legal

Terms of Use

Last updated: 2026-05-03

This Privacy Policy explains how Ellipsis & Co ("Ellipsis", "we", "us", "our") collects, uses, discloses and protects personal information through our marketing site (ellipsisand.co), member dashboard (app.ellipsisand.co), AI chat experience (chat.ellipsisand.co) and underlying API (api.ellipsisand.co).

We comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and, where applicable to New Zealand visitors, the Privacy Act 2020 (NZ).

1. Information we collect

Information you provide

  • Account details — first name, last name, email address, password (stored as a bcrypt hash; we never see the plain-text password).
  • Profile data — optional fields such as job title, organisation, country and preferences.
  • Vendor application and listing data — company name, website, LinkedIn, logo, description, markets, categories and other listing fields submitted by vendor account holders.
  • Watchlist activity — vendors you save to your watchlist.
  • Support correspondence — emails, form submissions and any other communications you send us.
  • Chat messages — prompts and responses exchanged with the AI chat experience, plus any feedback you give on a response.

Information we collect automatically

  • Authentication state — short-lived JWT access tokens kept in memory and a long-lived refresh token in an httpOnly cookie scoped to .ellipsisand.co, used to keep you signed in across the marketing site, dashboard and chat experience.
  • Product analytics — page views, button clicks, vendor card interactions and similar events captured via PostHog. PostHog uses a cross-subdomain cookie so we can recognise the same visitor across ellipsisand.co, app.ellipsisand.co and chat.ellipsisand.co.
  • Device and connection metadata — IP address, user agent, language, referrer, approximate location derived from IP, and timestamps. Used for security and abuse prevention.
  • Logs — structured request and error logs from the API and frontends for diagnostics. Logs include request method, path, response status, user ID (if signed in) and latency.

Information from third parties

  • Stripe — for paid vendor plans, Stripe handles card capture and sends us subscription status, plan, and billing identifiers. We never store full card numbers.
  • Public sources — for the public vendor directory we may reference publicly available information about a company (website, LinkedIn page, market presence). Vendors can claim and edit their listing through a vendor account.

2. How we use information

  • Provide, operate and improve the Services.
  • Authenticate you, prevent abuse and protect account security.
  • Respond to enquiries and customer support requests.
  • Process vendor applications, listing submissions and amendments.
  • Process subscription payments via Stripe.
  • Send transactional emails (password resets, application status changes, billing receipts) via Resend.
  • Send the monthly market update email to subscribers (you can unsubscribe at any time).
  • Generate aggregate analytics on directory usage and content performance.
  • Improve AI chat quality (prompts and responses may be reviewed in aggregate).
  • Comply with legal obligations and enforce our Terms.

3. Cookies and similar technologies

We use cookies and similar storage to:

  • Keep you signed in (authentication refresh cookie, scoped to .ellipsisand.co, httpOnly, Secure, SameSite=Lax, 7-day expiry).
  • Identify the same visitor across our subdomains for analytics (PostHog cross-subdomain cookie).
  • Remember preferences (display settings, dismissals).

You can clear cookies through your browser; doing so will sign you out and reset analytics identification.

4. How we share information

  • Service providers — Stripe (payments), Resend (transactional email), PostHog (analytics), Neon (Postgres database hosting), Render (API hosting), Vercel (frontend hosting), Webflow (marketing site and CMS), Cloudinary or Webflow Assets (image hosting). Each provider only receives the data needed to perform its function and is contractually required to protect that data.
  • Vendors — when you save a vendor to your watchlist or interact with a paid vendor's listing, anonymised aggregate metrics may be shared with that vendor. We do not share your name or email with vendors unless you explicitly contact them through a form.
  • Legal — where required by law, court order or to protect the rights, safety or property of Ellipsis, our users or the public.
  • Business transfers — in connection with a merger, acquisition or sale of assets, subject to confidentiality undertakings.

We do not sell personal information.

5. Data location and retention

Personal information is stored on infrastructure operated by our hosting providers. The primary database (Neon) is configured with a region close to our primary user base. Some service providers (PostHog, Vercel, Stripe) operate globally; data may be processed in jurisdictions outside Australia.

We retain personal information for as long as needed to provide the Services and meet our legal obligations. Specifically:

  • Account records — while your account is active, plus 24 months after closure for audit and dispute resolution.
  • Billing records — at least 7 years (Australian tax law).
  • Logs — typically 90 days, longer for security incidents.
  • Watchlist data — until you remove an item or close your account.
  • Chat transcripts — up to 12 months for service-improvement review, then aggregated or deleted.

6. Security

We use TLS for all traffic, bcrypt for password hashing, JWT with short expiry for access tokens, httpOnly cookies for refresh tokens, role-based access controls in the API, and structured audit logs for sensitive actions. We restrict production database access to a small operations team and review access regularly.

No security model is perfect. If you suspect unauthorised activity on your account, reach us immediately via our contact page.

7. Your rights

Depending on where you live you may have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate or out-of-date information (most fields are editable in the dashboard).
  • Request deletion of your account and associated personal information.
  • Object to or restrict certain processing.
  • Port your data in a structured, machine-readable format.
  • Withdraw consent for non-essential processing (e.g. opt out of marketing emails).

To exercise any right, get in touch via our contact page. We will respond within 30 days.

8. Children

The Services are not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

9. Marketing communications

You can unsubscribe from the monthly market update or any marketing email at any time through the unsubscribe link in the email or by updating preferences in your dashboard. Transactional emails (password resets, billing receipts, application status) are required to operate the Services and cannot be opted out of.

10. Changes to this policy

We may update this Privacy Policy. Material changes will be notified through the Services or by email. The "Last updated" date at the top of this policy reflects the latest revision.

11. Contact

Privacy questions, requests, or complaints: please use our contact page.

If you are not satisfied with our response you may lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au) or, in New Zealand, the Office of the Privacy Commissioner (privacy.org.nz).

Last updated: 2026-05-03

Welcome to Ellipsis & Co ("Ellipsis", "we", "us", "our"). These Terms of Use govern your access to and use of our marketing site (ellipsisand.co), member dashboard (app.ellipsisand.co), AI chat experience (chat.ellipsisand.co) and underlying API (api.ellipsisand.co), together with any related services (the "Services"). By accessing or using the Services you agree to these Terms.

1. Who we are

Ellipsis & Co is a customer loyalty consultancy operating in Australia and New Zealand. We publish a public directory of loyalty technology vendors, market intelligence, case studies and editorial content. Some content is freely available; other content is gated behind a member account or paid vendor listing.

2. Eligibility and accounts

You must be at least 18 years old and capable of entering a binding contract to register. When creating an account you agree to provide accurate information, keep your credentials secure, and notify us promptly of any unauthorised use.

There are two account types:

  • Member accounts — free. Provides access to the directory, watchlist, market updates and account settings.
  • Vendor accounts — additive on top of a member account once an application is approved. Allows the account holder to manage a vendor listing, submit listing changes and (on paid plans) access featured placement and analytics.

3. Acceptable use

You agree not to:

  • Use the Services to violate any applicable law or regulation.
  • Submit content that is unlawful, defamatory, infringing or misleading.
  • Attempt to access another account, system or data without authorisation.
  • Scrape, copy or redistribute the directory or market intelligence content for competitive purposes.
  • Reverse engineer, probe or stress-test the Services.
  • Use the AI chat experience to generate content that is illegal, harmful, or that infringes third-party rights.

4. Vendor listings and submissions

Approved vendors may submit and amend listing details (description, website, logo, market and category tags, etc.) through the dashboard. By submitting content you grant Ellipsis a non-exclusive, royalty-free licence to publish and display that content on the Services. We may decline, edit or remove submissions that fail editorial review or that don't meet directory standards.

Featured or paid placements are subject to the plan you have purchased and the additional terms presented at checkout. Stripe is the payment processor; we do not store full card details.

5. AI chat experience

The chat experience may use third-party large language models. Outputs are generated programmatically and may be inaccurate, incomplete or out of date. You must not rely on chat outputs as professional advice. Conversations may be retained to improve service quality, subject to the Privacy Policy.

6. Market updates and editorial content

Market updates, perspectives, blog articles and case studies are provided for general information only. They reflect the views of the authors at the time of publication and are not investment, legal or commercial advice. Some items link to third-party publications; we are not responsible for the content or availability of those external sites.

7. Intellectual property

The Services and all content (other than user-submitted content) are owned by or licensed to Ellipsis. Vendor logos and trademarks remain the property of their respective owners. Nothing in these Terms transfers ownership of any intellectual property to you.

8. Subscription and billing

Vendor plans are billed in advance via Stripe. Subscriptions auto-renew unless cancelled before the renewal date through the billing portal in your dashboard. Fees are non-refundable except where required by law.

9. Termination

You may close your account at any time from the dashboard. We may suspend or terminate accounts that violate these Terms, that present a security risk, or that are used to operate competing directory services. Upon termination, vendor listings created under that account may be retained as part of the public directory.

10. Disclaimers

The Services are provided "as is" and "as available". To the maximum extent permitted by law, Ellipsis disclaims all warranties, express or implied, including warranties of merchantability, fitness for a particular purpose and non-infringement.

11. Limitation of liability

To the maximum extent permitted by law, Ellipsis will not be liable for any indirect, incidental, special, consequential or punitive damages arising from your use of the Services. Our total aggregate liability will not exceed the greater of (a) AUD $100 or (b) the fees you paid Ellipsis in the twelve months preceding the event giving rise to the claim.

12. Governing law

These Terms are governed by the laws of New South Wales, Australia. The courts of New South Wales have exclusive jurisdiction over any dispute arising from these Terms or the Services.

13. Changes

We may update these Terms from time to time. Material changes will be notified through the Services or by email. Continued use of the Services after the effective date of an update constitutes acceptance.

14. Contact

Questions or notices: please get in touch via our contact page.

Helping brands optimise their loyalty programmes with better data, smarter tools, and real results.
Pages
HomeAboutCase StudiesNewsletterContact
PLATFORM
Login
Ellipsis AI
Legal
Privacy Policy
Terms of Use
© 2026 elipsis, all rights reserved
Ellipsis provides loyalty programme consulting, technology, and data intelligence services. Our platform and tools are intended for business use only. Results may vary based on programme design, market conditions, and implementation. Ellipsis is not responsible for outcomes arising from third-party integrations or vendor relationships. All trademarks referenced are property of their respective owners.