EVY Privacy Policy

Last Updated: February 3, 2026

Effective Date: February 3, 2026

Introduction

Welcome to EVY. This Privacy Policy explains how EVY Labs, LLC ("EVY," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our voice-driven workspace for content creation (the "Service" or "EVY").

We are committed to protecting your privacy and being transparent about our data practices. This Privacy Policy applies to all users of EVY, whether you use our Free plan or Plus plan.

Important: By using EVY, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.

Table of Contents

1. Information We Collect
2. How We Use Your Information
3. How We Share Your Information
4. AI Models and Data Processing
5. Data Storage and International Transfers
6. Data Retention
7. Your Rights and Choices
8. Security
9. Cookies and Tracking Technologies
10. Children's Privacy
11. Changes to This Privacy Policy
12. Contact Us
13. Additional Information for EU/EEA Users

1. Information We Collect

We collect several types of information to provide and improve our Service.

1.1 Information You Provide to Us

Account Information:

• Full name
• Email address
• Password (encrypted and stored securely)
• Payment information (processed securely by Stripe; we do not store full credit card details)

Information from Social Sign-In:

If you choose to sign in using Google, we receive:

• Your Google account email address
• Your name (as set in your Google account)
• Your profile picture (if available)

We use this information solely to create and manage your EVY account. We do not access your Google contacts, calendar, or other Google services unless you explicitly connect them as integrations.

Company and Brand Information:

• Company name
• Industry/sector
• Company size
• Brand guidelines and preferences
• Team structure and organization
• Role/job title within your organization

User Role Information:

• Your role in your company
• Department or team
• Permissions and access levels within EVY

Content You Create:

• Documents, articles, and other content you create using EVY
• Meeting transcriptions and recordings (when you use our AI meeting recording feature)
• Voice inputs and dictation
• Example texts and templates you provide to train EVY's writing style
• Comments, feedback, and suggestions
• Version history of your documents

Voice and Biometric Data:

• Voice recordings during dictation and meetings
• Voiceprints (voice embeddings) - mathematical representations of your voice characteristics used for speaker identification
• Speaker diarization data to identify who said what in meetings

Important: Voiceprints are biometric identifiers. We use them solely to identify speakers in your meetings and improve transcription accuracy. You can request deletion of your voiceprint data at any time by contacting help@evy.so.

Communications:

• Support requests and correspondence with our team
• Feedback and survey responses
• Any other information you choose to provide

1.2 Information We Collect Automatically

Usage Information:

• Features you use and how you use them
• Time, frequency, and duration of your activities
• Actions you take within EVY
• Documents created, edited, and deleted
• AI requests and generations
• Credits used (for Plus plan users)

Device and Technical Information:

• IP address
• Browser type and version
• Operating system
• Device type and identifiers
• Screen resolution
• Time zone and language settings

Log Data:

• Access times and dates
• Pages viewed
• Error logs and diagnostic information
• Performance data

1.3 Information from Third-Party Integrations

If you choose to connect third-party services to EVY (such as calendar integrations, file storage, or other tools), we may collect:

• Information necessary to enable the integration
• Data you authorize us to access from the third-party service
• Authentication tokens (stored securely)

You control these integrations and can disconnect them at any time through your account settings.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Improve Our Service

• Content Generation: We use your documents, company information, brand guidelines, and writing examples as context to generate new content that matches your style and needs
• Personalization: Customize EVY's suggestions and outputs based on your preferences, company information, and past usage
• AI Enhancement: Improve EVY's accuracy, writing quality, and ability to match your brand voice
• Product Development: Analyze usage patterns to develop new features and improve existing ones
• Service Operation: Maintain, operate, and provide our Service to you

2.2 To Communicate with You

• Send you service updates, security alerts, and administrative messages
• Respond to your questions, comments, and support requests
• Send you marketing communications (with your consent, where required)
• Request feedback and conduct surveys

2.3 For Business Operations

• Process payments and manage subscriptions
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our Terms of Service
• Protect our rights, property, and safety, and that of our users

2.4 For Analytics and Research

• Analyze how users interact with EVY (in aggregated, de-identified form)
• Conduct research to improve our AI models and features
• Generate anonymized statistics and insights about Service usage

Important Note on AI Training: We may use aggregated and de-identified version history data to improve EVY's writing accuracy and personalization. However:

• We do NOT use your final published content without explicit permission
• All data used for improvement is anonymized and cannot be traced back to you
• You can opt out of this usage by emailing help@evy.so
• We never share your specific content with other users

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following limited circumstances:

3.1 With Your Consent

• When you explicitly authorize us to share information (e.g., enabling third-party integrations)
• When you choose to share content or collaborate with others through EVY

3.2 With Service Providers (Subprocessors)

We work with trusted third-party companies that help us provide and improve our Service. These service providers may access your information only to perform services on our behalf and are obligated to protect your information.

Current Subprocessors:

AI Model Providers:

• OpenAI (ChatGPT/GPT models) - For AI content generation, analysis, and processing
  • Location: United States
  • Purpose: AI inference and content generation
  • Data shared: Your prompts, documents, and content for generation purposes
  • Privacy: https://openai.com/privacy
• Groq - For AI content generation and text processing
  • Location: United States
  • Purpose: LLM inference for conversation summarization and content processing
  • Data shared: Conversation text and content for processing
  • Privacy: https://groq.com/privacy-policy/
• Google (Gemini) - For content research and generation
  • Location: United States
  • Purpose: Content research, URL analysis, and structured content generation
  • Data shared: URLs, content queries, and workspace context
  • Privacy: https://policies.google.com/privacy
• Deepgram - For speech-to-text transcription
  • Location: United States
  • Purpose: Alternative speech recognition and transcription
  • Data shared: Audio data for transcription
  • Privacy: https://deepgram.com/privacy
• Cartesia - For text-to-speech synthesis
  • Location: United States
  • Purpose: Voice synthesis and audio generation
  • Data shared: Text content for speech synthesis
  • Privacy: https://cartesia.ai/privacy
• Anthropic (Claude) - For AI content generation and analysis
  • Location: United States
  • Purpose: AI inference and content generation
  • Data shared: Your prompts, documents, and content for generation purposes
  • Privacy: https://www.anthropic.com/privacy
• xAI (Grok) - For AI content generation and processing
  • Location: United States
  • Purpose: AI inference and content generation
  • Data shared: Your prompts, documents, and content for generation purposes
  • Privacy: https://x.ai/legal/privacy-policy
• OpenRouter - For AI model routing and API access
  • Location: United States
  • Purpose: API gateway for accessing multiple AI models
  • Data shared: Your prompts and content routed to underlying AI providers
  • Privacy: https://openrouter.ai/privacy
• ElevenLabs - For text-to-speech and voice synthesis
  • Location: United States
  • Purpose: Voice synthesis, text-to-speech, and audio generation
  • Data shared: Text content for speech synthesis
  • Privacy: https://elevenlabs.io/privacy-policy
• AssemblyAI - For speech-to-text transcription
  • Location: United States
  • Purpose: Speech recognition and audio transcription
  • Data shared: Audio data for transcription
  • Privacy: https://www.assemblyai.com/legal/privacy-policy
• LiveKit - For real-time audio/video communication
  • Location: United States
  • Purpose: Real-time audio and video streaming infrastructure
  • Data shared: Audio and video streams during real-time sessions
  • Privacy: https://livekit.io/legal/privacy-policy
• Cerebras - For AI inference and content generation
  • Location: United States
  • Purpose: High-performance AI inference and content processing
  • Data shared: Your prompts and content for generation purposes
  • Privacy: https://cerebras.ai/privacy-policy

Important: When you use EVY, your content is sent to these AI providers to generate responses. While we use these services, we:

• Only send content necessary for generation
• Do not authorize these providers to use your data to train their models
• Require these providers to protect your data according to their privacy policies
• Choose providers with strong security and privacy practices

Authentication Providers:

• Google Identity Services - For user authentication
  • Location: United States
  • Purpose: Social sign-in and account authentication
  • Data shared: Authentication tokens; we receive your email, name, and profile picture
  • Privacy: https://policies.google.com/privacy

Payment Processing:

• Stripe - For payment processing and subscription management
  • Location: United States
  • Purpose: Processing payments, managing subscriptions, and billing
  • Data shared: Name, email, billing address, and payment method details
  • Privacy: https://stripe.com/privacy

Other Service Providers:

• Hosting and infrastructure providers (for data storage and computing)
• Analytics providers (for usage analytics)
• Email service providers (for transactional emails and communications)
• Customer support tools

We maintain a complete list of subprocessors and will notify customers of any changes. EU/EEA customers can request the current list at help@evy.so.

3.3 For Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal process (subpoena, court order, etc.)
• Government requests
• Situations involving potential threats to safety
• Protection of our legal rights

3.4 Business Transfers

If EVY is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

3.5 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you, including:

• Usage statistics and trends
• Industry benchmarks
• Research findings

4. AI Models and Data Processing

EVY is an AI-powered content creation tool. Here's exactly how we use AI with your data:

4.1 How We Use AI

Content Generation: When you use EVY to create or edit content, we send your:

• Current document or prompt
• Relevant company/brand information you've provided
• Writing style examples you've shared
• Document version history (for context)

This information is sent to our AI providers (including OpenAI, Anthropic, xAI, Groq, Google Gemini, OpenRouter, Deepgram, AssemblyAI, Cartesia, ElevenLabs, LiveKit, and Cerebras) to generate responses that match your needs.

Context and Memory: EVY uses your past documents and preferences as context to:

• Understand your brand voice and style
• Make relevant suggestions
• Maintain consistency across your content
• Personalize outputs to your specific needs

4.2 What We Don't Do

• ❌ We do NOT use your content to train our own AI models (we don't have our own models)
• ❌ We do NOT share your content with other EVY users
• ❌ We do NOT use your final published content without explicit permission
• ❌ We do NOT allow AI providers to train their public models on your data (per our agreements with them)

4.3 Your Control

• ✅ You own 100% of the content you create with EVY
• ✅ You can delete your content at any time
• ✅ You can opt out of version history usage for improvement
• ✅ You can export all your data
• ✅ You can disconnect third-party integrations

4.4 AI Accuracy and Reliability

AI-generated content may sometimes be inaccurate, incomplete, or inappropriate. You are responsible for:

• Reviewing all AI-generated content before use
• Ensuring content accuracy and appropriateness
• Verifying facts and claims
• Ensuring compliance with applicable laws and regulations

5. Data Storage and International Transfers

5.1 Where We Store Your Data

Your data is stored on secure servers located in:

• European Union (primary data center)
• United States (backup and redundancy)

We use industry-leading cloud infrastructure providers with strong security practices.

5.2 International Data Transfers

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal information may be transferred to and processed in the United States and other countries where our service providers operate.

We ensure appropriate safeguards are in place for these transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• EU-U.S. Data Privacy Framework participation (where applicable)
• Adequate data protection measures required by GDPR

For more information about our data transfer mechanisms, contact us at help@evy.so.

6. Data Retention

6.1 How Long We Keep Your Data

We retain your personal information for as long as necessary to:

• Provide you with our Service
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

Specific Retention Periods:

• Account Information: Retained while your account is active, plus 60 days after deletion
• Content and Documents: Retained while your account is active, plus 30 days for export after cancellation, then permanently deleted within 60 days
• Usage and Log Data: Typically retained for 12-24 months
• Payment Information: Retained as required for tax and accounting purposes (typically 7 years)
• Marketing Communications: Retained until you unsubscribe

6.2 Deletion After Termination

When you cancel your subscription or delete your account:

1. You have 30 days to export your data
2. After 30 days, your content becomes inaccessible
3. Within 60 days of cancellation, we permanently delete your:
   • Documents and content
   • Company information
   • User role information
   • Personal preferences
4. We may retain certain information longer if required by law or to:
   • Resolve disputes
   • Enforce our Terms of Service
   • Comply with legal obligations

6.3 Anonymized Data

We may retain de-identified, aggregated data indefinitely for analytics, research, and product improvement.

7. Your Rights and Choices

You have several rights regarding your personal information:

7.1 Access and Portability

• Right to Access: Request a copy of the personal information we hold about you
• Right to Data Portability: Receive your data in a structured, commonly used format that you can transfer to another service

How to exercise: Email help@evy.so to request a copy of your data

7.2 Correction and Deletion

• Right to Correct: Update or correct inaccurate or incomplete information
• Right to Delete: Request deletion of your personal information (subject to legal retention requirements)

How to exercise:

• Update information in your account settings
• Email help@evy.so to request account deletion

7.3 Restriction and Objection

• Right to Restrict: Request that we limit how we process your information
• Right to Object: Object to processing based on legitimate interests

How to exercise: Email help@evy.so with your specific request

7.4 Marketing Communications

You can opt out of marketing emails by:

• Clicking "unsubscribe" in any marketing email
• Updating your email preferences in account settings
• Emailing help@evy.so

Note: You will still receive essential service-related emails (security alerts, billing notifications, etc.).

7.5 Cookies and Tracking

You can control cookies through your browser settings. See Section 9 for details.

7.6 AI Data Usage Opt-Out

You can opt out of having your version history used to improve EVY's writing accuracy:

• Email help@evy.so with subject "Opt Out of AI Improvement"
• We will flag your account within 5 business days

8. Security

We take the security of your information seriously and implement appropriate technical and organizational measures, including:

8.1 Technical Safeguards

• Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Access Controls: Role-based access controls and least-privilege principles
• Authentication: Secure password requirements and session management
• Infrastructure: Secure, monitored cloud infrastructure with redundancy
• Monitoring: Continuous security monitoring and logging

8.2 Organizational Safeguards

• Data Access: Limited employee access to personal information on a need-to-know basis
• Training: Regular security awareness training for all employees
• Vendor Management: Security requirements for all service providers
• Incident Response: Documented incident response procedures

8.3 Your Responsibility

You are responsible for:

• Maintaining the confidentiality of your password
• Restricting access to your device and account
• Notifying us immediately of any unauthorized access

No Security is Perfect: While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8.4 Data Breach Notification

In the event of a data breach affecting your personal information, we will:

• Notify you within 72 hours (as required by GDPR)
• Provide details about the breach and affected data
• Explain steps we're taking to address it
• Advise you on protective measures you can take

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve our Service.

9.2 Types of Cookies We Use

Essential Cookies (always active):

• Authentication and security
• Session management
• User preferences

Analytics Cookies (with consent):

• Usage analytics and statistics
• Feature usage tracking
• Performance monitoring

Functionality Cookies (with consent):

• Personalization preferences
• Language settings
• UI customizations

9.3 Third-Party Cookies

We use third-party analytics services (such as PostHog) that use cookies to help us understand how users interact with EVY.

9.4 Your Cookie Choices

Browser Controls: Most browsers allow you to:

• View and delete cookies
• Block cookies from specific sites
• Block all cookies (may affect functionality)

Opt-Out: You can opt out of analytics cookies through:

• Our cookie consent banner (for EU/EEA users)
• Your account settings
• Browser settings

Do Not Track: We honor "Do Not Track" signals from your browser where feasible.

10. Children's Privacy

EVY is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at help@evy.so. We will promptly delete such information from our systems.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

11.1 How We Notify You

When we make material changes, we will:

• Update the "Last Updated" date at the top
• Notify you by email (to your registered email address)
• Display a prominent notice within the Service
• Provide at least 30 days notice before changes take effect

11.2 Your Acceptance

By continuing to use EVY after changes take effect, you accept the updated Privacy Policy. If you do not agree with changes, you should discontinue use and may delete your account.

11.3 Version History

Previous versions of this Privacy Policy are available upon request at help@evy.so.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: help@evy.so

Website: https://evy.so

Response Time: We aim to respond to all inquiries within 5 business days. For data subject rights requests, we will respond within 30 days as required by GDPR.

13. Additional Information for EU/EEA Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, additional protections and rights apply to you under the General Data Protection Regulation (GDPR).

13.1 Legal Basis for Processing

We process your personal information on the following legal bases:

Contract Performance (to provide our Service):

• Account creation and management
• Content generation and storage
• Payment processing
• Customer support

Legitimate Interests (to improve our Service):

• Product development and improvement
• Security and fraud prevention
• Analytics and research (with anonymized data)
• Marketing to existing customers

Consent:

• Marketing communications to new users
• Non-essential cookies
• Optional features and integrations

Legal Obligation:

• Tax and accounting compliance
• Responding to legal requests
• Regulatory compliance

13.2 Your GDPR Rights

In addition to the rights described in Section 7, you have:

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (data protection authority) in your country. A list of EU data protection authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

Right to Withdraw Consent: Where we process your information based on consent, you can withdraw that consent at any time by emailing help@evy.so.

13.3 Data Controller

For GDPR purposes, EVY Labs, LLC is the data controller for your personal information.

13.4 Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at:

Email: help@evy.so (Subject: "GDPR / Data Protection Officer")

13.5 Data Processing Agreement

If you are a business customer processing personal data of EU residents using EVY, we will enter into a Data Processing Agreement (DPA) with you. The DPA is available upon request at help@evy.so.

13.6 International Data Transfers

As mentioned in Section 5, we transfer personal data from the EU/EEA to the United States. We use Standard Contractual Clauses approved by the European Commission to ensure adequate protection. You can request a copy of these clauses at help@evy.so.

Summary of Key Points

Here's a quick summary of our privacy practices:

• ✅ What we collect: Name, email (directly or via Google Sign-In), company info, user role, documents you create, voiceprints for speaker identification, usage data
• ✅ How we use it: To provide EVY's AI content generation, personalize your experience, improve our service
• ✅ AI usage: We send your content to our AI providers (OpenAI, Anthropic, xAI, Groq, Google Gemini, OpenRouter, Deepgram, AssemblyAI, Cartesia, ElevenLabs, LiveKit, Cerebras) to generate responses; you own all output
• ✅ Sharing: We don't sell your data. We only share with service providers necessary to run EVY, and when you enable integrations
• ✅ Your rights: Access, correct, delete, export, and opt out
• ✅ Security: Encrypted storage, secure infrastructure, limited employee access
• ✅ Retention: 30 days for export after cancellation, then permanent deletion within 60 days
• ✅ GDPR: Full compliance for EU/EEA users with all GDPR rights
• ✅ Contact: help@evy.so for any questions or requests