Evervault and its affiliates (collectively “Evervault”, “we” and “us”) respect your privacy. We offer services that enable developers, founders, and businesses to encrypt & process sensitive data.
This Privacy Policy describes how Evervault collects, uses, and processes Personal Data through our main website evervault.com, and other services & websites that enable users to access Evervault.
This policy also describes how we use Personal Data, with whom we share it, your rights & choices, and how you can contact us about our privacy practices.
This policy does not apply to third-party websites, products, or services, even if they link to our Services or Sites, and you should consider the privacy practices of those third-parties carefully.
Personal data we collect
Personal data is any information that relates to an identified or identifiable individual. It does not include data where the identity has been removed (anonymous data).
Personal data you provide depends on your interactions with Evervault and the choices you make, the products and features you use, your location, and applicable law.
We may collect, use, store and transfer different kinds of personal data:
-
Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
-
Contact Data includes billing address, delivery address, email address and telephone numbers.
-
Financial Data includes bank account and payment card details.
-
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
-
Browser & Device Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
-
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, products and services. -
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We do not collect any information about criminal convictions and offences.
If you fail to provide personal data where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
How we collect personal data
We will collect Personal Data when you voluntarily provide it to us (including to our service providers or other parties who collect it on our behalf). For example, we collect Personal Data when you order, register for (or to use) or request information about Evervault products, services or apps, subscribe to marketing communications, request support, complete surveys, provide in product feedback, or sign up for an Evervault event or webinar. We may also collect Personal Data from you offline, such as when you attend one of our events, during phone calls with sales representatives, or when you contact customer support.
The Personal Data we collect may include contact information (such as your name, address, telephone number or email address), professional information (such as your employer name, address, job title, department or job role), user IDs and passwords, photographs for security purposes, and contact preferences. We also collect information you choose to provide to us when requesting information or completing any 'free text' boxes in our forms (for example, for event sign-up, product feedback or survey requests), or the nature of your request or communication. In addition, we may collect Personal Data disclosed by you on message boards, chat features, blogs and other services or platforms to which you are able to post information and materials (including third party services and platforms). We also may record our telephone or other communications with you, to the extent permitted by applicable law.
When making a purchase from Evervault, we may also collect billing and transactional information.
Evervault collects information from the use of technologies such as cookies, pixel tags, widgets, embedded URLs, electronic communication protocols, buttons and tools in connection with its online properties. The types of technology used by Evervault may change over time as technology evolves. This Privacy Policy and our Cookie Policy provide information about our use of cookies and other similar tracking technologies. We automatically collect certain information when you use, access or interact with our online properties, including our online advertisements or marketing communications. This information does not necessarily reveal your identity directly but may include unique identification numbers and other information about the specific device you are using, such as the hardware model, operating system version, web-browser software (such as Firefox, Safari, or Internet Explorer), your Internet Protocol (IP) address/MAC address/device identifier, device event information (such as crashes, system activity and hardware settings, browser language, the date and time of your request and referral URL), broad geographic location (e.g. country or city-level location) and other technical data that uniquely identifies your browser. We may also collect information about how your device has interacted with our online properties, such as the pages accessed and other statistical information. From time to time, we may obtain information about you from third party sources unless prohibited by applicable law, such as public databases, resellers and channel partners, marketing partners, social media platforms, event organizers or other publicly available information.
Examples of the information we may receive from other sources include: name, address, telephone number, office location, approximate location (based on reverse IP lookup), account information, job role and publicly available employment profile, service and support information, information about your product or service interests or preferences, browsing habits, page-view information from some business partners with which we operate co-branded services or joint offerings, and credit history information from credit bureaus. We may use this information in conjunction with your contact details, professional information and Evervault transaction history for the purposes set forth in this Privacy Policy, such as, for example, improving the accuracy of our records, better understanding you and your preferences, providing relevant marketing and support, and detecting and preventing fraud.
How we use personal data
Evervault uses the data we collect to provide you rich, interactive experiences. In particular, we use data to:
- Provide our products, which includes updating, securing, and troubleshooting, as well as providing support. It also includes sharing data, when it is required to provide the service or carry out the transactions you request.
- Improve and develop our products.
- Personalize our products and make recommendations.
- Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you relevant offers.
We also use the data to operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce, and doing research. We will only use your personal data when the law allows us to.
The purposes for which Evervault uses Personal Data include the following (unless otherwise restricted by applicable law):
Communicate, Respond to Requests and Engage in/Process Transactions: Evervault may use Personal Data to communicate with you, respond to your requests or provide information requested by you. Evervault may also use Personal Data, including financial, credit card and payment information, to process your transactions.
Facilitate the Delivery of the Service and Account Administration: Evervault may use Personal Data to provide you with services, to manage your account, and to communicate with you about your use of our services. This may include managing product downloads, updates and fixes, providing support and recommendations, and sending other administrative or account-related communications, including release notes. Evervault will also use Personal Data to facilitate the delivery of the services and this may include tracking entitlements, verifying compliance, controlling access to the service, and maintaining the security and operational integrity of the Evervault IT infrastructure and our services.
Facilitate and Evaluate Use of the Online Properties: Evervault may use Personal Data to provide you with the online properties, to facilitate your use of the online properties (such as facilitating navigation and the login process, preserving information between sessions and enhancing security), to improve quality, to evaluate page response rates and personalize and determine content.
Improve our Properties: Evervault uses Personal Data and other data Evervault collects from you to better understand our customers, users and website visitors and the way they use and interact with the properties, including their user experience. Evervault uses this information to provide a personalized experience, to implement the preferences you request, to improve quality and reliability, to diagnose issues with and improve the properties and related user experiences, and to make recommendations.
Improve the Accuracy of our Records: Evervault may use the Personal Data we receive from you or third parties to better understand you and/or maintain and improve the accuracy of the records we hold about you.
Product Improvement: Evervault uses data to continually improve our products, including adding new features or capabilities.
Personalization: Evervault seeks to personalise certain product features such as recommendations that enhance your productivity and enjoyment. These features use automated processes to tailor your product experiences based on the data we have about you, such as inferences we make about you and your use of the product, activities, interests, and location.
Updates: Evervault uses data we collect to develop product updates. For example, we may use information about your device’s capabilities, such as available memory, to provide you a software update or security patch. Updates and patches are intended to maximize your experience with our products, help you protect the privacy and security of your data, provide new features, and ensure your device is ready to process such updates.
Provide Support: Evervault uses Personal Data and other data Evervault collects from you, in combination with other data we may have, in order to provide you with support in relation to our properties. We use data to troubleshoot and diagnose product problems, and provide other customer care and support services, including to help us provide, improve, and secure the quality of our products, services, and training, and to investigate security incidents. Call recording data may also be used to authenticate or identify you based on your voice to enable Evervault to provide support services and investigate security incidents.
Reporting and business operations: Evervault uses data to analyze our operations and perform business intelligence. This enables us to make informed decisions and report on the performance of our business.
Post Testimonials: Evervault may use Personal Data to post testimonials on its online properties. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. You can request your testimonial be updated or deleted at any time by sending a request with your name, testimonial location and contact information.
Marketing: Evervault will use information it obtains from you, your interactions with Evervault over time and across the properties, and from third party sources to provide you with marketing and promotional communications, to deliver targeted and relevant advertising and marketing to you, to determine the effectiveness of our marketing and promotional campaigns, to better understand you and your preferences, and to position and promote our products and services. Our marketing will be conducted in accordance with your advertising / marketing preferences and as permitted by applicable law.
Security: Evervault may use Personal Data to help monitor, prevent and detect fraud, enhance security, monitor and verify identity or access, and combat spam or other malware or security risks.
Quality Control and Training: Evervault may use or access personal data for the purposes of quality control related to the properties and staff training.
Third Party Social Networks: Evervault may use Personal Data to interact with you on third party social networks (subject to that network's terms of use).
Conferences and Events: Evervault and our partners may use Personal Data to communicate with you about our events or our partner events. After the event, Evervault may contact you about the event and related products and services, and may share information about your attendance with your company and our conference sponsors and partners, where legally permitted to do so. If a partner or conference sponsor directly requests your Personal Data at their conference booths or presentations, your Personal Data will be handled in accordance with their privacy practices. We recommend that you review the privacy practices of such partners and sponsors.
Provide Online Communities and Blogs: Evervault may use Personal Data and other information disclosed by you on our message boards, chat features, blogs and other services or platforms to which you are able to post information and materials for the purposes of providing you and our customers with a forum to discuss Evervault properties, responding to your request, providing you with support, improving our properties or any other purposes set forth in this Privacy Policy. Any information that is disclosed in those forums becomes public information and may therefore appear in public ways, such as through search engines or other publicly available platforms, and may be “crawled” or searched by third parties. It could also be read, collected or used by other users to send you unsolicited messages. Please do not post any information that you do not want to reveal to the public at large.
Protect our Employees and Facilities: Evervault may use Personal Data as necessary to protect the health and safety of our employees and visitors, our facilities and our property and other rights. If you visit one of our sites, you may be photographed or videotaped as part of maintaining the security of such sites.
Research: With appropriate technical and organizational measures to safeguard individuals’ rights and freedoms, Evervault uses data to conduct research, including for public interest and scientific purposes.
Other Legitimate Business Purposes: Evervault may use your Personal Data when it is necessary for other legitimate purposes such as protecting Evervault's confidential and proprietary information
Comply with Legal Obligations: In certain cases, Evervault has a legal obligation to collect, use, or retain your Personal Data. We process data to comply with law. We also process contact information and credentials to help customers exercise their data protection rights.
Purposes for Which We Seek Your Consent: Evervault may also ask for your consent to use your Personal Data for a specific purpose that we communicate to you.
How we share personal data
Evervault does not sell or rent Personal Data to marketers or unaffiliated third parties. We share your Personal Data with trusted entities, as outlined below.
Evervault. We share Personal Data with other Evervault entities in order to provide our Services and for internal administration purposes.
Service providers. We share Personal Data with a limited number of our service providers. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America. We do not engage a service provider without performing due diligence, including a rigorous security assessment. Our service providers are all subject to contract terms that enforce compliance with applicable data protection laws, and our own data security standards.
The below list of service providers are third parties Evervault works with across its products and services.
| Provider | Service Provided | Data Shared |
|---|---|---|
| AWS | Cloud infrastructure | User data |
| Analytics, email, file storage, collaboration tools | User data | |
| Mixpanel | Analytics | User data |
| Sentry | Infrastructure monitoring | Usage data |
| Twilio | Message sending | User data including email addresses |
| Segment | Tag management | Usage data |
| SendGrid | Message sending and contact details management | User data including email addresses |
| Vercel | Hosting and analytics | User and usage data |
| Zoom | Video conference system | Conversational user data |
| Slack | Internal communications | User data |
| Stripe | Payments | Financial and transactional data |
| Cloudflare | DNS | DNS Queries |
| 3dsecure.io | Card security services | Cardholder Data |
| Cybersource | Card security services | Cardholder Data |
| Visa | Card services | Cardholder Data |
As our business needs change, we may decide to use new third-party services and discontinue using existing service providers. We will periodically update this page to reflect additions and removals to our list of service providers.
Google: Evervault’s Google Sheets integration allows our customers to send data from third parties via Evervault for decryption to a Google Sheet using the Google API. Our use of the Google API adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Business partners. We share Personal Data with third party business partners when this is necessary to provide our Services to our Users.
Our Users and third parties authorized by our Users. We share Personal Data with Users as necessary to maintain a User account and provide the Services. We share data with parties directly authorized by a User to receive Personal Data, such as when a User authorizes a third party application provider to access the User’s Evervault account. The use of Personal Data by an authorized third party is subject to the third party’s privacy policy.
Corporate transactions. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share Personal Data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your Personal Data, but only in the manner set out in this Privacy Policy unless you agree otherwise.
Compliance and harm. We share Personal Data as we believe necessary: (i) to comply with applicable law; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of Evervault, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
Your rights and choices
You can also make choices about the collection and use of your data by Evervault. You can control your personal data that Evervault has obtained, and exercise your data protection rights, by contacting Evervault or using various tools we provide. In some cases, your ability to access or control your personal data will be limited, as required or permitted by applicable law. If you want to access or control personal data processed by Evervault that is not available via the tools or directly through the Evervault products you use, you can always contact Evervault at the address listed below.
Right to Correct or Update Your Information: If you would like to correct or update Personal Data that you have provided to us, please login to evervault.com and update your profile.
Marketing Communications: You can opt-out of receiving marketing communications from Evervault by clicking "unsubscribe" in any marketing email communications we send you.
Additional Rights for Certain Territories: If you reside in certain territories (such as the EEA), you may have the right to exercise certain privacy rights available to you under applicable laws. We will process your request in accordance with applicable data protection laws. We may need to retain certain information for record-keeping purposes and/or to complete transactions that you began prior to requesting any deletion.
Right not to provide consent or to withdraw consent: We may seek to rely on your consent in order to process certain Personal Data. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
Right of access and/or portability: You may have the right to access the Personal Data that we hold about you and, in some limited circumstances, have that data provided to you so that you can provide or 'port' that data to another provider.
Right of erasure: In certain circumstances, you may have the right to the erasure of Personal Data that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected).
Right to object to processing: You may have the right to request that Evervault stop processing your Personal Data and/or to stop sending you marketing communications.
Right to rectification: You may have the right to require us to correct any inaccurate or incomplete Personal Data.
Right to restrict processing: You may have the right to request that we restrict processing of your Personal Data in certain circumstances (for example, where you believe that the Personal Data we hold about you is not accurate or lawfully held).
Right to lodge a complaint to your local Data Protection Authority: You may have the right to lodge a complaint with your national Data Protection Authority or equivalent regulatory body.
In order to exercise your data protection rights, you may contact Evervault as described in the Contact Us section below. We take each request seriously. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.
If you are a Customer of an Evervault User, please direct your requests directly to the User.
Security and retention
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. Evervault are currently PCI DSS Level 1 compliant, and undergo external SOC 2 Assessments covering the Security, Availability and Confidentiality Trust principles annually. These reports are available to our customers upon legitimate request. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.
We retain your Personal Data as long as we are providing the Services to you. We retain Personal Data after we cease providing Services directly or indirectly to you, even if you close your Evervault account, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention.
We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our partners, and where data retention is mandated. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
Legal basis of processing
Evervault relies upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate the business relationships we have with our Users, to comply with our legal obligations, and to pursue our legitimate business interests.
Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it and the purposes for which it is used.
However, we will normally collect Personal Data from you only, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some very rare cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
Similarly, if we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time, or upon request, what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us.
Updates to this Privacy Policy
Evervault may update this Privacy Policy when necessary to provide greater transparency or in response to:
-
Feedback from customers, regulators, industry, or other stakeholders.
-
Changes in our products.
-
Changes in our data processing activities or policies.
We will revise this Privacy Policy at any time by amending this page. Please check it from time to time, and take note of any changes.
Contact us
If you have any questions or feedback about this Privacy Policy, please contact us or send mail to: Evervault Ltd, Exchequer Chambers, 19-23 Exchequer Street, Dublin 2, Ireland