GoEvaAI
Sign inGet Started

Privacy Policy

This Privacy Policy explains how GoEvaAI (“GoEvaAI,” “we,” “us”) collects, uses, and protects information when businesses use our software to deploy AI chatbots and connect their business messaging channels through supported messaging APIs, and when administrators access our website and dashboard.

Contact: support@goeva.ai

1) Scope

This Policy applies to:

  • The GoEvaAI website, admin dashboard, and APIs.
  • Our messaging integrations (webhooks, template management, and message delivery) across supported channels.

This Policy does not cover how our customers (the businesses that use GoEvaAI) handle end-user data outside our services.

2) Roles (Controller / Processor)

  • For end-user conversations with our customers, the business is the controller and GoEvaAI is the processor (service provider).
  • For our website, billing, analytics, abuse prevention, and account administration, GoEvaAI is the controller.

3) Information We Process

Business account data. Business name, email, phone, channel account identifiers (e.g., phone number IDs), message template details, configuration, and billing/subscription info.

Message and media data. Message content (text/attachments), message templates, and metadata (IDs, timestamps, delivery/read status, conversation categories, error codes). We store conversations so businesses can view their inbox/history and maintain session continuity over time.

Technical & security data. Logs, IP addresses, device/browser information, and diagnostic events used for reliability, fraud prevention, abuse detection, and support.

Support communications. Emails or tickets you send us.

4) How We Use Information

We process data to:

  • Provide and maintain the service: deliver/receive messages, manage templates, display inbox/history, automate workflows, and provide analytics.
  • Authenticate admins and secure accounts.
  • Comply with applicable platform policies and laws.
  • Monitor, prevent, and detect abuse or misuse.
  • Operate and improve the product (using aggregated/limited analytics where possible).

AI/LLM Processing

As part of the service, message content and metadata may be processed by Large Language Model (LLM) providers only for inference to generate responses or perform automations. We configure providers so that content is not used to train models. LLM processing runs on infrastructure located in the United States.

5) Location of Processing

Primary storage and processing (application servers, databases, and LLM inference) occur in the United States.

Our web frontend may be served via a global CDN/edge network (which can include locations such as Brazil) for performance. This does not change where personal data is stored at rest.

6) Sharing of Information

We share data only as needed to operate the service:

  • Messaging channel/platform providers that enable delivery and management of messages (e.g., business messaging APIs).
  • LLM providers for inference as described above.
  • Service providers that host or help deliver our services (cloud infrastructure, storage, monitoring, email, analytics, payments) under appropriate confidentiality and security obligations.
  • Authorities when required by law or to enforce our terms, protect our rights, or investigate abuse.

We do not sell personal data.

7) Legal Bases (where required)

  • Performance of a contract (providing the service to our customers).
  • Legitimate interests (security, fraud prevention, product operation and improvement).
  • Legal obligations (record-keeping and compliance).

Our customers are responsible for any required notices/consents to their end-users as controllers.

8) Retention

We store conversations and configuration data to operate the service and provide features such as inbox/history and session continuity while a customer account is active. After account closure, data is scheduled for routine removal as part of our standard processes. Copies in backups and logs may persist for a limited period (around 30–60 days) for reliability, security, and compliance, after which they are overwritten. We do not offer per-customer retention customizations at this time.

9) Security

We use administrative, technical, and physical safeguards appropriate to the data we process, including encryption in transit (HTTPS), access controls, least-privilege, monitoring, and audit logging. No method of transmission or storage is 100% secure; we continually improve our defenses.

10) Rights & Requests

Business administrators can access or update settings through the GoEvaAI dashboard or by contacting support.

End-users of our customers should contact the business they messaged; we act as processor for those conversations and will assist our customers as required by law.

11) Account Closure & Data Handling

An authorized account owner may request account closure via the dashboard or by emailing support@goeva.ai. Following closure, our systems begin standard removal procedures. Data may continue to appear in backups and logs for a limited period (around 30–60 days) before being overwritten, subject to legal requirements.

12) Children

Our services are intended for use by businesses and are not directed to children.

13) Changes to this Policy

We may update this Policy from time to time. We will post the updated version on our site and, if changes are material, notify admins by email or in-product notice.

14) Contact

Questions? support@goeva.ai

For questions about this policy, contact support@goeva.ai