Privacy Policy
Effective March 2026
1. Introduction
2. Data We Collect
Account Data
Name, email address, company name, and password (stored only as a bcrypt hash — we never store or see your plaintext password).
Salesforce Data (via OAuth, read-only)
Opportunities (name, stage, amount, close date, owner), Accounts (name, domain, industry), Events and Tasks (subject, dates, attendees), Users (name, email, role).
Google Calendar Data (via OAuth, read-only)
Calendar events (title, times, attendees, status). Event metadata for rescheduling detection.
Gong Data (optional, via API key, read-only)
Call metadata: summaries, topics, action items. We do not access raw recordings or audio.
Usage Data
Pages visited and features used (Vercel Analytics, anonymous). Errors encountered (Sentry, PII disabled). Audit events (setting changes, exports, sync triggers).
3. How We Use Your Data
We use your data exclusively to provide the Evivant service: computing deal health scores, generating diagnostics, creating AI-powered summaries, and sending notifications based on your preferences.
We do not sell your data, share it with other customers, use it for advertising, use it to train AI models, or aggregate it across organizations.
4. Data Storage & Security
| Database | Neon PostgreSQL, US-East-1 (AWS) |
| Hosting | Vercel, US |
| Encryption at rest | OAuth tokens encrypted with AES-256-GCM |
| Encryption in transit | HTTPS enforced (TLS 1.2+) |
| Multi-tenancy | All data scoped by organization ID — complete isolation |
| Access control | Role-based (Owner/Admin/Member), server-side enforcement |
See our Security Overview for full details.
5. Data Retention
Active organizations: Data retained for the lifetime of the account.
Closed accounts: All data deleted within 30 days of a deletion request.
Error logs: Retained by Sentry for 90 days, then automatically purged.
6. Subprocessors
| Vercel | Application hosting — all data in transit |
| Neon | Database hosting — all stored data |
| Sentry | Error monitoring — error context (no PII, no tokens) |
| Resend | Email delivery — recipient email, notification content |
| Anthropic | AI summaries — deal context (no credentials or tokens) |
7. Your Rights
Access: View all your data through the dashboard.
Export: Full JSON export, CSV export, and PDF export available in Settings.
Correction: Account info editable in Settings. Salesforce/Calendar data refreshes automatically.
Deletion: Request complete deletion by contacting us. Completed within 30 days.
Portability: JSON export includes all data in structured, machine-readable format.
8. Integration Permissions
Evivant operates in read-onlymode. We never create, update, or delete records in Salesforce, Google Calendar, or Gong. You can revoke access at any time through your system's settings.
9. Cookies
We use session cookies (required, HTTP-only, secure), Vercel Analytics (anonymous page views), and Vercel Speed Insights (performance monitoring). No advertising cookies or third-party trackers.
10. Changes
11. Contact
For privacy questions or data subject requests: hello@evivant.io