Welcome to Evrmind.
Evrmind Limited ("Evrmind," "we," "us," or "our") is a UK-based company providing AI-powered digital employees and related services through our website evrmind.io and associated platforms. We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, disclose, and protect your information in compliance with applicable data protection laws, including but not limited to:
- The UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (UK).
- The EU General Data Protection Regulation (GDPR) (EU).
- The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) (USA).
- The Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada, as applicable).
- The Act on the Protection of Personal Information (APPI) (Japan).
- The Personal Information Protection Law (PIPL) (China).
- The Digital Personal Data Protection Act (DPDP) (India).
- The Privacy Act 1988 (Australia).
- The Protection of Personal Information Act (POPIA) (South Africa).
- The Data Protection Act (Zambia).
- The Personal Data Protection Law (PDPL) (Saudi Arabia and UAE).
- The General Data Protection Law (LGPD) (Brazil, representative of South American laws such as Argentina's PDPL).
- Federal Law No. 152-FZ on Personal Data (Russia).
If you are in a jurisdiction with specific data protection laws, this Policy is designed to meet or exceed those requirements. We encourage you to read this Policy carefully. By using our services, you consent to the practices described herein. If you do not agree, please do not use our services.
This Policy applies to all users of our website and services, regardless of location. For users in jurisdictions requiring consent (e.g., PIPL in China, APPI in Japan, DPDP in India), we obtain explicit consent where required, and you can withdraw it at any time. For data localization requirements (e.g., PIPL in China, Russian law), we comply by storing data in compliant servers or with approved transfers.
If you are a resident of a jurisdiction with additional rights (e.g., GDPR, CCPA, LGPD, POPIA, PDPL), see the "Your Rights" section below.
1. Information We Collect
We collect information to provide, improve, and personalize our AI services. We collect the following types of personal data:
-
Personal Identifiers: Name, email address, username, and contact details when you sign up, subscribe, or contact us.
-
Account Information: Passwords (hashed), preferences, and payment details (processed via secure third-party providers compliant with PCI DSS).
-
Usage Data: IP address, browser type, device information, pages visited, time spent, and interaction with our AI agents (e.g., queries, outputs).
-
Content Data: Information you input into our AI tools, such as prompts or data for processing (e.g., business documents for AI analysis).
-
Technical Data: Cookies, web beacons, and logs for analytics (see our Cookie Policy for details).
-
Sensitive Data: We do not intentionally collect sensitive personal data (e.g., health, racial origin, biometrics) unless you provide it in AI inputs. If collected, it is processed with explicit consent where required (e.g., under GDPR, PIPL, LGPD).
We collect this data from you directly (e.g., forms), automatically (e.g., cookies), or from third parties (e.g., analytics providers like Google Analytics, compliant with GDPR/CCPA opt-outs).
For children under 13 (USA COPPA) or 16 (GDPR), we do not knowingly collect data; our services are not directed to children.
2. How We Use Your Information
We use your data for legitimate purposes, with legal bases such as consent, contract performance, or legitimate interests (e.g., under GDPR, APPI, PIPL, DPDP):
- To provide and maintain our services (e.g., AI agent responses).
- To personalize experiences (e.g., AI recommendations based on usage).
- To process payments and prevent fraud.To send updates, newsletters, or marketing (with opt-in consent where required, e.g., GDPR ePrivacy, CCPA).
- To improve our AI models (anonymized data only, unless consented).
- For analytics, research, and compliance (e.g., audit logs under POPIA, PDPL).
- To respond to legal requests or protect rights (e.g., under all listed laws).
We do not sell your personal data (as defined under CCPA/CPRA, LGPD). For AI training, we use anonymized or pseudonymized data, with opt-out options.
3. Sharing Your Information
We share data only when necessary:
-
Service Providers: With vendors for hosting, analytics, or payment (e.g., AWS, Stripe), bound by data processing agreements (DPAs) compliant with GDPR, PIPL, etc.
-
Affiliates: Within Evrmind Limited for internal operations.
Legal
- Requirements: With authorities if required by law (e.g., under APPI, Russian law).
-
Business Transfers: In mergers or acquisitions, with notice and consent where required (e.g., DPDP, PDPL).
-
With Consent: For marketing partners or integrations (e.g., app connections).
We do not share data with third parties for their own marketing without consent. For international transfers (e.g., from EU/UK to USA), we use Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or adequacy decisions (e.g., under GDPR, APPI, PIPL data export rules).
4. Data Security
We use industry-standard measures to protect data, including encryption, access controls, and regular audits (compliant with GDPR Article 32, PIPL, POPIA). However, no system is 100% secure; we cannot guarantee absolute security. In case of a breach, we notify affected users and authorities as required (e.g., within 72 hours under GDPR/UK GDPR, 3 days under CCPA, immediate under PIPL).
5. Data Retention
We retain data only as long as necessary for the purposes described (e.g., account data until deletion request). We delete or anonymize data upon request or when no longer needed, in line with legal requirements (e.g., 30 days under CCPA, as required under LGPD, PDPL).
6. Your Rights
Depending on your jurisdiction, you have rights including:
-
Access: Request a copy of your data (GDPR, CCPA, LGPD, PIPL, DPDP, POPIA, PDPL).
Rectification: Correct inaccurate data.
-
Deletion: Erase your data (“right to be forgotten” under GDPR, “delete” under CCPA, similar under APPI, PIPL, DPDP).
-
Opt-Out: Of sales/sharing (CCPA), targeted ads, or profiling (GDPR, LGPD).
-
Portability: Receive data in a portable format (GDPR, PIPL, DPDP).
-
Objection: To processing based on legitimate interests (GDPR, APPI).
-
Withdraw Consent: At any time, where applicable (e.g., PIPL, PDPL, POPIA).
-
Non-Discrimination: No penalty for exercising rights (CCPA).
To exercise rights, contact us at
hello@evrmind.io. We respond within 30 days (GDPR, CCPA 45 days, PIPL 15 days, etc.). For CCPA/CPRA, you can designate an authorized agent. For PIPL (China), we provide localized mechanisms. For Russia, we comply with data localization.
7. International Data Transfers
Evrmind is UK-based, but we may transfer data to servers in the EU, USA, or other regions. We use approved mechanisms:
- Adequacy decisions (e.g., UK-EU).
- SCCs or IDTAs (GDPR, UK GDPR).
- Consent or contracts (APPI, PIPL, DPDP, LGPD, PDPL, POPIA, Russian law).
- Data is not transferred to jurisdictions without adequate protections.
8. Children's Privacy
Our services are not intended for children under 16 (GDPR) or 13 (COPPA, USA). We do not knowingly collect data from children. If we discover such data, we delete it immediately. Parents can contact us for removal.
9. Third-Party Links
Our site may link to third-party sites. We are not responsible for their privacy practices. Review their policies.
10. Changes to This PolicyWe may update this Policy to reflect changes in our practices or laws. We will notify you via email or site notice for significant changes (as required under GDPR, CCPA, LGPD). Continued use constitutes acceptance.
11. Contact Us
For questions or complaints, contact our Data Privacy Lead:
Email:
hello@evrmind.ioFor EU users, you can lodge complaints with your local supervisory authority (e.g., ICO in UK). For CCPA, contact the California Attorney General. For PIPL, the Cyberspace Administration of China. For other jurisdictions, contact relevant authorities (e.g., ANPD in Brazil, NDPC in India).
This Policy is governed by UK law, with jurisdiction in UK courts, subject to mandatory local laws.
By using Evrmind, you acknowledge this Policy
