Last updated: March 2026

Privacy Policy

At Evara Studio, we take your privacy seriously. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your personal data. This policy applies to all users of the Evara Studio platform and websites built using our Service.

1. Information We Collect

Information You Provide

  • Account information: Name, email address, password (hashed), and company or organization name when you create an account
  • Profile information: Avatar, role preferences, and account settings you configure
  • Payment information: Billing address and payment method details, processed and stored securely by Stripe (we do not store full card numbers)
  • Content: Website content, images, files, and other materials you upload or create using the Service
  • Communications: Messages you send to us through support channels, feedback forms, or email

Information Collected Automatically

  • Usage data: Pages visited, features used, actions taken within the Service, and timestamps
  • Device information: Browser type, operating system, screen resolution, and device identifiers
  • Log data: IP addresses, referring URLs, access times, and error logs
  • Performance data: Page load times, Core Web Vitals, and application performance metrics

2. How We Use Your Data

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information including purchase confirmations and invoices
  • Send you technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities to improve user experience
  • Detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities
  • Personalize and improve your experience, including providing content recommendations
  • Send promotional communications (with your consent, and with easy opt-out)

We process your data based on legitimate interest (operating and improving the Service), contractual necessity (providing the Service you signed up for), your consent (marketing communications), and legal obligations (tax and regulatory compliance).

3. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, and understand how you interact with the platform. The types of cookies we use include:

  • Essential cookies: Required for the Service to function, including authentication session cookies and CSRF protection tokens. These cannot be disabled.
  • Functional cookies: Remember your preferences such as language, theme settings, and recently visited pages
  • Analytics cookies: Help us understand how users interact with the Service so we can improve it. We use privacy-respecting analytics that do not track users across websites.

We do not use third-party advertising cookies or sell tracking data to advertisers. You can manage cookie preferences through your browser settings.

4. Third-Party Services

We integrate with the following third-party services to operate the platform. Each has its own privacy policy governing their handling of your data:

Stripe (Payment Processing)

We use Stripe to process payments securely. When you make a purchase, your payment information is sent directly to Stripe and is subject to Stripe's Privacy Policy. We receive only a tokenized reference, the last four digits of your card, and transaction status information.

SendGrid (Email Delivery)

We use SendGrid (Twilio) to deliver transactional emails such as password resets, account confirmations, and system notifications. Email addresses and message content are shared with SendGrid solely for delivery purposes, governed by Twilio's Privacy Policy.

Google (Single Sign-On)

If you choose to sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password. This integration is governed by Google's Privacy Policy.

Cloud Infrastructure

Your data is hosted on secure cloud infrastructure. All data is encrypted in transit (TLS 1.2+) and at rest. Our infrastructure providers maintain SOC 2 Type II compliance.

Anthropic (AI Features)

Our AI-powered features (website generation, copywriting, screenshot-to-layout) use Anthropic's Claude AI models. When you use AI features, your input (text prompts, page content, uploaded screenshots) is sent to Anthropic for processing. Anthropic does not use your inputs to train their models. Processing is governed by Anthropic's Privacy Policy. We do not store your AI prompts beyond the session in which they are used.

Analytics & Heatmaps

Our built-in analytics collect anonymized visitor behavior data on websites you publish, including page views, click positions, scroll depth, and session duration. This data is stored in your account and is not shared with third parties. If you enable Google Analytics or Meta Pixel integrations, those services will also collect data according to their own privacy policies.

5. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We share your information only in the following circumstances:

  • Service providers: With trusted vendors who help us operate the Service (as described above), under strict data processing agreements
  • Legal requirements: When required by law, regulation, legal process, or governmental request
  • Safety: When we believe disclosure is necessary to protect the rights, property, or safety of Evara Studio, our users, or the public
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
  • With your consent: When you explicitly authorize us to share your information

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • Bcrypt hashing for passwords with salt
  • Role-based access control with least-privilege principles
  • Regular security audits and penetration testing
  • Rate limiting and brute-force protection on authentication endpoints
  • CSRF protection on all state-changing operations
  • Comprehensive audit logging of administrative actions

While we take extensive measures to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

7. Your Rights (GDPR and Global Privacy)

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete personal data
  • Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Restriction: Request that we restrict processing of your personal data
  • Portability: Request your data in a structured, commonly used, machine-readable format
  • Objection: Object to processing of your personal data for certain purposes
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 days. For EU/EEA residents, you also have the right to lodge a complaint with your local data protection authority.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods include:

  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Website content: Retained while your account is active, with a 30-day grace period after account closure for data export
  • Payment records: Retained for 7 years as required by tax and financial regulations
  • Security logs: Retained for 12 months for security and abuse prevention
  • Analytics data: Aggregated and anonymized after 24 months

After the applicable retention period, data is securely deleted or anonymized so that it can no longer be associated with you.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, or other legally recognized transfer mechanisms.

10. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal data from a child under 16, we will take steps to delete that information as quickly as possible. If you believe a child under 16 has provided us with personal data, please contact us at [email protected].

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information we collect and how it is used
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the Service at least 30 days before the changes take effect. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Evara Studio — Data Protection
Email: [email protected]
Website: evarastudio.com

For GDPR-related inquiries, you may also contact our Data Protection Officer at [email protected].

See also our Terms of Service