This Privacy Policy ("Policy") describes how Evalon AI ("Evalon," "we," "our," or "us") collects, uses, and protects information when providing identity verification services ("Services") to our customers.
1. Data Controller and Processor Roles
Evalon AI acts as a data processor on behalf of our customers, who serve as the data controllers. We process data solely in accordance with our customers' documented instructions.
2. Information We Process
In connection with providing our Services, we process only the technical metadata information necessary for service delivery. We do not process the content of customer data.
3. Data Security
We maintain organizational, technical, and administrative measures designed to protect data processed through our Services. These measures are designed to provide a level of security appropriate to the risk associated with the processing of such data and to protect against unauthorized access, destruction, loss, alteration, or misuse.
4. Data Retention
We retain data for up to twelve (12) months for purposes of service delivery and contractual obligations. Following termination of a customer relationship, data is retained for up to three (3) additional months, after which it is securely deleted in accordance with our data retention procedures.
5. Data Subject Rights
Under applicable data protection laws, including the General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA"), individuals have certain rights with respect to their personal data, including rights of access, correction, deletion, and data portability. As Evalon AI processes data on behalf of our customers who act as data controllers, requests to exercise data subject rights should be directed to the applicable customer organization. We will assist our customers in responding to such requests in accordance with applicable law.
6. International Data Transfers
We comply with applicable data protection laws governing international data transfers, including GDPR requirements. Where required, we implement appropriate transfer mechanisms, including Standard Contractual Clauses approved by the European Commission.
7. Disclosure of Information
We do not sell customer data. We do not use or disclose customer data for purposes unrelated to providing our Services, except as required by law or with customer authorization.
8. Security Incident Notification
In the event of a security incident or data breach affecting customer data, we will notify affected customers without undue delay and in accordance with applicable legal requirements.
9. Artificial Intelligence
Our Services may incorporate artificial intelligence and machine learning technologies. All processing involving such technologies is conducted in accordance with the security and privacy commitments set forth in this Policy.
10. Cookies and Similar Technologies
Our website uses cookies and similar technologies necessary for website functionality and performance. We do not use cookies to track users across third-party websites or sell cookie-related data to third parties.
11. Contact Information
For inquiries regarding this Privacy Policy or our data protection practices, please contact us at:
Email: privacy@evalon.ai
12. Policy Updates
We reserve the right to update this Policy periodically. Material changes will be communicated to customers through appropriate channels. Continued use of our Services following notification of changes constitutes acceptance of the updated Policy.