Evericade, Inc. (“Evericade”, “we”, “our”, or “us”) provides tools that verify real business communication and produce anonymised analytics.
We take privacy seriously. This policy explains what information we collect, how we use it, and your rights under data-protection laws including the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA).

1. Information We Collect
When users intentionally BCC Evericade in an email or integrate our service:

• Email header metadata: sender and recipient domains, message ID hash, routing signatures (SPF/DKIM), timestamp.

• Account information: user email address, display name, and wallet or payment information if you participate in reward programs.

• Technical data: browser type, IP address, device logs, limited cookies used for session management.

We do not store or read email subject lines or message content. Those are automatically discarded.

2. How We Use Information
We process the limited data we collect to:

1. Verify that legitimate business communication occurred between domains.

2. Provide users with rewards or credits for verified work activity.

3. Generate anonymised, aggregated analytics used for research and commercial insight (e.g., trends by industry or geography).

4. Maintain and secure our systems.

5. Comply with legal obligations and respond to lawful requests.
   
   

3. Legal Basis for Processing (GDPR / UK-GDPR)
Our processing relies primarily on Legitimate Interest (Article 6(1)(f) GDPR):
users voluntarily submit email metadata to verify and record professional activity.
This processing is minimal, expected, and does not override data-subject rights.

Where users create an account or receive rewards, processing may also rely on Performance of a Contract (Article 6(1)(b)).
In limited cases (marketing communications, optional surveys) we may rely on Consent (Article 6(1)(a)).

4. Data Sharing
We share only aggregated, anonymised analytics with trusted clients and partners.
These datasets never include personal information or identifiable metadata.
We do not sell personal data.
Service providers (e.g., hosting, analytics, payments) act as processors under written agreements requiring confidentiality and data-security standards.

5. Data Retention

• Header metadata: retained up to 12 months for verification, then permanently anonymised.

• Account details: retained while your account is active or as required for accounting/legal obligations.

• Aggregated analytics: retained indefinitely in non-identifiable form.
  
  

6. International Transfers
Evericade is based in the United States.
If you access our services from the EEA, UK, or other regions with laws governing data collection, please note that we may transfer your data to the US where privacy standards differ.
We implement Standard Contractual Clauses and other safeguards as required by law.

7. Security
We use encryption in transit and at rest, access controls, and network monitoring.
Message content is automatically dropped at ingress and cannot be reconstructed.

8. Your Rights
Depending on your jurisdiction, you may have rights to:

• Access, correct, or delete your data.

• Object to or restrict processing.

• Receive a copy of data you provided (data portability).

• Withdraw consent where applicable.

To exercise these rights, email privacy@evericade.com.
We may need to verify your identity before fulfilling requests.

9. Children
Our services are intended for business professionals. We do not knowingly collect data from children under 16.

10. Updates
We may update this policy from time to time.
The “Last updated” date indicates the latest revision.
If changes are material, we will notify users via email or site notice.

11. Contact Us
Evericade, Inc.
San Francisco, CA 94105 USA
Email: privacy@evericade.com

Addendum – EEA / UK Residents

You may contact our EU representative at eu-rep@evericade.com or our UK representative at uk-rep@evericade.com.
You also have the right to lodge a complaint with your local supervisory authority.

Addendum - California Residents

We do not sell or share personal information as defined under the CCPA/CPRA.
You may request disclosure or deletion of data we hold about you by contacting privacy@evericade.com.

© 2025 Evericade Inc. All rights reserved.