Privacy Policy

EvidenceOps is a tool that helps you organize evidence for compliance audits. We take your privacy seriously and are transparent about how we handle your data.

• Account information: Email address and name (via Clerk authentication)
• Workspace data: Evidence files, requests, audit cycles, and related metadata that you upload or create
• Usage data: Basic analytics to understand how you use the product (page views, feature usage)
• Payment information: Handled by Stripe; we do not store credit card numbers

• To provide the EvidenceOps service
• To generate AI summaries and matching suggestions for your evidence
• To create export packages for your auditors
• To send transactional emails (password resets, auditor link notifications)
• To improve the product based on aggregate usage patterns

• Database: PostgreSQL hosted on Neon (serverless)
• Files: Vercel Blob Storage (encrypted at rest)
• Hosting: Vercel (US-based infrastructure)

Your data is logically isolated by workspace. We do not access your data except to provide the service or when required by law.

We use the following third-party services:

• Clerk: Authentication
• Stripe: Payment processing
• OpenAI: AI-powered evidence summaries (your evidence text is sent to OpenAI's API)
• Resend: Transactional email

We retain your data for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where we are required to retain it for legal or compliance purposes.

You can:

• Export your workspace data at any time from Settings
• Request deletion of your account and data by emailing support@evidenceops.net
• Access and correct your personal information through your account settings

For privacy-related questions, contact us at support@evidenceops.net