Privacy Policy

Welcome to Evrmind

Evrmind Limited ("Evrmind," "we," "us," or "our") is a UK-based company providing AI-powered digital employees and related services through our website evrmind.io and associated platforms. We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, disclose, and protect your information in compliance with applicable data protection laws, including but not limited to:

• The UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (UK)
• The EU General Data Protection Regulation (GDPR) (EU)
• The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) (USA)
• The Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada, as applicable)
• The Act on the Protection of Personal Information (APPI) (Japan)
• The Personal Information Protection Law (PIPL) (China)
• The Digital Personal Data Protection Act (DPDP) (India)
• The Privacy Act 1988 (Australia)
• The Protection of Personal Information Act (POPIA) (South Africa)
• The Data Protection Act (Zambia)
• The Personal Data Protection Law (PDPL) (Saudi Arabia and UAE)
• The General Data Protection Law (LGPD) (Brazil, representative of South American laws such as Argentina's PDPL)
• Federal Law No. 152-FZ on Personal Data (Russia)

If you are in a jurisdiction with specific data protection laws, this Policy is designed to meet or exceed those requirements. We encourage you to read this Policy carefully. By using our services, you consent to the practices described herein. If you do not agree, please do not use our services.

This Policy applies to all users of our website and services, regardless of location. For users in jurisdictions requiring consent (e.g., PIPL in China, APPI in Japan, DPDP in India), we obtain explicit consent where required, and you can withdraw it at any time. For data localization requirements (e.g., PIPL in China, Russia's Federal Law No. 152-FZ), we store and process data in compliance with local laws or transfer it subject to appropriate safeguards.

1. Information We Collect

We collect personal data to provide, improve, and secure our services. The types of information we collect include:

1.1 Information You Provide

• Account Information: Name, email address, phone number, company name, job title, billing address, and payment details when you register or subscribe to our services.
• User Content: Data, files, messages, prompts, and instructions you input into our AI-powered digital employees (the "Services") to perform tasks (e.g., generating content, analyzing data, managing workflows).
• Communication Data: Information from your correspondence with us (e.g., support tickets, emails, chat messages), including feedback and inquiries.
• Survey and Marketing Data: Responses to surveys, preferences, and consent for marketing communications.

1.2 Information Collected Automatically

• Usage Data: Log data such as IP address, browser type, device information, operating system, pages visited, time and date of access, referring/exit pages, and interaction with our Services (e.g., features used, prompts submitted, outputs generated).
• Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to track activity, personalize content, and analyze trends. See Section 7 for more details.
• Location Data: Approximate location derived from your IP address or device settings (with your consent where required).

1.3 Information from Third Parties

• Third-Party Integrations: If you connect third-party services (e.g., CRM tools, project management platforms, social media accounts) to our Services, we may receive data from those platforms in accordance with their terms and your authorization.
• Public Sources: Business contact information or publicly available data to enrich user profiles or validate accounts (e.g., for B2B users).
• Payment Processors: Transaction details from payment service providers to process subscriptions and billing.

2. How We Use Your Information

We use your personal data for the following purposes, in compliance with applicable laws:

• To Provide and Improve Our Services: Process your requests, operate our AI-powered digital employees, deliver outputs, and enhance functionality, accuracy, and user experience through analytics and machine learning.
• To Communicate with You: Send service-related notifications (e.g., account updates, security alerts, billing reminders), respond to inquiries, and provide customer support.
• For Marketing and Promotional Purposes: Send newsletters, product updates, special offers, and personalized recommendations (with your consent where required, e.g., under GDPR, CCPA, PIPL, APPI, DPDP). You can opt out anytime.
• To Ensure Security and Prevent Fraud: Monitor for suspicious activity, detect and prevent fraud, unauthorized access, or misuse of our Services, and comply with legal obligations.
• For Analytics and Research: Analyze usage patterns, conduct market research, and develop new features, products, or services. We may use anonymized or aggregated data for these purposes.
• To Comply with Legal Obligations: Respond to legal requests (e.g., subpoenas, court orders), enforce our Terms of Service, and protect our rights and those of our users.
• With Your Consent: For any other purpose disclosed to you at the time of collection or with your explicit consent (e.g., under PIPL in China, APPI in Japan, DPDP in India).

3. Legal Basis for Processing (GDPR, UK GDPR, and Similar Laws)

For users in the EU, UK, and jurisdictions with similar requirements, we process your personal data based on:

• Contract Performance: To fulfill our obligations under our Terms of Service and provide the Services you requested.
• Legitimate Interests: To improve our Services, ensure security, prevent fraud, and conduct business operations, provided this does not override your rights and freedoms.
• Consent: Where you have given explicit consent (e.g., for marketing communications, cookies, or specific data processing activities). You can withdraw consent at any time.
• Legal Obligation: To comply with applicable laws, regulations, or legal processes.

4. How We Share Your Information

We do not sell, rent, or trade your personal data. However, we may share your information in the following circumstances:

4.1 Service Providers and Partners

We engage trusted third-party service providers to assist with business operations, including cloud hosting (e.g., AWS, Google Cloud, Microsoft Azure), payment processing (e.g., Stripe, PayPal), customer support tools (e.g., Zendesk, Intercom), analytics platforms (e.g., Google Analytics, Mixpanel), and marketing services (e.g., Mailchimp, HubSpot). These providers are contractually obligated to protect your data and use it only for the purposes specified by us.

4.2 AI Model Providers

To deliver our AI-powered Services, we may use third-party large language models (LLMs) and AI tools (e.g., OpenAI's GPT, Anthropic's Claude, Google's Gemini, or other providers). Your User Content (e.g., prompts, inputs) may be processed by these providers to generate outputs. We contractually prohibit these providers from using your data to train their models without your explicit consent, and we implement technical measures to minimize data exposure.

4.3 Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your personal data may be transferred to the successor entity. We will notify you of such changes and ensure the new entity adheres to this Privacy Policy or provides an equivalent level of protection.

4.4 Legal Requirements and Protection

We may disclose your information if required by law (e.g., to comply with a subpoena, court order, or regulatory request) or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud.

4.5 With Your Consent

We may share your data with third parties for purposes not covered by this Policy, but only with your explicit consent (e.g., under PIPL in China, APPI in Japan, DPDP in India).

5. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary based on the type of data and applicable laws:

• Account Data: Retained for the duration of your account and up to 7 years after account closure for legal, tax, and audit purposes (e.g., under UK GDPR, LGPD, POPIA).
• User Content: Stored as long as necessary to provide the Services. You can delete User Content at any time through your account settings, subject to backup and disaster recovery processes (typically 30-90 days).
• Usage and Log Data: Retained for up to 2 years for security, analytics, and fraud prevention, then anonymized or deleted.
• Marketing Data: Retained until you opt out or withdraw consent, plus a reasonable period to process your request (typically 30 days).

For users in jurisdictions requiring specific retention periods (e.g., PIPL in China mandates minimal retention; LGPD in Brazil requires data to be deleted when no longer necessary), we comply with local requirements. You can request deletion of your data at any time (see Section 9).

6. International Data Transfers

Evrmind is based in the UK, but we operate globally and may transfer your personal data to countries outside your jurisdiction, including the UK, EU, USA, and other regions where our service providers or partners are located. We ensure such transfers comply with applicable laws by implementing appropriate safeguards:

• Standard Contractual Clauses (SCCs): For transfers from the EU/UK to non-adequate countries (e.g., USA), we use SCCs approved by the European Commission or UK Information Commissioner's Office (ICO).
• Adequacy Decisions: We rely on adequacy decisions (e.g., EU-US Data Privacy Framework, UK-US Data Bridge) where applicable.
• Data Localization: For jurisdictions requiring local data storage (e.g., PIPL in China, Russia's Federal Law No. 152-FZ), we store data locally or transfer it only with explicit consent and appropriate safeguards.
• Explicit Consent: In jurisdictions requiring consent for international transfers (e.g., PIPL in China, APPI in Japan, DPDP in India), we obtain your consent before transferring data.

If you are in a jurisdiction with restrictions on international data transfers, you can contact us at privacy@evrmind.io for more information about the safeguards we use.

7. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies to enhance your experience, analyze usage, and deliver personalized content. Cookies are small text files stored on your device. We use the following types of cookies:

• Essential Cookies: Necessary for the website to function (e.g., authentication, session management). These cannot be disabled.
• Performance Cookies: Collect anonymous data about how you use our website (e.g., pages visited, time spent) to improve performance.
• Functional Cookies: Remember your preferences (e.g., language, region) to enhance your experience.
• Targeting/Advertising Cookies: Used to deliver relevant ads and measure campaign effectiveness (with your consent where required, e.g., under GDPR, CCPA, PIPL).

You can manage cookie preferences through your browser settings or our cookie consent banner (for users in the EU, UK, Brazil, and other jurisdictions requiring consent). Note that disabling cookies may affect website functionality. For users in jurisdictions with strict cookie laws (e.g., ePrivacy Directive in the EU), we obtain explicit consent before placing non-essential cookies.

8. Data Security

We implement industry-standard technical, organizational, and physical measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These include:

• Encryption: Data in transit is encrypted using TLS/SSL protocols. Data at rest is encrypted using AES-256 or equivalent standards.
• Access Controls: Role-based access controls (RBAC) and multi-factor authentication (MFA) for employees and contractors with access to personal data.
• Regular Audits: Periodic security audits, vulnerability assessments, and penetration testing to identify and address risks.
• Incident Response: A data breach response plan to detect, contain, and notify affected users and regulators in accordance with applicable laws (e.g., within 72 hours under GDPR, UK GDPR; within reasonable time under CCPA, PIPL, APPI, LGPD).
• Third-Party Security: We require service providers to implement equivalent security measures and regularly assess their compliance.

While we strive to protect your data, no system is 100% secure. If you suspect unauthorized access to your account, contact us immediately at security@evrmind.io.

9. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data. We honor these rights in compliance with applicable laws:

9.1 Access and Portability

You have the right to request a copy of the personal data we hold about you. For users in the EU, UK, California, Brazil, Japan, India, and other jurisdictions with data portability rights, you can request your data in a structured, commonly used, and machine-readable format.

9.2 Correction and Update

You can update or correct inaccurate personal data through your account settings or by contacting us at privacy@evrmind.io.

9.3 Deletion and Erasure

You can request deletion of your personal data, subject to legal retention requirements (e.g., tax, audit, or legal obligations). Under GDPR, UK GDPR, CCPA/CPRA, PIPL, APPI, LGPD, POPIA, and similar laws, you have the "right to be forgotten."

9.4 Opt-Out of Marketing

You can opt out of marketing emails by clicking the "unsubscribe" link in our emails or adjusting your preferences in your account. For jurisdictions requiring opt-in consent (e.g., GDPR, PIPL, APPI, DPDP), we obtain explicit consent before sending marketing communications.

9.5 Restrict or Object to Processing

Under GDPR, UK GDPR, LGPD, POPIA, and similar laws, you can restrict or object to certain processing activities (e.g., for direct marketing or based on legitimate interests).

9.6 Withdraw Consent

If we process your data based on consent (e.g., for marketing, cookies, or specific uses), you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

9.7 Do Not Sell or Share My Personal Information (CCPA/CPRA)

For California residents: We do not sell your personal data. However, some data sharing (e.g., for advertising) may be considered a "sale" under CCPA. You can opt out by contacting us at privacy@evrmind.io or using our "Do Not Sell My Personal Information" link (if available).

9.8 Lodge a Complaint

If you are in the EU, UK, Brazil, South Africa, or another jurisdiction with a data protection authority, you have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France, ANPD in Brazil, INFOREGULATOR in South Africa).

To exercise any of these rights, contact us at privacy@evrmind.io. We will respond within the timeframes required by applicable laws (e.g., 1 month under GDPR/UK GDPR, 45 days under CCPA, 15 days under PIPL, 10 days under DPDP).

10. Children's Privacy

Our Services are not intended for individuals under 18 years of age (or the age of majority in your jurisdiction, whichever is higher). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, contact us at privacy@evrmind.io, and we will delete it promptly. For users in jurisdictions with stricter age requirements (e.g., under 16 in the EU under GDPR), we comply with local laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services. We will notify you of material changes by:

• Posting the updated Policy on our website with a revised "Last Updated" date.
• Sending an email notification to your registered email address.
• Displaying a prominent notice on our website or within our Services.

For jurisdictions requiring explicit consent for material changes (e.g., PIPL in China, APPI in Japan, DPDP in India), we will obtain your consent before the changes take effect. Your continued use of our Services after the effective date constitutes acceptance of the updated Policy, unless otherwise required by law.

12. Jurisdiction-Specific Information

This section provides additional details for users in specific jurisdictions to ensure compliance with local laws.

12.1 European Union (EU) and United Kingdom (UK)

For users in the EU and UK, we comply with GDPR and UK GDPR. Your rights include access, rectification, erasure, restriction, data portability, objection, and the right not to be subject to automated decision-making. Our data controller is Evrmind Limited, registered in the UK. Contact us at privacy@evrmind.io or lodge a complaint with the ICO (UK) or your local supervisory authority.

12.2 United States - California (CCPA/CPRA)

For California residents, you have the right to know what personal information we collect, delete your data, opt out of "sales" or "sharing" for targeted advertising, correct inaccuracies, and limit the use of sensitive personal information. We do not discriminate against users who exercise their CCPA rights. Contact us at privacy@evrmind.io to submit requests.

12.3 Canada (PIPEDA)

For Canadian users, we comply with PIPEDA. You have the right to access, correct, and withdraw consent for your personal data. Contact us at privacy@evrmind.io or file a complaint with the Office of the Privacy Commissioner of Canada.

12.4 China (PIPL)

For users in China, we comply with PIPL. We obtain your explicit consent before collecting, using, or transferring your personal data internationally. You have the right to know, decide, restrict, refuse, access, correct, delete, and obtain a copy of your data. We store your data locally in China or transfer it with your consent and appropriate safeguards. Contact us at privacy@evrmind.io.

12.5 Japan (APPI)

For users in Japan, we comply with APPI. We obtain consent before transferring personal data internationally and provide transparency about data usage. You have the right to access, correct, cease use, and delete your data. Contact us at privacy@evrmind.io or lodge a complaint with the Personal Information Protection Commission (PPC).

12.6 India (DPDP)

For users in India, we comply with DPDP. We process personal data only with your consent and provide clear notice of data processing purposes. You have the right to access, correct, erase, and port your data. Contact us at privacy@evrmind.io or file a complaint with the Data Protection Board of India (DPBI).

12.7 Brazil (LGPD)

For users in Brazil, we comply with LGPD. Your rights include access, correction, deletion, portability, and the right to know about data sharing. We process data based on consent, legitimate interests, or legal obligations. Contact us at privacy@evrmind.io or lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).

12.8 South Africa (POPIA)

For users in South Africa, we comply with POPIA. You have the right to access, correct, and object to the processing of your personal data. Contact us at privacy@evrmind.io or lodge a complaint with the Information Regulator.

12.9 Australia (Privacy Act 1988)

For Australian users, we comply with the Australian Privacy Principles (APPs). You have the right to access and correct your personal data. Contact us at privacy@evrmind.io or lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

12.10 Middle East (Saudi Arabia, UAE - PDPL)

For users in Saudi Arabia and UAE, we comply with local PDPLs. You have the right to access, correct, and delete your personal data. We obtain consent for data processing and international transfers. Contact us at privacy@evrmind.io.

12.11 Russia (Federal Law No. 152-FZ)

For users in Russia, we comply with Federal Law No. 152-FZ. We store and process personal data of Russian citizens on servers located in Russia or transfer it with appropriate safeguards. You have the right to access, correct, and delete your data. Contact us at privacy@evrmind.io.

12.12 Other Jurisdictions

If you are in a jurisdiction not listed above, we strive to comply with applicable data protection laws. Contact us at privacy@evrmind.io for more information about how we handle your data in your region.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection inquiries from EU/UK users, you can also contact our Data Protection Officer (if appointed) at dpo@evrmind.io.