Privacy Policy
Elyptis AI (“Elyptis,” “we,” or “us”) is an AI-powered lead-response service for real estate professionals, operated by Jacobe Delcastillo, a sole proprietorship based in Port St. Lucie, Florida. The service connects to an agent’s email and calendar to reply to inbound leads, qualify prospects, and book demo or showing slots; a separate SMS module (shipping within 30 days of LLC formation) provides missed-call auto-response. This policy explains what information we collect, how we use it, how we protect it, and the choices you have.
What this service does
Real estate agents subscribe to Elyptis to handle inbound prospects automatically. The service operates in two parts:
- Email and web-form lead-response (live). Elyptis connects to the agent’s Gmail or Google Workspace account and reads new inbound leads from a contact form on the agent’s site, then sends a personalized reply within minutes that asks short qualifying questions on the agent’s behalf. When a prospect’s responses indicate they are ready to talk, Elyptis offers calendar slots and books a demo or showing on the agent’s calendar. The agent receives a daily briefing summarizing leads and next actions.
- SMS missed-call auto-response (ships within 30 days of LLC formation). When a prospect calls a phone number listed by an agent who uses Elyptis and the call goes unanswered, Elyptis sends a single transactional SMS within about 60 seconds. If the prospect replies with consent, Elyptis conducts a short qualifying conversation by SMS and offers to schedule a callback.
In both modes, the AI assistant identifies itself as an AI and only contacts people who initiated the interaction with the agent’s business.
Workspace API data (Gmail and Calendar)
For the email and web-form lead-response service, real estate agents who use Elyptis grant us limited, scope-restricted access to their Google Workspace account through Google’s OAuth flow:
- Gmail (
gmail.sendscope only) — we send mail on the agent’s behalf from the address they authorize. We do notread the agent’s inbox, search for messages, modify labels, or access any other email content. - Calendar (
calendar.events+calendar.freebusyscopes) — we read free/busy time blocks to find available demo slots, and we create new events when a prospect books. We do not read the titles, descriptions, attendees, or content of existing events beyond what is required to confirm a candidate slot is still free at booking time.
Use of Workspace API data is strictly limited to providing or improving the user-facing features of the Elyptis lead-response service. We do not use Workspace API data for advertising, do not transfer it to third parties except as necessary to provide or improve user-facing features, do not use it for any non-user-facing purposes, and do not allow humans to read it except (a) with the agent’s specific opt-in consent, (b) for security or to comply with applicable law, or (c) where the data is aggregated and used for internal operations consistent with the Google API Services User Data Policy.
Agents can revoke either OAuth grant at any time from their Google Account settings (Security → Third-party apps with account access). Revocation immediately and permanently stops the service’s access to that data.
Who we collect information from
We only exchange messages with people who initiated contact with a business that uses Elyptis — by placing a phone call, submitting a form, or replying to an existing thread. We do not cold-text, purchase phone number lists, or scrape contact data from the internet.
What we collect
- Phone number of the person who called or messaged the business.
- Call metadata (time, duration, whether it was answered) passed from the phone carrier to the service.
- SMS conversation content exchanged through our service, including your replies to qualifying questions.
- Timestamps of each message for service diagnostics and compliance logging.
We do not collect Social Security numbers, financial account numbers, government IDs, geolocation data, or health information.
How we use it
- To send a single automated reply to your missed call.
- To conduct a short qualifying conversation on the business’s behalf.
- To deliver the information you shared to the business you contacted.
- To honor opt-out requests (STOP) and respond to help requests (HELP).
- To maintain service reliability, diagnose technical issues, and meet our legal and carrier-compliance obligations.
Who we share it with
We share your conversation content and contact information with the specific business you contacted. That is the entire purpose of the service.
We also rely on the following service providers who process data on our behalf:
- Twilio — SMS delivery and phone infrastructure.
- Anthropic — AI model that generates qualifying questions and responses.
- Google — Email (Google Workspace) and Calendar (for booking).
- Notion — conversation logs, lead records, and CRM storage.
- Cloudflare — hosting and network infrastructure.
Data protection mechanisms
We apply the following technical and organizational measures to protect Workspace API data, conversation content, and other sensitive information:
- Encryption in transit. All connections to Google APIs and to Elyptis services use TLS 1.2 or higher. Our webhook host (
webhook.elyptis.ai) is served exclusively over HTTPS via Cloudflare. - Encryption at rest. OAuth tokens and configuration files stored on the Elyptis production server are written to encrypted block storage. Conversation records and lead data are stored in Notion. Backups are encrypted at rest.
- Per-tenant credential isolation.Each agent’s OAuth tokens are stored in a per-tenant directory on the server, accessible only to the Elyptis service account. One agent’s credentials cannot be used to access another agent’s data.
- Least-privilege OAuth scopes. We request the narrowest scopes that allow the service to function:
gmail.send(send-only, no inbox access),calendar.events(create events), andcalendar.freebusy(read availability). We do not request broader scopes such asgmail.modifyorgmail.readonly. - Access controls. Only Jacobe Delcastillo, as operator of Elyptis, has access to the production server and to OAuth tokens. We do not share credentials with subcontractors or third parties.
- No use for AI training. Workspace API data and lead conversation content are not used to train, fine-tune, or evaluate any AI model. The Anthropic API calls we make use the Claude inference endpoint only; no data is retained by Anthropic for training under our API terms.
- Retention and deletion.OAuth tokens are retained for the duration of the agent’s subscription. Upon cancellation or OAuth revocation, tokens and all derived data are deleted from the production server within 30 days, except where retention is required by law.
- Incident response. If we become aware of a security incident affecting Workspace API data or other sensitive information, we will notify affected agents by email within 72 hours of discovery and provide details of the incident, the data affected, and remediation steps.
SMS consent, opt-out, and rates
Consent to receive SMS from Elyptis is collected through a two-step flow. Step 1: you call a phone number publicly listed by a business that subscribes to Elyptis with a clear AI-assist disclosure (see our consent flow walkthrough). Step 2: when your call goes unanswered, Elyptis sends one transactional SMS asking you to Reply YES (or Y, START) to schedule a callback. No further messages are sent unless you reply with one of those keywords. Elyptis does not send marketing or promotional messages.
Mobile information — data sharing. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All other categories of personal information exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
- Reply STOP to any message to end the conversation immediately. You will receive a single confirmation message and no further texts. Other accepted opt-out keywords: STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT, REVOKE, OPTOUT.
- Reply HELP (or INFO) to receive contact information for Elyptis and the business.
- Reply YES (or Y, START) to opt in to the callback-scheduling conversation after the initial transactional reply.
- Message frequency. Up to 5 transactional SMS messages per missed-call event. We do not send recurring or marketing SMS.
- Msg & data rates may apply. Standard carrier messaging rates apply to any SMS you send or receive.
- Quiet hours. We do not send messages between 9 PM and 8 AM local time.
How long we keep it
Conversation logs are stored for the duration of the business’s subscription to Elyptis, plus up to 90 days for compliance and dispute resolution. If the business cancels, or if you ask us to delete your information, we remove it within 30 days except where retention is required by law.
Your rights
You can request a copy of the information we have about you, ask us to correct or delete it, or ask us to stop processing it, by emailing Jacobe@elyptis.ai. We respond within 30 days.
Children
Elyptis is not directed at children under 13, and we do not knowingly collect information from them. If you believe a child has contacted us, email Jacobe@elyptis.ai and we will delete the information.
Changes to this policy
If we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify subscribed businesses by email. Continued use of the service after changes means you accept the revised policy.
Contact
Elyptis AI
Operated by Jacobe Delcastillo
Port St. Lucie, Florida
Email: Jacobe@elyptis.ai
Phone: (772) 207-6051