Opening website
Loading Evara...
A polished experience is almost ready.
Powered by Evara
How Evara handles your data.
Overview.
Evara Studio (operated by Evara, Inc., "Evara", "we", "us") provides an AI business platform for websites, CRM, commerce, bookings, forms, marketing, analytics, and automation. This Privacy Policy applies to the marketing site at evara.build, the application at app.evara.build, and any client website you publish through us. By using the service you agree to the practices described here.
If you publish a website with Evara, you become a data controller for visitors to that site. Evara acts as the data processor for the personal data those visitors submit. The contract between Evara and the customer who controls a workspace is the canonical agreement; this policy describes the platform-level practices that apply across every workspace.
What we collect.
Account data: your name, email address, password hash, workspace name, plan, billing address, and payment method (handled by Stripe — Evara never sees full card numbers).
Usage data: pages you visit in the admin, features you click, AI actions you trigger, and high-level performance signals such as response time and error rates. We use this to improve the product and detect abuse.
Content you create: every page, image, video, form, contact, product, and configuration you save in your workspace. We store this so the platform works; we do not read it for advertising or model training.
Visitor data on customer sites: when a visitor fills out a form, books an appointment, or makes a purchase on a site you publish through Evara, we store that submission so it appears in your CRM and is delivered to the recipients you configure. We process this data on your behalf as a data processor.
Device and log data: IP address, user agent, geolocation derived from IP, and basic request logs retained for security and abuse mitigation.
How we use the data.
We use account and content data to operate the service, render your website, route form submissions, run scheduled jobs, send transactional email and webhook notifications, bill you on the correct plan, and provide customer support when you ask.
We use usage and log data to keep the service stable, prevent abuse, monitor AI quota consumption, and improve features the platform exposes. We do not use your content or your visitors' data to train AI models. When you trigger an AI action, the prompt and any selected context are sent to the model provider you have configured (Gemini, OpenAI, Claude, or your own BYOK key) for the duration of that request only.
We send marketing email only to people who have explicitly opted in. Every marketing message includes a one-click unsubscribe link.
Who we share it with.
Subprocessors: a short list of vendors that operate parts of the platform on our behalf, currently including DigitalOcean (hosting), Cloudflare (CDN, DDoS, DNS), Stripe (payments), SendGrid (transactional email), Google Cloud Vertex AI / Gemini (AI inference, default), OpenAI and Anthropic (AI inference, when selected), and an error-tracking provider. Each subprocessor is bound by contract to handle data only for the purposes we instruct.
Legal disclosure: we will release data when compelled by valid legal process, and we will tell you about it unless we are legally prohibited from doing so.
We do not sell your data, your visitors' data, or any data we collect to anyone, ever. We do not run third-party advertising on the marketing site or anywhere inside the application.
Your rights.
You can access, export, correct, or delete the personal data Evara holds about you at any time. Most of this is self-serve from inside the workspace; for anything that is not, email privacy@evara.build and we will respond within thirty days.
If your data is processed by a customer using Evara to publish their own website, your request goes to that customer first — we will assist them in fulfilling it but they are the data controller for their site.
If you are in the EU, UK, or California you have additional rights under GDPR / UK GDPR / CCPA, including the right to object to certain processing and to lodge a complaint with your local supervisory authority. We will honor those requests on the same timeline.
Retention.
Account data is retained for as long as the workspace is active and for ninety days after closure to support reactivation, then deleted. Backups are rotated within thirty additional days.
Form submissions, CRM contacts, products, and other content you create are retained until you delete them or close the workspace. Deletions are permanent after the backup window expires.
Log and security data is retained for ninety days, then aggregated into anonymous metrics and deleted.
Children.
Evara is not directed at children under sixteen and we do not knowingly collect personal data from anyone under sixteen. If you believe we have, email privacy@evara.build and we will delete it.
Changes to this policy.
We will update this page when our practices change. Material changes will be announced by email to every workspace owner at least thirty days before they take effect. The date at the top of this page reflects the most recent revision.
Questions? Email privacy@evara.build. Postal mail can reach us at the address on file with the workspace owner.