Privacy & GDPR
Privacy-first by design
Evident was built with GDPR compliance enforced at the infrastructure level — not added as an afterthought. The key principle: Evident identifies organizations, not individuals. It does not process personally identifiable information (PII) about website visitors.
What Evident does and does not collect
Evident enriches IP addresses with company-level data:
- Organization name and domain
- Industry classification
- Geographic location (country, region, city)
- Infrastructure type
Evident does not:
- Identify individual users, names, or email addresses
- Store visitor cookies or fingerprint browsers
- Track individual user journeys across sessions
- Process any PII about the people behind the IP addresses
GDPR compliance
Lawful basis
IP-to-organization enrichment — where only company-level data is returned — typically falls under legitimate interests as the lawful basis under GDPR, since no personal data about individuals is processed. However, consult your own legal counsel to confirm the correct basis for your specific use case and jurisdiction.
Data retention
Enrichment results are retained according to your plan:
| Plan | Retention |
|---|---|
| Free | 7 days |
| Starter and above | 14 days |
| Custom | Configurable |
After the retention period, enrichment data is automatically deleted. The 14-day caching window aligns with the retention policy — cached results are available for the same duration.
Data residency
Evident is deployed and stores all data within the EU. We don’t currently offer multi-region deployment.
Tenant data isolation
Evident uses Row-Level Security (RLS) in PostgreSQL to ensure that each customer’s data is physically isolated. One tenant cannot access another’s enrichment results or account data.
Secret storage
Integration credentials (API keys, secrets) are encrypted with Fernet symmetric encryption before storage. Credentials are never stored in plaintext or in environment variables.
Questions about privacy compliance
For privacy-related questions or compliance requirements, contact support@useevident.com.