Privacy Policy

1) Scope

This Policy applies to the GoEvaAI website, admin dashboard, APIs, and the messaging integrations that we provide to our customers.

It does not govern how our customers handle information they export or store outside of GoEvaAI.

2) Roles

• For end-user conversations handled by GoEvaAI on behalf of a business, the business is the controller and GoEvaAI is the processor/service provider.
• For our website, billing, analytics, abuse prevention, and account administration, GoEvaAI is the controller.

3) Information We Process

Business account data such as company name, email, phone, messaging channel identifiers, configuration, and billing details.

Message and media data, including message content, attachments, templates, metadata, delivery status, and related conversation history.

Technical and security data like logs, IP addresses, device/browser information, diagnostic events, and fraud-prevention signals.

Support communications that you send to us.

4) How We Use Information

To provide, secure, and improve the GoEvaAI platform; deliver conversations; enable integrations; and troubleshoot issues.

To operate analytics, billing, compliance, monitoring, abuse prevention, and product development.

To respond to support requests and communicate updates about the service.

5) Sharing

We do not sell personal data.

• Service providers that host or help deliver our services (infrastructure, storage, monitoring, email, analytics, payments) under confidentiality and security obligations.
• Authorities or third parties when required by law, to enforce our terms, or to investigate abuse.

6) Data Transfers

We operate in the United States and may process data in other regions where our infrastructure or service providers are located.

When legally required, we use appropriate safeguards such as Standard Contractual Clauses.

7) Legal Bases

Our customers are responsible for any required notices or consents to their end-users.

• Performance of a contract (providing the GoEvaAI service).
• Legitimate interests (security, fraud prevention, product operation and improvement).
• Legal obligations (record-keeping, compliance).

8) Retention

We store conversations and configuration data while an account is active to enable features such as inbox history and analytics.

After account closure, data is scheduled for removal as part of our standard processes. Backups and logs may persist for approximately 30–60 days before being overwritten.

9) Security

We use administrative, technical, and physical safeguards appropriate to the data we process, including encryption in transit (HTTPS), access controls, least-privilege practices, monitoring, and audit logging.

No method of transmission or storage is 100% secure; we continually improve our defenses.

10) Rights & Requests

Business administrators can access or update data through the dashboard or by emailing support@goeva.ai.

End-users of our customers should contact the business they messaged. We act as processor and will assist our customers as required by law.

11) Account Closure & Data Handling

An authorized account owner may request closure via the dashboard or by contacting support.

Upon closure we begin our standard removal procedures; residual copies may remain in backups/logs for approximately 30–60 days subject to legal requirements.

12) Children

Our services are intended for businesses and are not directed to children.

13) Updates

We may update this Policy as our product evolves. If changes are material we will provide reasonable notice (for example via email or in-product alerts).