EVA

Legal

Privacy Policy

Last updated: March 18, 2026

1. Introduction

EVA+ AI, Inc. (“EVA+”, “we”, “us”, or “our”) operates the EVA+ platform — an AI-powered influencer intelligence platform for enterprise marketing teams. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our platform at app.evaplus.ai and related services.

By accessing or using EVA+, you agree to this Privacy Policy. If you do not agree, please discontinue use of the platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, organization name, and password (stored as a cryptographic hash).

2.2 Platform Usage Data

We collect information about how you use the platform: pages visited, features used, search queries, AI interactions, reports generated, and timestamps of activity. This helps us improve the product and provide personalized AI responses.

2.3 Creator and Campaign Data

You may input data about social media creators, campaigns, and marketing performance. This data is stored on your behalf and used to power EVA+ analytics and AI features.

2.4 Automatically Collected Data

We automatically collect IP address, browser type, device information, and session data via standard web technologies. We use PostHog for product analytics and Sentry for error monitoring.

3. How We Use Your Information

  • Provide, operate, and improve the EVA+ platform
  • Power AI features including creator scoring, campaign analytics, and EVA chat
  • Send transactional emails (account confirmations, billing receipts, alerts)
  • Respond to support requests and communicate platform updates
  • Monitor for security threats and prevent fraud
  • Comply with legal obligations
  • Analyze aggregate usage patterns to improve product quality

We do not sell your personal information to third parties.

4. Data Sharing

We share data only in these circumstances:

  • Service providers: AWS (infrastructure), Stripe (billing), PostHog (analytics), Sentry (error monitoring), SendGrid (email). Each is bound by data-processing agreements. See our full sub-processor list.
  • Legal compliance: When required by law, court order, or government request.
  • Business transfer: In connection with a merger, acquisition, or sale of assets (with notice to you).

4a. Data Processing Agreements

Enterprise customers who require a Data Processing Agreement (DPA) in accordance with GDPR Article 28 may request one by emailing privacy@evaplus.ai. EVA+ offers standard DPA terms covering sub-processor obligations, data breach notification timelines (72 hours), and cross-border transfer mechanisms including Standard Contractual Clauses (SCCs).

5. Data Security

EVA+ uses industry-standard security measures: AES-256 encryption at rest via AWS KMS, TLS 1.2+ in transit, VPC network isolation, IAM least-privilege access controls, and regular security audits. We maintain SOC 2-aligned practices.

Despite these measures, no system is completely secure. We encourage you to use a strong password and enable multi-factor authentication in your account settings.

6. Data Retention

We retain your account data for as long as your account is active or as needed to provide services. After account deletion, we remove personal data within 30 days, except where retention is required for legal, tax, or audit purposes (up to 7 years for financial records).

7. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your personal data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit processing in certain circumstances
  • Opt-out (CCPA): Opt out of sale of personal information (we do not sell personal data)

To exercise these rights, visit Settings → Security or email privacy@evaplus.ai.

8. Cookies

We use essential cookies for authentication and CSRF protection. We use analytics cookies (PostHog) to understand platform usage. You can opt out of non-essential cookies via our Cookie Policy page.

9. Children's Privacy

EVA+ is not directed at children under 16. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 16, we will delete it promptly.

10. International Transfers

Your data is processed primarily in the United States (AWS us-east-1). We transfer data internationally using Standard Contractual Clauses and other appropriate safeguards.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you by email or in-platform banner for material changes. Continued use after changes constitutes acceptance.

12. Contact

For privacy questions or to exercise your rights:
Email: privacy@evaplus.ai
Address: EVA+ AI, Inc., Los Angeles, CA · For postal correspondence, email us at privacy@evaplus.ai for our current mailing address.