EvolveCX AI ("EvolveCX," "we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect when you visit evolvecx.ai (the "Website"), purchase a subscription, or use the LoreVault platform, and how we use and protect that information.
By using the Website or any of our services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Website or our services.
1. Who We Are
EvolveCX AI is a Colorado-based provider of customer experience consulting services and SaaS products, including LoreVault, a multi-tenant signal intelligence platform. We can be contacted at:
- General inquiries: questions@evolvecx.ai
- Privacy and policy questions: legal@evolvecx.ai
- LoreVault support: lorevault_support@evolvecx.ai
2. Information We Collect
2.1 Information You Provide Directly
When you interact with the Website or our services, you may give us:
- Name and business email when you book a scoping call, complete a contact form, or sign up for a subscription
- Company name, role, and other professional context you choose to share
- Payment information when you purchase a subscription (handled by Stripe; see Section 4)
- Content and credentials you upload to the LoreVault platform (covered separately in Section 6)
2.2 Information Collected Automatically
When you visit the Website, we automatically collect limited technical information through cookies, server logs, and analytics tools:
- IP address (truncated for analytics purposes)
- Browser type and version
- Operating system
- Pages visited, time spent, and referring source
- Device type (desktop or mobile)
2.3 Information We Do Not Collect
We do not collect Social Security numbers, government IDs, financial account numbers, or health information through the Website. If a form on the Website inadvertently invites such information, do not enter it. Our LoreVault platform actively redacts sensitive data during ingestion (see Section 6).
3. Cookies and Analytics
The Website uses Google Analytics 4 (GA4) to understand traffic patterns and improve the experience. GA4 uses cookies and similar technologies to record anonymized session data. We do not use this data to identify individual visitors.
We do not use third-party advertising trackers or behavioral retargeting cookies.
You can disable cookies in your browser settings. Disabling cookies may limit some Website functionality but will not prevent you from purchasing or using LoreVault.
For more information on Google Analytics, see https://policies.google.com/privacy.
4. Payment Processing
We use Stripe (https://stripe.com) to process subscription payments and one-time purchases. When you check out:
- You are redirected to Stripe's hosted checkout page
- Your payment card details are entered directly into Stripe's systems
- We do not see, store, or transmit your full card number, CVV, or expiration date
- Stripe shares with us only the information needed to provision your account: payment status, last four digits of the card, billing email, and customer reference
Stripe is PCI-DSS certified. Their privacy practices are described at https://stripe.com/privacy.
5. How We Use Information
We use the information we collect to:
- Provide and operate our services (scheduling calls, fulfilling subscriptions, supporting LoreVault use)
- Process payments and manage billing
- Send transactional emails (account activations, receipts, security notices, service updates)
- Respond to inquiries and support requests
- Improve our Website, products, and services
- Comply with legal obligations and enforce our Terms of Service
We do not sell your personal information. We do not share your information with third parties for their marketing purposes.
6. LoreVault Platform Data
LoreVault is a multi-tenant signal intelligence platform. Customer data inside LoreVault is governed by the LoreVault Data Privacy, Security and Responsible Use Policy. Key points relevant to anyone evaluating or using LoreVault:
6.1 Tenant Isolation
Every customer organization operates inside its own Vault. Cross-vault retrieval is architecturally absent. A user in one Vault cannot access, query, or extract data from another Vault.
6.2 Sensitive Data Redaction
LoreVault includes automated redaction capabilities designed to detect and mask common categories of sensitive data during ingestion, including email addresses, Social Security numbers, credit and debit card numbers, CVV codes, card expiration dates, phone numbers, dates of birth, government IDs, bank account numbers, and physical addresses. Redaction runs after document parsing and before any text is chunked, embedded, or sent to a language model.
Redaction settings are configurable and may be enabled or disabled by authorized customer administrators based on the nature of the dataset being processed. Customers are responsible for ensuring that appropriate redaction settings are applied to datasets containing sensitive or regulated information. EvolveCX recommends enabling redaction for any datasets that may contain personally identifiable or sensitive information.
6.3 Encryption
All traffic uses TLS 1.2 or higher. Data at rest in Cloud SQL, Cloud Storage, and Pinecone is encrypted using industry-standard AES-256. Secrets are stored only in Google Secret Manager.
6.4 Model Training and Data Use
EvolveCX does not use Customer Data to train generalized models across customers. In Managed mode, data may be processed by third-party model providers strictly for inference purposes and not for model training, subject to their respective data handling policies. In BYO mode, data is processed using customer-provided model and storage providers.
Anonymized telemetry (query latency, ingestion success rates, error patterns) may be analyzed in aggregate to improve platform performance. Telemetry never reproduces or exposes specific customer documents or identifiable patterns.
6.5 Bring Your Own (BYO) Mode
In BYO mode, the customer provides credentials for their own language model and Pinecone index. LoreVault uses those credentials at runtime on the customer's behalf. LoreVault does not access the customer's broader account beyond the configured credentials, scoped to the operations LoreVault performs. Note that source documents still flow through the LoreVault ingestion pipeline (parsing, redaction, chunking) before being sent to the customer's chosen model and index for embedding and storage.
Customer-provided credentials are stored securely using Google Secret Manager. Access to these credentials is restricted to system-level operations required to deliver the service and is not accessible to EvolveCX personnel except under controlled and audited support conditions.
6.6 Customer Responsibility
Customers are responsible for ensuring that data uploaded to the platform complies with applicable laws and internal data governance policies. This includes determining whether redaction settings, access controls, and retention configurations are appropriate for the nature of the data being ingested.
7. Subprocessors
We use the following subprocessors to operate our services:
| Subprocessor | Purpose |
|---|---|
| Google Cloud Platform | Hosting, database, storage, secrets, networking |
| Firebase Hosting | Static website hosting |
| Google Analytics | Website traffic analytics |
| Calendly | Scoping call scheduling |
| Stripe | Payment processing for subscriptions and one-time purchases |
| Pinecone (LoreVault Managed mode only) | Vector storage for managed customers |
| Google Gemini (LoreVault Managed mode only) | Language model inference for managed customers |
| SendGrid | Transactional email delivery |
In LoreVault BYO mode, the customer's chosen language model and vector vendor are not subprocessors of EvolveCX. We operate as a client of those services on the customer's behalf using customer-provided credentials.
A list of any additional subprocessors used and the geographic regions in which data is processed is available on request for Enterprise customers.
8. Data Retention
We retain personal information only as long as needed to provide our services and meet legal, accounting, and reporting requirements.
- Marketing inquiry data (contact form submissions, scheduled calls): retained for up to 36 months unless you request earlier deletion
- Customer billing records: retained for at least 7 years to meet tax and accounting obligations
- LoreVault Vault data: retained while your subscription is active; deletion procedures are described in the LoreVault Data Privacy Policy
- Website analytics: GA4 default retention applies (currently 14 months)
Retention durations may be adjusted based on service delivery needs and legal obligations.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Request deletion of your information (subject to legal retention requirements)
- Object to certain processing activities
- Receive a copy of your data in a portable format
- Withdraw consent where processing is based on consent
To exercise any of these rights, email legal@evolvecx.ai. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete, and the right to opt out of sale. We do not sell personal information.
If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and analogous laws give you additional rights. EvolveCX acts as a data processor for customer data inside LoreVault and as a data controller for visitor and prospect data on the Website.
10. International Transfers
EvolveCX is based in the United States, and our infrastructure operates in US regions of Google Cloud Platform. If you access our services from outside the US, your information will be transferred to and processed in the US.
We rely on standard contractual clauses and other appropriate safeguards where required by law for international data transfers.
11. Security
We implement a combination of technical and organizational safeguards designed to protect information, including encryption in transit and at rest, access controls, and monitoring practices.
While we continuously improve our security posture, no system is completely secure. Customers are responsible for maintaining appropriate security practices within their own environments. If you suspect a security incident, contact legal@evolvecx.ai with "URGENT" in the subject line.
12. Children's Privacy
The Website and our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact legal@evolvecx.ai and we will delete it.
13. Third-Party Links
The Website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before submitting any information.
14. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top reflects the most recent revision. Material changes will be communicated through a Website notice or email to active customers. Your continued use of the Website or our services after the effective date of an updated policy constitutes acceptance of the changes.
15. Contact Us
Questions, concerns, or requests related to this Privacy Policy can be sent to:
EvolveCX AI Email: legal@evolvecx.ai LoreVault support: lorevault_support@evolvecx.ai
For urgent matters (suspected incident, abuse complaint, or active legal request), include "URGENT" in the subject line.