Privacy Policy

Effective March 2026

1. Introduction

Evivant is a presales operations platform that helps sales engineering teams understand their pipeline through automated data capture and intelligence. This policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

Account Data

Name, email address, company name, and password (stored only as a bcrypt hash — we never store or see your plaintext password).

Salesforce Data (via OAuth, read-only)

Opportunities (name, stage, amount, close date, owner), Accounts (name, domain, industry), Events and Tasks (subject, dates, attendees), Users (name, email, role).

Google Calendar Data (via OAuth, read-only)

Calendar events (title, times, attendees, status). Event metadata for rescheduling detection.

Gong Data (optional, via API key, read-only)

Call metadata: summaries, topics, action items. We do not access raw recordings or audio.

Usage Data

Pages visited and features used (Vercel Analytics, anonymous). Errors encountered (Sentry, PII disabled). Audit events (setting changes, exports, sync triggers).

3. How We Use Your Data

We use your data exclusively to provide the Evivant service: computing deal health scores, generating diagnostics, creating AI-powered summaries, and sending notifications based on your preferences.

We do not sell your data, share it with other customers, use it for advertising, use it to train AI models, or aggregate it across organizations.

4. Data Storage & Security

DatabaseNeon PostgreSQL, US-East-1 (AWS)
HostingVercel, US
Encryption at restOAuth tokens encrypted with AES-256-GCM
Encryption in transitHTTPS enforced (TLS 1.2+)
Multi-tenancyAll data scoped by organization ID — complete isolation
Access controlRole-based (Owner/Admin/Member), server-side enforcement

See our Security Overview for full details.

5. Data Retention

Active organizations: Data retained for the lifetime of the account.

Closed accounts: All data deleted within 30 days of a deletion request.

Error logs: Retained by Sentry for 90 days, then automatically purged.

6. Subprocessors

VercelApplication hosting — all data in transit
NeonDatabase hosting — all stored data
SentryError monitoring — error context (no PII, no tokens)
ResendEmail delivery — recipient email, notification content
AnthropicAI summaries — deal context (no credentials or tokens)

7. Your Rights

Access: View all your data through the dashboard.

Export: Full JSON export, CSV export, and PDF export available in Settings.

Correction: Account info editable in Settings. Salesforce/Calendar data refreshes automatically.

Deletion: Request complete deletion by contacting us. Completed within 30 days.

Portability: JSON export includes all data in structured, machine-readable format.

8. Integration Permissions

Evivant operates in read-onlymode. We never create, update, or delete records in Salesforce, Google Calendar, or Gong. You can revoke access at any time through your system's settings.

9. Cookies

We use session cookies (required, HTTP-only, secure), Vercel Analytics (anonymous page views), and Vercel Speed Insights (performance monitoring). No advertising cookies or third-party trackers.

10. Changes

Material changes communicated to account owners via email at least 30 days before taking effect.

11. Contact

For privacy questions or data subject requests: hello@evivant.io