Privacy Policy
Last updated: April 29, 2026
Covers residents in the United States, Canada (PIPEDA & Quebec Law 25), and United Kingdom (UK GDPR). Contact us to request our Data Processing Agreement (DPA).
Evolve Edge (“Evolve Edge,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and share information when you use our platform and services.
1. Information We Collect
We collect the following categories of information:
- Account data: Your name, email address, organization name, and credentials when you create an account.
- Usage and analytics data: Pages visited, features used, session duration, and interaction events within the platform.
- Evidence files and audit data: Documents, assessments, control evidence, and audit logs that you upload or generate within the platform.
- Billing information: Payment method details and transaction history processed by our payment provider, Stripe. We do not store full card numbers.
- Communications: Messages you send us via email or contact forms.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process billing and manage your subscription
- Power compliance workflows, AI risk assessments, and audit delivery
- Send transactional emails (account setup, report delivery, renewal reminders)
- Improve and develop the platform through aggregate, anonymized analytics
- Comply with legal obligations and enforce our Terms of Service
We do not use your Customer Data to train third-party AI models, and we do not sell your personal information to third parties.
3. Third-Party Sub-Processors
We share data with the following sub-processors to operate the Service:
| Sub-processor | Purpose |
|---|---|
| Stripe | Payment processing and billing management |
| Resend | Transactional email delivery |
| n8n | Workflow automation and audit delivery |
| HubSpot | CRM and lead management |
| OpenAI | AI processing for assessments and reports |
| Neon | Database hosting (Postgres) |
| Vercel | Application hosting and CDN |
4. Data Retention
We retain your account and usage data for as long as your account is active or as needed to provide the Service. Compliance evidence files and audit reports are retained according to your organization’s configured retention policy. The default retention period for compliance data is 7 years, consistent with typical regulatory requirements for SOC 2 and related frameworks. You may request deletion of your data by contacting us (see Section 7).
5. Security
We implement appropriate technical and organizational security measures to protect your information, including:
- Encryption in transit using TLS for all data transfers
- Password hashing using strong one-way hash algorithms
- Comprehensive audit logging of access and changes
- Role-based access controls limiting data access to authorized personnel
- Regular security reviews and vulnerability assessments
6. Cookies
We use session cookies to authenticate your session and maintain your signed-in state. We do not use third-party tracking or advertising cookies. Session cookies are deleted when you sign out or when your browser session ends.
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Request deletion of your personal data
- Export your data in a portable format
- Object to or restrict certain processing
To exercise any of these rights, please contact us at info@evolveedgeai.com. We will respond within 30 days.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
9. Contact
If you have questions or concerns about this Privacy Policy, please contact us at: info@evolveedgeai.com.