Transparency · Privacy commitment
Our privacy commitment. A living document.
This is the plain-English version of what the Foundation will and will not do with your data. It is written as a commitment, not a policy wall. The legal version lives at /legal/privacy. Both are binding. If ever the two appear to disagree, the one that protects you more wins.
These commitments are locked into the Foundation charter. A future board cannot quietly unwind them.
- Voice
- Plain English
- Legal version
- /legal/privacy
- Charter status
- Locked
- Review
- Published changes, logged
Commitment 1
No behavioral advertising. Ever.
No third-party ad networks. No display ads. No retargeting pixels. No ad identifiers. The product is not an ad surface and will not become one. The charter forbids it.
Commitment 2
No selling of individual user data.
We do not license, sell, or otherwise trade individual user records. Aggregated, anonymised research happens only with explicit opt-in, under review by an independent research committee, governed by an IRB where applicable.
Commitment 3
No dark patterns.
No manufactured urgency. No roach motels. No confirm-shaming. No pre-checked opt-ins for surveillance features. No engagement loops designed to maximise time on device. If we ship a design that feels manipulative, we treat it as a bug.
Commitment 4
Encryption at rest and in transit. End-to-end where possible.
All traffic is TLS-encrypted. All data at rest is encrypted on disk. Circle messaging, in particular, is designed for end-to-end encryption so only the participants can read it. Where end-to-end is not yet feasible (AI companion context, moderation review), we document the exception and the reason.
Commitment 5
Annual transparency report.
Every year the Foundation publishes a transparency report covering government data requests, accounts affected, moderation enforcement by category, and safety incidents. The first report publishes at year one of operation. Details are on the reports page.
If we receive a request we cannot legally disclose even the existence of, a warrant canary on the reports page will go silent on its normal cadence. That silence is its own signal.
Commitment 6
Right to export. Right to delete. Honoured with real work.
Export gives you a full, portable, machine-readable copy of everything we hold. Delete is final, not a hidden soft-delete flag. Backups roll off on a published schedule and deletion propagates through them. We consider both rights first-class and build for them, not around them.
How to exercise your rights
One inbox, one person, one SLA.
Every request below is routed to a staff address read by a person. We acknowledge within three business days and complete within the timelines below. Anonymised metrics on request volume and completion appear in the annual transparency report.
In-product
Settings → Privacy offers export, deletion, correction, and a data-practices viewer. This is the fastest path and should work for almost everyone.
By email
Write to hello@elitesgen.org. A human replies. Reference the right you want to exercise; include any account identifiers you can.
Export SLA
Delivered within 14 days. A notification is sent when the archive is ready, and it is available for download for 30 days.
Deletion SLA
Immediate in the live system. Full propagation through backups within 90 days. A completion confirmation is sent when the last copy is gone.
Correction SLA
Within 14 days. For contested corrections, the Foundation explains the evidence it used; you have the right to add a note to the record.
If something goes wrong
If a request is not honoured on the stated timeline, write to the Board at hello@elitesgen.org. Concerns that reach the Board are logged and summarised in the annual transparency report.
Read the full policy.
The legal privacy policy is written for compliance. This page is written for you. Both are enforced.