Privacy Policy
Last updated: 8 June 2026 · Effective Date: 8 June 2026
This Privacy Policy applies to all websites, applications, mobile apps, subdomains, memberships, services, and products operated by Elative Solutions OÜ, including but not limited to the following brands and domains:
- Altitude Club · goaltitude.club, altitudeclub.app, askaltea.ai, the Altitude Club web app, and all associated subdomains
- CoachSuite Pro · coachsuite.pro and all associated subdomains
- Altitude Pulse · altitudepulse.app, the Altitude Pulse iOS app, the Altitude Pulse Android app, and all associated subdomains
- Elative Solutions · elative.solutions, elative.io, elative.one
- Any other brands, websites, and applications operated by Elative Solutions OÜ, now or in the future
All of the above are collectively referred to as the "Sites" and "Apps" throughout this document. Altea is the name of the AI assistant offered within the Altitude Club service (see section 2A).
Elative Solutions OÜ is committed to protecting your privacy and ensuring the security of your personal information. By using the Sites or Apps, you acknowledge that you have read and accepted this Privacy Policy. If you do not agree, please discontinue use immediately.
1. Who We Are
Elative Solutions OÜ, a company registered in Estonia, acts as the Data Controller for personal data collected through our Sites and Apps. We are committed to compliance with GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), CPRA (California Privacy Rights Act), and PIPEDA (Personal Information Protection and Electronic Documents Act, Canada).
If you have any questions regarding your privacy, you may contact us at:
- Legal Entity: Elative Solutions OÜ
- Email: legal@elative.solutions
- Postal Address: Ahtri tn 12, Kesklinna linnaosa, Harju maakond, 10151 Tallinn, Estonia, EU
2. Mobile Apps Scope
This section describes data handling specific to the Altitude Club mobile experience and the Altitude Pulse mobile app (iOS and Android).
What we collect in the mobile apps
- Account data: email and name when you create an account
- Phone number (optional): used for CRM enrichment and account recovery if you provide it
- Your written content: reflections, notes, and assistant prompt responses you write inside the app are stored privately on your account. We do not train models on, sell, or share these freeform entries. Where you use the Altea assistant, your messages are processed to generate responses to you and are handled as described in section 2A.
- Engagement events: which screens you opened, when, and basic interaction counts. Used to personalise your experience and measure platform health.
- Push notification token: a device-level identifier issued by Apple or Google when you allow notifications. Linked to your account so we can send the right notification to the right device.
- Anonymised session interactions: taps, scrolls, and screen views (see section 6).
- Crash and performance metrics: anonymous diagnostic data (see section 8).
What we do not collect in the mobile apps
- Contacts, calendars, photos, microphone, or location, unless a feature explicitly requests permission and you grant it
- Health, biometric, or sensitive personal data
- Content of sensitive form fields such as passwords or payment details (these are masked in session analytics)
Mobile app data processors
Mobile app data is processed by Supabase (database and authentication), OneSignal (push notifications), Microsoft Clarity (anonymised session analytics), GoHighLevel (CRM enrichment), and, for the Altea assistant, the AI providers listed in section 12. The full subprocessor list is in section 12.
2A. Altea AI Assistant, Business Connections, and Uploaded Data
The Altitude Club service includes Altea, an AI business assistant. To give you advice grounded in your own business, Altea can work with business data you choose to connect or upload. This section explains exactly how that data is handled. Providing this data is always your choice, and you can withdraw it at any time.
a. What Altea processes
- Your conversations with Altea: the messages you send and the assistant's replies. Altea keeps a per-user memory to provide continuity (retention is described in section 13).
- Connected business accounts (Business Connections): if you connect a third-party account, we read a bounded set of business metrics from it to ground Altea's answers. At present this is Google Analytics 4, connected with read-only access at the least scope required (Google analytics.readonly). Additional connectors (for example Meta, Google Search Console, Stripe, Shopify, Xero, GoHighLevel, or Amazon) may be offered in future under the same read-only, least-scope model and will be disclosed when launched.
- Uploaded files: spreadsheets and documents you upload (xlsx, xls, csv, pdf, doc, docx). Each file is stored privately, parsed into structured business data, and indexed so Altea can retrieve the relevant parts when you ask a question.
b. How Altea uses your data
Altea works only on your own data, to answer your own questions. Your connected and uploaded business data is isolated to your account at the database level and is never used to answer another user's questions, never pooled with other users' data, and never sold.
c. We do not train AI models on your data
Neither your conversations nor your connected or uploaded business data are used to train our models or any third-party model. We engage AI providers under settings or endpoints that exclude your content from their model training (see section 12).
d. Where your data is processed
To generate a response, the relevant context is sent to AI model providers hosted in the United States (listed in section 12; transfer safeguards in section 15). We do not send your business data to AI endpoints hosted in China.
e. How we protect Business Connections and uploads
- Least scope: connectors request the minimum read-only access needed. We do not request write access to your connected accounts.
- Encrypted tokens: access and refresh tokens are encrypted at rest, are never shown to the assistant, never placed in any AI prompt, and never written to any log the assistant can read.
- Private storage: uploaded files are held in private storage and accessed only through short-lived, owner-scoped links.
- Database-level isolation: your connected and uploaded data is readable only by your account, enforced by database row-level security, not merely by application logic.
- Revocation and deletion: disconnecting a connector revokes our access and stops future syncs. Deleting an upload removes the file and the data derived from it.
f. AI transparency and your rights
You are interacting with an AI assistant. Altea produces suggestions and analysis; it does not make decisions producing legal or similarly significant effects about you without human involvement. Under GDPR Article 22 you may request human review of, and object to, AI-based processing by contacting legal@elative.solutions. Altea may make mistakes, and its output does not constitute professional, financial, legal, medical, tax, or investment advice (see our Terms and Conditions).
3. Data Collection and Processing
We collect personal data including but not limited to contact information, customer transaction details, user data, technical data, and marketing preferences. We gather this data through direct interactions (such as when you sign up, purchase, or contact support), automated tracking (cookies and analytics), third-party service integrations, and publicly available sources.
Under GDPR, we process data based on contractual necessity, legitimate interest, consent, and legal obligations. Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process the following categories of personal data:
Communication Data
Any communication you send to us through contact forms, email, text, social media messaging, or any other channel. We process this data to respond to enquiries, maintain records, and comply with legal obligations.
User Content
Reflections, journal notes, assistant prompt responses, and other freeform content you write inside the Altitude Club service, Altea, or the Altitude Pulse app. Stored on your account. Not used for model training, not sold, and not shared. Your freeform reflections are not analysed by humans except where you explicitly request support involving that content. Business data you choose to connect or upload for the Altea assistant is analysed by the assistant on your behalf, to answer your questions, as described in section 2A.
Connected and Uploaded Business Data
Business metrics from accounts you connect (such as Google Analytics) and the contents of files you upload for analysis. Processed solely to provide the Altea assistant to you, as described in section 2A. Retained until you disconnect, delete, or close your account (see section 13).
Customer Data
Details related to purchases including your name, billing address, delivery address, email address, phone number, and payment details. We process this to supply the goods and services you have purchased and to maintain transaction records.
User Data
Data about how you use our Sites and Apps including interactions with content, session history, and engagement levels. We process this to improve user experience and platform functionality.
Business Infrastructure Data
Where members use our platforms to manage their own coaching or consulting business, we may process data relating to their client contact records, funnel configurations, CRM settings, and automation sequences stored within the platform. This data is processed solely to provide the contracted service. Members retain full ownership of their own client data at all times.
Technical Data
IP addresses, login data, browser details, session lengths, device information, and analytics tracking. This helps us optimise our Sites and Apps and detect security threats.
Marketing Data
Preferences regarding marketing communications, promotions, and advertising.
Phone Numbers and AI Communications
If you provide your phone number, we may use it to send SMS messages, WhatsApp messages, or AI-generated outbound communications based on your stated preferences.
We do not collect sensitive personal data including race, ethnicity, religious beliefs, biometric data, or criminal records, and you must not upload such data to the Altea assistant (see our Terms and Conditions).
4. How We Collect Your Personal Data
We collect data in the following ways:
- Direct interactions: account registration, purchases, newsletter sign-ups, mobile app onboarding, connecting a business account, uploading a file, or contacting customer support
- Automated tracking: cookies, tracking pixels, analytics tools, and mobile SDKs when you interact with our Sites or Apps
- Third-party sources: if you connect third-party platforms such as Google, Facebook, or other Business Connections, we may receive relevant user and business data at the scope you authorise
- Publicly available sources: such as business directories or professional records
5. Use of Cookies and Tracking Technologies
Our Sites use cookies and other tracking technologies to enhance functionality, improve user experience, and support marketing and analytics. When you first visit, a cookie consent banner allows you to accept or reject non-essential cookies. You can also manage cookie preferences through your browser settings. For the full detail, see our Cookie Policy.
a. What Are Cookies
Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences, enhance your browsing experience, and improve functionality. Cookies may be first-party (set by our Sites) or third-party (set by advertising or analytics providers).
b. Types of Cookies We Use
- Essential Cookies: necessary for the operation of the Sites, enabling basic functions like page navigation, secure logins, and fraud prevention
- Performance Cookies: collect information about how visitors use our Sites to optimise performance and improve user experience
- Functional Cookies: allow our Sites to remember choices you make, such as language preferences or login details
- Marketing and Advertising Cookies: track your online activity to deliver targeted advertisements relevant to your interests
c. Third-Party Cookies
Some cookies on our Sites are placed by third-party service providers including Google Analytics, Facebook Pixel, and payment providers. These third parties may use cookies in accordance with their own privacy policies, which we recommend reviewing.
d. Managing Cookies
You may adjust your browser settings to block or delete cookies, opt out of third-party tracking through https://optout.aboutads.info, or use our cookie consent banner to manage non-essential cookie preferences. If you disable certain cookies, some parts of our Sites may not function correctly.
6. Session Analytics (Microsoft Clarity)
We use Microsoft Clarity to record anonymised session interactions across our websites and mobile apps. Clarity captures taps, scrolls, screen views, page paths, and similar interaction signals, and produces session replays and heatmaps that help us identify confusing flows and broken interface elements.
Clarity does not capture the content of sensitive form fields such as passwords or payment information. We do not use Clarity to identify individual users by name, email, or other direct identifier.
For more information, see the Microsoft Privacy Statement.
7. Push Notifications (OneSignal)
We use OneSignal to deliver push notifications to the Altitude Club and Altitude Pulse mobile apps. When you allow notifications, OneSignal stores a device-level push token issued by Apple Push Notification service or Firebase Cloud Messaging. That token is linked to your account so we can deliver the right notification to the right device, and is removed when you uninstall the app or revoke notification permission in your device settings.
Push tokens are treated as personal identifiers under GDPR and Apple App Privacy guidance. For more information, see the OneSignal Privacy Policy.
8. Crash and Performance Data
Anonymous crash logs and app performance metrics are collected by iOS and Android system services to help us diagnose stability issues and prioritise performance work. This data includes information such as the type of device, operating system version, app version, and the technical context of a crash.
This crash and performance data is not linked to your identity and is treated as Diagnostic Data under Apple App Privacy disclosures.
9. Marketing Communications and Consent
We only send marketing communications with your explicit consent. We use double opt-in for email subscriptions. You may opt out at any time by clicking the unsubscribe link in any email or contacting us at legal@elative.solutions.
SMS Opt-In: by opting in, you agree to receive text messages from us. You may unsubscribe at any time by replying STOP. Opting out of marketing communications will not affect essential service-related communications.
10. Third-Party Advertising and Marketing
We use third-party advertising services including Meta (Facebook and Instagram Ads) and Google Ads to promote our products and services. These platforms may collect and process user data through technologies such as Facebook Pixel and Google Analytics.
If you prefer not to receive personalised advertising, you may opt out through:
- Google Ads Settings: https://adssettings.google.com
- Facebook Ad Preferences: https://www.facebook.com/settings/?tab=ads
- Your Online Choices (EU users): https://www.youronlinechoices.com
- Network Advertising Initiative Opt-Out: https://optout.networkadvertising.org
For California Residents: submit a CCPA Opt-Out Request to legal@elative.solutions with your full name and account email. We will process your request within 30 days.
11. GoHighLevel CRM · Third-Party Infrastructure
Elative Solutions OÜ uses GoHighLevel as the underlying CRM and technical infrastructure for CoachSuite Pro and Altitude Club. GoHighLevel is a third-party software-as-a-service platform that processes certain member and contact data on our behalf as a data processor.
Data processed within GoHighLevel infrastructure may include contact records, CRM entries, automation sequences, funnel configurations, email communications, and SMS messages. GoHighLevel operates servers in the United States. Data transfers from the EU to GoHighLevel are governed by Standard Contractual Clauses (SCCs) in compliance with GDPR and Schrems II requirements.
Members who store their own client data within the platform remain the data controller for that client data. Elative Solutions OÜ processes that data solely as a data processor acting on the member's instruction. Members are responsible for ensuring they have obtained appropriate consent from their own clients before uploading or storing client data within the platform.
12. Subprocessors
We engage the following third-party service providers (subprocessors) to operate our Sites and Apps. Each subprocessor is bound by a Data Processing Agreement and processes data solely on our documented instructions.
Infrastructure, analytics, and communications
- Supabase · authentication, database, and file storage for the Altitude Club, Altitude Pulse, and admin platforms · primary region European Union
- OneSignal · push notification delivery for mobile apps · United States
- Microsoft Clarity · anonymised session analytics and heatmaps · United States and European Union
- GoHighLevel · CRM, marketing automation, and Altitude Club mobile app host · United States
- Vercel · web hosting for the Altitude Club web app, Altitude Pulse, and admin dashboards · United States
- Apple · App Store distribution, push notification service, and crash reporting for iOS · United States
- Google · Play Store distribution, Firebase Cloud Messaging, crash reporting for Android, sign-in, and the Google Analytics Business Connection · United States
- Stripe · payment processing for web checkout · United States
- Google Analytics · website analytics · United States
- Meta Platforms · advertising analytics (Facebook Pixel) and WhatsApp messaging · United States
AI model and retrieval providers (Altea assistant)
The following providers process your conversation context and, where you have connected or uploaded business data, the relevant retrieved business data, solely to generate Altea's responses to you and to index your data for retrieval. Each is engaged under terms that exclude your content from model training. None is hosted in China.
- Anthropic (Claude) · primary AI generation · United States
- OpenAI · fallback AI generation and text embeddings (data indexing) · United States
- US-hosted inference provider (for example Fireworks AI or Together AI, serving open models such as DeepSeek or Kimi) · cost and redundancy tier · United States
Where data is transferred outside the European Economic Area, transfers are governed by the EU-US Data Privacy Framework where the provider is certified, or by Standard Contractual Clauses with supplementary safeguards.
12A. Internal Quality and Safety Monitoring
To keep the service safe, accurate, and improving, we operate an internal monitoring layer that reviews interactions with the Altea assistant for response quality, safety, and product improvement.
- Inside our own infrastructure. This monitoring runs within our own systems. Your data is not sent to an outside party for this purpose.
- Legal basis. Legitimate interests (GDPR Article 6(1)(f)). We have carried out a balancing test; this monitoring is necessary to operate a safe and reliable AI service and is limited to what is needed for that purpose.
- Minimisation and access control. Access is limited to a minimised and, where appropriate, redacted view of interaction data, under a narrowly scoped role, and is itself audit-logged. Connector access tokens are never exposed to this layer.
- Your rights. You can object to processing based on legitimate interests by contacting legal@elative.solutions (see section 21).
This monitoring is not shown in the product interface, but it is fully disclosed here. We do not conceal it.
13. Data Security and Retention
We implement industry-standard security measures including database row-level security so each user can only access their own data, encryption of sensitive data and access tokens at rest, restriction of AI processing to US-hosted endpoints under no-training terms, controlled access, audit logging of administrative access, and routine security review. We retain personal data for the following periods:
- Account and Transaction Data: 6 years for tax and legal compliance
- Marketing Data: retained until you unsubscribe or withdraw consent
- Analytics and Behavioural Data: 12 months unless removed earlier
- Altea assistant memory: for free trial users, retained for one year; for Altitude Club members, retained for the duration of membership. You can request deletion at any time.
- Connected and uploaded business data: retained until you disconnect the connector, delete the upload, or close your account, after which it is deleted within a reasonable period subject to legal retention duties
- Inactive Accounts: deleted after 2 years of inactivity unless required for legal reasons
- Support and Enquiry Data: 12 months after last contact
- Security Logs: 6 months for security monitoring
- AI and safety-monitoring Logs: 6 months unless required for security or fraud prevention
- Email Logs: up to 2 years for legal compliance
14. Account Deletion
Self-service deletion. You can permanently delete your account at any time from within the app settings. Deletion is immediate and includes all profile data, conversation and assistant-memory data, connected-account tokens, uploaded files and the data derived from them, gamification state, and session history stored against your account. For step-by-step instructions and the full list of what is removed or retained, see Delete Your Account.
CRM contact records may be retained for legal and compliance reasons up to the periods listed in section 13. If you would like the CRM record deleted in addition to the app account, email legal@elative.solutions from the address associated with your account and we will action the request within one month.
You can also request deletion of any account or data record by emailing legal@elative.solutions at any time.
15. International Data Transfers
We are based in the European Union and host primary infrastructure in the EU. We operate globally and your data may be transferred outside the European Economic Area (EEA) to countries including the United States, Canada, Australia, and the United Kingdom, including to the AI model providers listed in section 12. We ensure data protection through the EU-US Data Privacy Framework where the provider is certified, and otherwise through Standard Contractual Clauses (SCCs) under GDPR, with additional safeguards such as encryption, pseudonymisation, and access controls. We have Data Processing Agreements in place with key third-party service providers.
16. CCPA Notice for California Residents
California residents have the following rights under CCPA and CPRA:
- The right to know what personal data is collected
- The right to request deletion of collected personal data
- The right to opt out of data selling or sharing
We do not sell personal data. However, third-party analytics and advertising services may collect data as defined under CCPA. To exercise your rights, email legal@elative.solutions with the subject line CCPA Opt-Out Request. We will process your request within 30 days.
17. PIPEDA Notice for Canadian Residents
Under PIPEDA, Canadian residents have the following rights:
- The right to request access to their personal data
- The right to challenge the accuracy of collected information
- The right to file a complaint with the Office of the Privacy Commissioner of Canada
To exercise your rights under PIPEDA, contact us at legal@elative.solutions.
18. SMS, WhatsApp, and AI-Generated Communications
We may use SMS, WhatsApp, and AI-generated outbound messages to provide service notifications, reminders, marketing promotions, and platform updates. By providing your phone number and opting in, you expressly consent to receive such messages. You may opt out at any time by replying STOP, updating your account preferences, or contacting legal@elative.solutions.
WhatsApp messages may be processed by Meta Platforms, Inc. Data transfers are governed by Standard Contractual Clauses under GDPR. We do not sell or share your WhatsApp number with third-party advertisers. Compliance framework: GDPR (EU and UK), CCPA (California), TCPA (United States), CASL (Canada).
19. Use of AI and Automated Processing
We use Artificial Intelligence and automated technologies to provide and enhance our services, including:
- The Altea AI assistant, which answers your questions and, where you choose to connect or upload business data, grounds its answers in your own business data, as described in section 2A. Your individual data is isolated to your account and is not shared with or used to answer other members.
- AI-powered tools for customer support, enquiry handling, and service recommendations
- Automated SMS, email, and WhatsApp responses based on user queries
- Internal quality and safety monitoring of assistant interactions, as described in section 12A
- Personalisation and automated content recommendations based on platform activity
We do not use your conversations or your connected or uploaded business data to train AI models. AI does not make decisions with significant legal or financial consequences without human involvement. AI output may contain errors and does not constitute professional, financial, legal, medical, tax, or investment advice. Under GDPR Article 22 and CCPA/CPRA, you have the right to be informed about AI-driven processing, to request human intervention, and to object to AI-based profiling. To exercise these rights, contact legal@elative.solutions.
20. Children's Privacy
The Altitude Club service is intended for business owners aged 18 and over and is not directed at children. The Altitude Pulse mobile app is not directed at children under 13 (or under 16 in jurisdictions where the higher age applies under GDPR). We do not knowingly collect personal data from children under these ages.
If you are a parent or guardian and you believe a child has provided us with personal data, please contact legal@elative.solutions and we will delete the relevant account and associated data without undue delay.
21. Your Legal Rights
Under global data protection laws, you have the right to:
- Access your personal data
- Correct or update inaccurate data
- Request deletion of personal data
- Restrict or object to certain types of data processing, including processing based on legitimate interests (section 12A) and AI-based processing (section 19)
- Request data portability
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at legal@elative.solutions. We will respond to all legitimate requests within one month. There is no fee to exercise your rights unless a request is clearly unfounded, repetitive, or excessive. We may need to verify your identity before processing certain requests.
Right to lodge a complaint. Under GDPR Article 77, you have the right to lodge a complaint with your local data protection authority. In Estonia, the supervisory authority is the Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate), https://www.aki.ee/en. EU residents can also use the European Data Protection Board portal at https://edpb.europa.eu.
22. Third-Party Links
Our Sites and Apps may contain links to third-party websites, plug-ins, or applications. These third parties may collect personal data independently. We are not responsible for their data handling practices and encourage you to read their respective privacy policies.
23. Third-Party Data Sharing
We share personal data with trusted third-party service providers for payment processing, analytics, push notifications, AI generation, and marketing. The full subprocessor list is in section 12. We have Data Processing Agreements with these providers to ensure compliance with GDPR, CCPA, and PIPEDA. We do not sell personal data to third parties for advertising purposes.
24. Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy at any time. Updates will be reflected in the Effective Date at the top of this document. Continued use of our Sites or Apps after such modifications constitutes acceptance of the revised terms. We will make reasonable efforts to notify users of material changes via email or a notice on the relevant Site or App.
25. Contact Us
If you have any questions about this Privacy Policy or wish to make a complaint, contact us at:
Elative Solutions OÜ
Ahtri tn 12, Kesklinna linnaosa
Harju maakond, 10151 Tallinn
Estonia, EU
Email: legal@elative.solutions