Privacy Policy

Elevn (“Elevn”, “we”, “us”, or “our”) operates a private, invite-only connection platform for verified professional athletes. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website, join the waitlist, create an account, or use the Elevn platform.

The data we collect depends on how you interact with Elevn:

• Visitors and waitlist: email address when you join the waitlist.
• Account and authentication: email address, password (stored in hashed form), invite code used at sign-up, email verification status, session tokens, and login activity.
• Profile and vetting: bio, profile photo, sport(s), country, career stage, capital range, looking-for tags, application status, and information submitted for manual review. Admin reviewers may add internal notes that are not visible to you.
• Platform activity: connection requests and status, direct messages (text only), read receipts, notifications, abuse reports you submit, and Trust Score calculations including per-component breakdowns.
• Billing: subscription tier, billing status, and payment-related identifiers processed by Stripe. We do not store full payment card numbers on our servers.
• Security and compliance: IP addresses, device and browser information, audit log entries for admin actions, and records needed to investigate abuse or enforce our terms.

We use personal data to:

• Operate invite-only registration, email verification, and account authentication.
• Review applications through our manual vetting workflow and communicate status updates.
• Display member profiles in the directory, calculate and show Trust Scores, and enable connections and messaging between verified members.
• Process subscription payments and manage billing tiers through Stripe.
• Send service emails and in-app notifications (for example, verification links, application decisions, connection requests, and messages).
• Moderate the platform, triage abuse reports, and maintain an immutable admin audit log.
• Protect the security and integrity of Elevn, including rate limiting, fraud prevention, and incident response.
• Comply with legal obligations and enforce our Terms of Use.

Elevn is deliberately built outside regulated financial services. We do not use your data to:

• Facilitate money movement, escrow, or deal closing between members.
• Broker, list, or match securities or investment offerings.
• Provide personalised financial, legal, or tax advice.
• Sell your personal data to third parties.

The only payment flow in the product is your subscription to Elevn itself.

Where UK GDPR applies, we rely on the following legal bases:

• Contract: to provide the platform, process your membership, and deliver features you sign up for.
• Legitimate interests: to keep Elevn secure, prevent abuse, operate manual vetting and moderation, and improve the service — balanced against your rights.
• Legal obligation: where we must retain or disclose data to comply with applicable law.
• Consent: where required for optional communications or non-essential cookies.

We share personal data only as needed to operate Elevn:

• Service providers: hosting, infrastructure, email delivery, error monitoring, and payment processing (including Stripe).
• Other members: once you are an approved member, profile information you choose to provide is visible to other verified members according to platform settings. Messages are visible only to connected members.
• Admins and moderators: internal staff who review applications, handle abuse reports, and enforce community standards.
• Legal and safety: regulators, courts, or law enforcement when required by law or to protect rights, safety, and security.

Processors we use are bound by contractual obligations to protect your data. Where data is transferred outside the UK, we implement appropriate safeguards such as standard contractual clauses.

We retain personal data only for as long as necessary for the purposes described in this policy:

• Active account data is kept while your account remains open and you use the platform.
• If you delete your account, we soft-delete it immediately. Your profile disappears from the directory and member-facing views. After a 30-day grace period, data is purged from primary stores unless we must retain it for legal, security, or dispute-resolution reasons.
• During the grace period, you may recover your account if you change your mind.
• Messages that are deleted use soft-delete semantics and may be retained for a defined period so abuse investigations and compliance obligations can be honoured before hard deletion.
• Admin audit log entries are retained as an append-only record for accountability.
• Database backups are taken at least daily and retained for at least seven days.

We apply technical and organisational measures designed to protect your data, including:

• Encryption in transit (TLS) and encryption at rest for stored data.
• Secrets stored in our hosting provider’s secret manager, not in source code.
• Rate limiting on authentication endpoints and standard web-security hardening, including CSRF protection.
• Role-based access controls for admin functions and immutable audit logging of admin actions.

No system is completely secure. If you believe your account has been compromised, change your password and log out of all active sessions immediately.

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request erasure of your data (you can also delete your account from settings).
• Restrict or object to certain processing.
• Request a portable copy of your data where applicable.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority.

To exercise these rights, use your account settings or submit a request through the platform. We may need to verify your identity before responding.

Elevn is intended for verified professional and collegiate athletes. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, contact us and we will take appropriate steps to delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on this page and update the “Last updated” date. Where appropriate, we will also notify you by email or in-app notice.

For privacy questions, data-access requests, or to report a concern, email us at info@elevenhub.com. We aim to respond within a reasonable timeframe and may request verification of your identity before responding.

Please also read our Terms of Use and Cookie Policy.