacy inquiries within 14 days, and to formal requests under privacy law within 30 days.

By using Elornia, you acknowledge that you have read and understood this Privacy Policy.