Staging Ambiente di prova: questa e una versione demo, nessun dato reale viene trattato.
Back to Elicitra

Legal hub

Elicitra legal terms and privacy notices

Minimum legal framework for opt-in pilots run by Eigensource S.L., VAT ES B55497267. This page covers respondent/interviewee consent and the SaaS/platform customer relationship. Contact: privacy@eigensource.com.

Current versions: 2026-06-11. Last updated: 11 June 2026.

This implementation is operational compliance text for pilots, not final legal advice. Counsel/DPO review is required before broader production rollout.

Respondent privacy notice and AI/call consent

When a respondent requests a call, browser call, or text chat, Elicitra processes contact details, campaign context, conversation transcript, recording metadata where recording is enabled, provider events, and model output needed to produce lead summaries and handoff notes. The respondent is told that the interaction is with an AI assistant.

Elicitra uses Telnyx for telephony/browser voice and OpenAI for language processing. Hosting, email, and notification providers may process service metadata. We do not use respondent data for credit approval, regulated decisions, official quotes, or binding offers.

Public respondent terms

Respondents must explicitly opt in before Elicitra contacts them or starts a browser call or chat. The service collects information for the named campaign and shares outputs with the platform customer that configured the campaign. A respondent may revoke consent or request access, deletion, or correction by writing to privacy@eigensource.com.

Scenario outputs are informational lead-intake materials only. They are not financial advice, loan approval, eligibility assessment, official rate calculation, vehicle availability confirmation, or binding commercial offer.

SaaS/platform customer terms

Platform customers and admins use Elicitra to configure campaigns, scenarios, fields, questions, follow-up policies, and respondent flows. They are responsible for having a valid legal basis for each campaign, for using accurate landing copy, and for avoiding regulated decisions or sensitive-data probing unless a separate reviewed basis exists.

Customers must keep account credentials confidential, respect cross-organization access boundaries, and use Elicitra only for opt-in callbacks or respondent-initiated sessions. Cold outbound marketing is outside this MVP scope.

Platform account privacy notice

Eigensource S.L. is controller for SaaS account data, authentication, organization membership, support, billing or billing preparation, product operations, security logs, and demo analytics. Account data may include name, email, organization, role, preferences, login metadata, support messages, and usage events.

Data Processing Addendum template

For customer campaign respondent data, the platform customer is the controller and Eigensource S.L. acts as processor. The DPA covers processing instructions, confidentiality, subprocessors, security measures, breach notification, assistance with data-subject requests, deletion/return at termination, and international transfer safeguards where applicable.

Subprocessors and vendors

Current core processors include Telnyx for telephony and AI voice infrastructure, OpenAI for language model processing, hosting/database infrastructure, transactional email, and notification services where enabled. The detailed vendor register is maintained in docs/legal/vendor-register.md.

Data retention

Raw data defaults to 90 days: transcripts, provider events, recording metadata, raw model output, and debug payloads. Business outputs default to 12 months: lead cards, handoff notes, scores, missing fields, contact fields, and campaign snapshots. After deletion or anonymization, only aggregate anonymous metrics should remain.