Data Security & Compliance at Elly Analytics

At Elly Analytics, we prioritize the security, integrity, and privacy of client data across all touchpoints. Our infrastructure and internal practices are designed to meet the standards expected by financial institutions, healthcare organizations, and enterprise clients.

We operate with transparency and precision across all stages of the data lifecycle — from collection and storage to access and deletion.

Privacy-First Data Collection, Storage & Transmission

We collect data strictly with client permission and only for the purposes of delivering analytics and optimization services.

By default, we:

  • Avoid collecting personally identifiable information (PII)

  • Use hashed or anonymized user IDs where possible

  • Do not collect sensitive device identifiers such as IP or MAC addresses

Where web analytics platforms are involved, cookies may be used depending on the platform’s configuration and the consent framework implemented by the client.

We support two standard data configurations:

1. Anonymized Data Setup (Default)

We work primarily with anonymized identifiers — such as Google Client IDs or CRM user IDs — and avoid the use of names, emails, or phone numbers unless explicitly required.

2. Personal Data Setup (Optional)

When specific reporting needs require identifiable information (e.g., user-level breakdowns), we can work with names or contacts. In these cases:

  • Data is encrypted or hashed where appropriate

  • Personally identifiable fields are logically isolated

  • Access is strictly restricted and monitored

Types of Data We Process

Depending on the project, we may work with two broad data categories:

A) Behavioral / Attribution Data

Clickstream events (from Google Analytics, Meta Ads, etc.)

Campaign tags and UTM parameters

Funnel progressions and goal completions

B) Transactional / CRM Data

Lead form completions and statuses

Customer segmentation

Purchase amounts or custom client tags

All data is processed in client-specific isolated environments and never shared across accounts.

Secure Storage Architecture

Each client’s data is stored in a dedicated Microsoft SQL database

Hosting is region-specific: US or UK by default

Option to deploy on client infrastructure (subject to technical validation)

Data at rest is stored in an encrypted manner using industry-standard protocols

Access Management

Access limited to the assigned project team (3–7 members)

Enforced via credentials and IP whitelisting

Role-based permissions restrict exports, connectors, and dashboards

PowerBI Row-Level Security can be applied on request

Network is protected by a firewall to prevent unauthorized access and mitigate external threats.

Data Deletion on Request

We offer complete data removal upon request, including:

  • Deletion of databases and backups

  • Removal of PowerBI files and export pipelines

  • Formal confirmation upon completion

Data Recovery

We do not store raw data long-term — reports are rebuilt from integrated platforms

Daily encrypted backups are maintained separately for recovery scenarios

Data Usage and Client Control

All data usage at Elly Analytics is governed by transparency, purpose limitation, and client control. We use data solely:

  • To deliver agreed-upon analytics services

  • To develop or improve internal tools (if permitted)

  • To generate optional aggregated benchmarks (de-identified)

We do not:

  • Sell client data

  • Share data with ad exchanges or data brokers

  • Enrich third-party datasets

Clients retain full control over what is collected, stored, and reported — and we will never use or disclose data beyond the scope explicitly authorized.

If required for fulfilling contractual obligations, any data transmitted over the network is sent only in an encrypted manner.

HIPAA & Industry Compliance

Elly Analytics is committed to protecting the privacy and security of protected health information (PHI) in accordance with the HIPAA Privacy and Security Rules.

Our compliance framework includes:

  • Appointed HIPAA compliance officer and regular employee training

  • Physical and technical safeguards for systems storing or processing PHI

  • Business Associate Agreements (BAAs) with relevant third parties

  • Incident detection and breach notification protocols

HIPAA Compliance Statement

Download (PDF)

Summary

We embed security and privacy into every level of our platform and services. Our clients can trust that their data — whether anonymized or structured — is handled with care, transparency, and compliance.

Questions? Contact us at

security@ellyanalytics.com

This page reflects Elly Analytics' current data handling practices and is based on our internal policies and compliance documentation. For custom security requirements or documentation requests, please contact us directly.