Privacy

Evident (“Evident”, “we”, “our”, or “us”) provides a B2B SaaS product that helps teams understand company-level usage signals derived from network and event data. We act as a data controller for personal data processed through our website and application.

• Legal entity: Shaun BROWN — micro-entreprise
• Location: France (European Union)
• Contact: dpo@useevident.com

Our privacy principles

• We focus on company-level identification, not individual profiling.
• We do not sell personal data.
• We do not use data for advertising or cross-site tracking.
• We minimize retention and aggregate data wherever possible.

Some customers outside the EU may choose to associate Evident data with user-level identifiers in their own systems (e.g., CRM). Evident does not perform this re-identification on their behalf.

Personal data we process

What we do not do

• Perform behavioral advertising or ad targeting
• Track users across third-party websites
• Sell or rent personal data
• Use fingerprinting techniques
• Enrich data for individual-level profiling

Purposes of processing

• Provide and operate the Evident service
• Generate company-level analytics and insights
• Authenticate users and secure accounts
• Monitor performance, reliability, and abuse
• Improve product functionality
• Meet legal and compliance obligations

Legal bases for processing (GDPR)

• Contract performance — providing the service you request
• Legitimate interests — security, fraud prevention, product improvement
• Legal obligations — accounting, compliance, and regulatory requirements

We do not generally rely on consent for core product functionality.

Mapping of purposes to legal bases

Customer responsibility

Evident is a business-to-business service. Customers are responsible for ensuring they have a lawful basis to process any personal data they submit to the Evident service, including IP addresses, event data, or identifiers derived from their own systems.

Data retention

• Raw technical data (including IP addresses) is retained for a limited period and then aggregated, anonymized, or deleted.
• Account data is retained for the duration of the customer relationship.
• Data may be retained longer where required by law.
• You may request deletion at any time, subject to legal obligations.

Data sharing and subprocessors

We share data only with trusted service providers necessary to operate the service, including:

• Hosting & infrastructure: Railway Corporation (EU region — Amsterdam)
• Authentication: Clerk
• Product analytics: Amplitude
• Website analytics: Google Analytics (GA4)
• Payments: Merchant of Record provider (planned: Paddle)

These providers process data under contractual obligations and appropriate safeguards. We do not share data with advertisers.

International data transfers

Some service providers may process data outside the European Union. Where this occurs, we rely on appropriate safeguards such as:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions where applicable

Your rights (GDPR)

You have the right to:

• Access your personal data
• Request rectification or deletion
• Object to processing based on legitimate interests
• Request restriction of processing
• Request data portability
• Lodge a complaint with a supervisory authority

Where we rely on legitimate interests as our legal basis, you have the right to object to such processing. We will assess any objection and cease processing unless we demonstrate compelling legitimate grounds. To exercise your rights, contact us at dpo@useevident.com.

Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, with the effective date clearly indicated.