Notice: This English version is an unofficial translation provided for the convenience of international readers. Only the French version is legally binding. Read the French version →
Applicable to the eva-i.ai site and to the products published by EVA-I. Compliant with the General Data Protection Regulation (GDPR, EU Regulation 2016/679), the French Data Protection Act ("Loi Informatique et Libertés"), and the Digital Services Act (EU 2022/2065).
This policy covers two distinct scopes:
The following principles are permanent and cannot be reversed without prior public modification of this policy.
The site is served as static pages. No cookie banner is displayed because no cookie is set: no audience measurement cookie, no advertising cookie, no personalization cookie.
The hosting provider Cloudflare collects technical logs (IP address, user agent, request timestamps) exclusively for security and attack protection purposes. These logs are not exploited by EVA-I.
If you write to support@eva-i.ai, your contact details and the content of your message are received in a mailbox operated by EVA-I.
The products published by EVA-I are designed to perform inference, personalization and memory locally on the user's device. As a result, EVA-I collects and receives neither the content of conversations, nor processed documents, nor preferences, nor user memory, nor any application usage data.
The only data received by EVA-I in connection with a paid product are: (i) the transaction metadata transmitted by Stripe (amount, currency, date, transaction identifier, status), and (ii) the EVA-ID activation key associated with the subscription, used solely to verify the licence's validity.
The principles of processing (lawfulness, fairness, transparency, purpose limitation, minimization, accuracy, storage limitation, integrity, confidentiality, accountability) defined in Article 5 of the GDPR are observed.
EVA-I is not required to designate a data protection officer (DPO) within the meaning of GDPR Article 37, as its size and activity do not reach the mandatory designation thresholds. GDPR requests are handled by the company's management, reachable at support@eva-i.ai.
Payment processing is operated by Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, United States). Stripe directly collects the email address, payment instrument and billing address. This data does not transit through EVA-I's servers.
EVA-I receives only the transaction metadata necessary for its accounting. Stripe adheres to the EU-US Data Privacy Framework. Stripe policy: stripe.com/privacy.
The eva-i.ai site is served via Cloudflare, Inc.'s infrastructure, which also adheres to the EU-US Data Privacy Framework.
No other external service provider processes data on behalf of EVA-I. In particular, no analytics, marketing automation, externalized CRM, automated prospecting or retargeting tool is used.
The user retains full and exclusive intellectual and material ownership of any content they provide to the applications. EVA-I holds no right of use, transformation, reproduction or reuse over this content.
The user may, at any time, delete, export or withdraw any content they have submitted to the applications. The operation is performed locally, from the application, without intervention by EVA-I, which holds no copy on its servers.
In accordance with the GDPR, you have the following rights: access, rectification, erasure, restriction of processing, portability, objection.
To exercise these rights, write to support@eva-i.ai. A response will be provided within the one-month period prescribed by the GDPR.
You also have the right to lodge a complaint with the French Data Protection Authority (CNIL), 3 place de Fontenoy — TSA 80715 — 75334 PARIS CEDEX 07, France, or via www.cnil.fr.
Technical hosting logs and payment metadata may transit through servers located in the United States (Cloudflare and Stripe). Both providers adhere to the EU-US Data Privacy Framework, ensuring an adequate level of protection under the European Commission's adequacy decision of 10 July 2023.
No other transfer outside the EU is performed by EVA-I.
This policy may evolve. The latest update date appears below. Any substantial modification is notified visibly on the home page of the site before taking effect.
Last updated: 18 May 2026.