Product Privacy Policy

We at Evai (and its Affiliates) are committed to protecting your privacy. This Product Privacy Policy applies to your use of the Evai Subscription Service as a customer of Evai (and its Affiliates listed on this page). This Product Privacy Policy describes how we collect, receive, use, store, share, transfer, and process your Personal Data. It also describes your choices regarding use, as well as your rights to access and correct your Personal Data. This includes the information we collect during payment processing in fiat and Evai Tokens, and identity verification, where required by applicable laws. 

This Product Privacy Policy also describes how we process Customer Data on behalf of our customers in connection with the Evai Subscription Services. This Product Privacy Policy does not apply to any information or data collected by Evai as a controller for other purposes, such as information collected on our websites or through other channels for marketing purposes. 

Evai processes Customer Data under the direction of our Customers and has no direct control or ownership of the Personal Data we process on behalf of our customers. Customers are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the Personal Data to Evai for processing purposes. Terms not otherwise defined herein shall have the meaning as set forth in the Evai Customer Terms of Service. In the event of a conflict between this Product Privacy Policy and the Customer Terms of Service, the terms of the Customer Terms of Service will control.

We periodically update this Product Privacy Policy. We will post any changes on this page and, if the changes are material, we will provide an update through the notification app in your Evai account.

How we Share Information we Collect

With Service Providers

We employ other third-party service providers to provide services on our behalf to visitors to our websites, our customers, and Users of the Subscription Service. We may need to share your information with them to provide information, products, or services to you. This includes analytics vendors (such as Google Analytics).

Examples may include removing repetitive information from prospect lists, analyzing data or performing statistical analysis, hosting providers, providing marketing assistance, processing credit card payments, supplementing the information you provide us in order to provide you with better service, supporting our token-based services and subscription management infrastructure, and providing customer service or support. Where you pay using Evai Tokens or other cryptoassets, your transaction data may be processed by smart contract infrastructure or token gateway providers under separate terms.

These service providers are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your information. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and customer data handling policies.

Examples of these third-party service providers can be found on this page.

Due to Corporate Events

If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Evai on the websites and the Subscription Service. This may include your name, email, phone number, other contact information, Subscription status, and data associated with your use of analytics (including Google Analytics), token rating features, and payment records.

In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Data, and choices you may have regarding your Personal Data. Where required under applicable data protection laws, we will ensure the acquiring entity assumes all obligations for lawful processing and will provide you with an opportunity to object, delete, or transfer your Personal Data prior to finalisation of the transaction.

In accordance with Compelled Disclosure

We reserve the right to use or disclose your Personal Data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process. Where feasible and not legally prohibited, we will provide you with advance notice of any such disclosure, so that you may seek protective measures.

Evai Product Specific Privacy Disclosures

  1. All Product Tiers
  2. Third Parties. These may include blockchain data explorers, crypto payment processors, token platforms, and third-party analytics providers.

We may provide links within our sites and services to the sites or services of third parties. We are not responsible for the collection, use, monitoring, storage or sharing of any Personal Data by such third parties, and we encourage you to review those third parties’ privacy notices and ask them questions about their privacy practices as they relate to you.

Unless expressly stated otherwise, our Privacy Policy does not apply to third-party platforms or services, and we do not act as a controller or processor for data collected outside of our infrastructure.

Google Integrations

If you choose to integrate your Gmail or any other G Suite application with the Subscription Service, you may use the following integrations and allow Evai access to your Google user data.

Such integrations may include access to your email metadata (e.g., sender, recipient, subject line), calendar events, and contact information, depending on the permissions you grant.

By enabling these integrations, you explicitly authorise Evai to access and process this Google user data solely for the purposes of providing and improving the Subscription Service functionality, such as analytics insights or service notifications.

Evai’s access and use of data received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Additionally, any Personal Data processed through such integrations will be handled in accordance with our DPA and applicable data protection laws.

Gmail Integration

If you connect your Gmail account via IMAP (or Generic Inbox Connection), the Subscription Service will have access only to the email address, password, server information, email metadata, and message bodies. Such access is used exclusively for features within the Subscription Service, such as content analytics or service notifications.

Additionally, connecting your Gmail account via IMAP does not require you to connect any other G Suite applications. All data retrieved from Gmail via IMAP will be processed and stored in compliance with the DPA, and subject to technical and organisational safeguards as required under the applicable laws.

Data Practices and Service Data

We automatically collect metrics and information about how Users interact with and use the Subscription Service. We use this information to develop and improve the Subscription Services and the Consulting Services, and to inform our sales and marketing strategies. We may share or publish this service data with third parties in an aggregated and anonymized manner, but we will not include any Customer Data or identify Users. Where required by law, we will obtain your prior consent for the collection or sharing of such analytics.

If you access the Subscription Services via our mobile applications, we may also collect your device model and version, device identifier, and OS version. We may send you push notifications from time to time to keep you updated about events or promotions. If you no longer wish to receive such communications, you may turn them off at the device level. Any Personal Data collected from mobile devices is subject to the safeguards outlined in our DPA and Privacy Policy.

We use Customer Data in an anonymized manner for machine learning that supports certain product features and functionality within the Subscription Service. Such processing is carried out strictly in accordance with the principles of data minimisation and purpose limitation under applicable privacy laws.

When you use the Subscription Service, we automatically collect log files. These log files contain information about a Users’ IT system, a User’s IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times, and referring website addresses. We use this information to ensure the optimal operation of the Subscription Service and for security purposes. We may link log files to Personal Data such as name, email address, address, and phone number for these purposes. Where log data is linked to Personal Data, we ensure it is retained for no longer than necessary, subject to strict access controls and security protocols.

You can log in to our site using a Single Sign-on (SSO) service like your Google account. This service will authenticate your identity and provide you with the option to share certain Personal Data with us, such as your name. Such authentication data is used exclusively for access control and account management in line with our obligations under the applicable legislation.

Token-Related Disclosures

Token Payment Data

We may collect limited Personal Data in connection with payments made using cryptoassets, including EVAI Tokens. This data may include wallet addresses, transaction timestamps, metadata, and any user identifiers voluntarily submitted during the transaction (such as names, email addresses, or account references).

We process this data exclusively for the purposes of fulfilling transactions, managing subscriptions, preventing fraud, and complying with applicable anti-money laundering, financial, and taxation obligations. Where such data constitutes Personal Data under applicable law, we process it in accordance with this Privacy Policy, our Data Processing Agreement (DPA), and applicable data protection legislation.

Token Price Analytics and Ratings

The Subscription Service includes tools that analyze the price movements, volatility, and market positioning of certain cryptoassets (“Tokens”). These analytics are based solely on publicly available market data and internally developed algorithmic methodologies.

The resulting Token Price Analytics, Ratings, and insights are generalised, non-personalised outputs provided strictly for informational purposes. They do not constitute financial, investment, or trading advice, and should not be relied upon as such.

We do not use Token Price Analytics or Ratings to build individual user profiles or to perform behavioural targeting. However, if Users interact with these features in a manner that generates usage or preference data, any such data is processed in accordance with this Privacy Policy, anonymised where feasible, and never used to make automated decisions that produce legal or significant effects on individuals.

Ad Network Pixel and Tags

The Subscription Service will receive the selected ad network (for all Ad Network) pixel/tag identification as part of connecting your account to that network. The Subscription Service will automatically place this pixel/tag on the user’s website pages where Evai tracking code is present. This pixel/tag sends and tracks information about your website visitors back to the network, enabling conversion tracking and website audience creation.

You are responsible for ensuring that all necessary disclosures and lawful bases are obtained from your website visitors before activating or deploying such pixels or tags. Evai does not use or process data collected through these tags for its own purposes and acts as a processor for such data unless otherwise clearly specified.

Data Subject Requests

If you are a customer, prospect, or otherwise interact with one of our Customers and would no longer like to be contacted by one of our customers that use our Subscription Service, please contact the customer that you interact with directly. If you want to access, correct, amend, or delete data controlled by an Evai customer, you should direct your query to the Evai Customer (the data controller). We will work with customers to respond to data subject requests as outlined in our DPA.

You may request the deletion of your Evai account or Subscription Service by sending a request. To exercise your rights under data protection laws (including access, rectification, erasure, restriction, objection, or data portability), you may contact us directly at legal@evai.io.

You should also review our DPA to understand our obligations as a processor of your data and how we comply with relevant data protection laws.

Data Retention

Customer Data collected during your use of the Subscription Service is retained in accordance with the provisions of the DPA and is retained for as long as you have a paid Subscription and/or remain an active customer in your portal. Customer Data is deleted or anonymized (as applicable) upon your written request or automatically following the expiration of applicable retention periods after the termination of all customer agreements, unless longer retention is required by applicable law. Your data is deleted upon your written request or after an established period following the termination of all customer agreements.

In general, Customer Data is deleted after your paid Subscription ends and your portal becomes inactive.

Children’s Privacy

We do not knowingly collect Personal Data from individuals under the age of 18 (or higher minimum age if required by applicable law in your jurisdiction). If we become aware that we have collected Personal Data from a child without verifiable parental consent, we will take appropriate steps to delete such data. If you believe we might have any information from or about a child, please contact us at legal@evai.io.

Automated Decision-Making and Profiling

We do not engage in any automated decision-making, including profiling, that produces legal or similarly significant effects on individuals, unless expressly authorized by the User and permitted under applicable data protection laws.

Data Breach Notification

In the event of a security incident involving unauthorised access to or disclosure of Personal Data under our control, we will notify affected individuals and relevant supervisory authorities without undue delay, as required under applicable law and in accordance with the provisions set forth in our DPA.

Your Rights Under Applicable Law

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

  • The right to access the data we hold about you.
  • The right to rectify inaccurate or incomplete data.
  • The right to request deletion of your data.
  • The right to restrict or object to our processing of your data.
  • The right to data portability.
  • The right to withdraw consent at any time (where processing is based on consent).

To exercise these rights, please contact us at legal@evai.io. We will respond in accordance with applicable data protection laws.

How We Transfer Data We Collect Internationally

International Transfers within Evai’s Entities

To facilitate our global operations, we transfer information to either Ireland or the United States and allow access to that information from countries where the Evai Affiliates have operations, for the purposes described in this policy.

This Privacy Policy shall apply even if we transfer Personal Data to other countries. We have taken appropriate safeguards to require that your Personal Data will remain protected. When we share information about you within and among Evai’s Affiliates, we make use of standard contractual data protection clauses, which have been approved by the European Commission. We have also certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to help safeguard the transfer of information we collect from the European Economic Area (EEA), the United Kingdom, and Switzerland.

International Transfers to Third Parties

Some of the third parties described in this privacy policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of customers in the European Economic Area or Switzerland, we make use of a variety of legal mechanisms to safeguard the transfer, including the European Commission-approved standard contractual data protection clauses or other appropriate legal mechanisms. For transfers to or from the United Kingdom, we make use of the standard contractual clauses. Please contact us at legal@evai.io. if you need more information about the legal mechanisms we rely on to transfer Personal Information outside the EEA, Switzerland and the United Kingdom.