How eleso collects, uses, and protects your information.
eleso ("we," "our," "us") is a compliance management platform for laser show professionals operated by Alstergee, LLC, a Utah limited liability company. The platform is available at eleso.app.
Questions about this policy may be directed to hello@eleso.app.
When you register, we collect your name, email address, company name, and a password. Passwords are stored as a bcrypt hash — we never store or transmit plaintext passwords.
If you authenticate via Google, we receive your name, email address, and profile picture from Google's OAuth service. We do not receive or store your Google password.
Information you enter about your laser shows, equipment, venues, crew members, safety checklists, generated compliance forms, and annual reports. This is your operational data — we store it solely to provide the service to you.
Documents you upload (variance letters, insurance certificates, safety plans, floor plans, FAA/FDA correspondence, etc.) are encrypted on disk using AES-256-GCM at the time of upload and stored in access-controlled directories not accessible via direct URL. See Section 5 for full details on our encryption model.
Basic server logs including IP address, browser type, and pages accessed. We use this data only for security monitoring and service operation. We do not use third-party analytics, advertising, or tracking scripts.
| Purpose | Legal Basis |
|---|---|
| Providing, operating, and maintaining the platform | Performance of contract |
| Authenticating your identity and securing your account | Performance of contract / Legitimate interest |
| Generating compliance reports, safety packages, and calendar feeds | Performance of contract |
| Sending deadline reminders and compliance alerts (if enabled) | Performance of contract / Consent |
| Responding to support requests | Legitimate interest |
| Security monitoring and fraud prevention | Legitimate interest |
We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes.
If you grant another user editor or viewer access to a show, that user can see the show's data, equipment assignments, crew information, and uploaded documents. You control who has access at all times.
We do not share your data with advertisers, data brokers, analytics providers, or any third party for commercial purposes.
We may engage third-party service providers (e.g., hosting infrastructure) who process your data solely on our behalf under written agreements that prohibit them from using your data for their own purposes.
We may disclose information when required to do so by valid legal process — such as a subpoena, court order, or regulatory directive — or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Alstergee LLC, our users, or the public.
Your data is stored on servers located in the United States. We implement the following technical and organizational security measures:
Note on encryption model: The encryption described above is server-side encryption at rest. The server decrypts your data when needed to provide platform features such as rendering your dashboard, auto-populating forms, and generating PDF reports. This is the standard architecture for SaaS applications that process your data on your behalf. It protects your data from unauthorized disk-level or database-level access, but differs from client-side or "zero-knowledge" encryption where the operator has no ability to access plaintext data.
No security system is impenetrable. In the event of a data breach likely to result in a risk to your rights or freedoms, we will notify you and applicable regulators as required by law.
You may permanently delete individual uploaded files at any time using the Files menu within your account. Deleted files are removed immediately and cannot be recovered. We do not retain copies of files you delete.
Compliance records — including show reports, safety checklists, and uploaded documents — that you do not delete are retained for a minimum of 5 years from the date of creation, in alignment with FDA/CDRH record retention requirements applicable to laser product operators.
Account deletion is immediate and permanent. When you request account deletion, all data associated with your account — including your profile, compliance records, show data, and uploaded files — is deleted immediately and cannot be recovered. There is no grace period.
To request account deletion, contact us at hello@eleso.app.
View and export all data in your account at any time.
Edit your profile and compliance data directly within the platform.
Account deletion is immediate and permanent. Export your data first — it cannot be recovered after deletion.
Export your show data, checklists, and reports in standard formats.
Object to processing of your data based on legitimate interest.
Request restriction of processing while a deletion or correction request is pending.
California residents may have additional rights under the California Consumer Privacy Act (CCPA). To exercise any rights, contact us at hello@eleso.app.
We use a single session cookie to keep you logged in during your browser session. This cookie contains no personally identifiable information beyond a session identifier.
We do not use tracking cookies, advertising cookies, analytics cookies, or any third-party cookie services. No cookie consent banner is required because we use only strictly necessary cookies.
eleso is a professional compliance tool for licensed laser safety officers. The platform is not intended for, and does not knowingly collect information from, individuals under 18 years of age. If we become aware that a minor has created an account, we will promptly delete the account and associated data.
The platform is operated from the United States and is primarily intended for users in the U.S.
Users in the European Economic Area should be aware of this difference in data protection standards. We implement contractual safeguards where required by applicable law.
We may update this Privacy Policy from time to time. When we do, we will post the revised policy on this page with an updated effective date. For material changes, we will make reasonable efforts to notify you via email to the address associated with your account.
Continued use of the platform after a change is posted constitutes your acceptance of the revised policy.
Questions, requests, or concerns about this Privacy Policy?
Alstergee, LLC
Email: hello@eleso.app
Platform: eleso.app