Your customer data stays yours, handled like it matters.
Elevair builds and operates systems that carry real business data: calls, recordings, leads, payments. This page states how that data is handled, in plain terms, so your counsel and IT can review it.
How data is handled.
- Encryption
- Customer data is encrypted in transit over TLS and encrypted at rest in the databases and storage that hold it.
- Access
- Least-privilege by default. Access is scoped to the people delivering your account, and nothing broader.
- Operators
- Founder-operated accounts. The founders run the systems that hold client data. No offshore account teams touch it.
You own it outright.
Most platforms in this space hold the site and the data to make leaving hard. We do the opposite. A vendor you can leave is a vendor you can trust.
- What you own
- Your site, your domain, your data, your accounts. Owned by you from the start, not licensed back to you.
- Export
- Full export on request: contacts, call logs, transcripts, recordings, site content. Standard formats.
- Terms
- Month-to-month. If we part ways, everything stays with you: the site, the domain, the data, the accounts.
Call recordings and consent.
- Ownership
- Recordings and transcripts belong to the client. If the engagement ends, they leave with you.
- Retention
- Retention windows are configurable on request.
- Consent
- Configured per your state’s requirements. Texas is a one-party-consent state; where a disclosure is required, or simply preferred, we configure a recorded-line notice that plays before the call connects.
- Assistant identity
- How the AI assistant introduces itself on your line is configured per client.
The vendors we build on.
Six providers. Each holds only what its role requires.
- Vercel
- Hosting and delivery for client sites.
- Supabase
- Application database: leads, call logs, transcripts.
- Twilio
- Telephony and SMS.
- ElevenLabs
- Voice for the phone assistant.
- Anthropic
- Language models behind the assistant.
- Stripe
- Payment processing.
A note for law firms.
Intake is confidentiality-sensitive and is handled that way. Recordings remain the firm’s. Transcript access is controlled. Intake flows are configured to capture contact details and matter type without soliciting privileged detail.
Your bar and your carrier set the requirements. We build to your compliance requirements and review the configuration with your team before anything goes live.
Working with your counsel and IT.
We complete security questionnaires and sit for review calls as part of enterprise engagements. A data processing agreement is available on request. If your team wants more detail than this page, ask for the security overview.