Privacy Policy for EvolveCX Automation App

Last updated: 21 July 2025

Welcome to EvolveCX. Your privacy is important to us. This policy explains what information we collect, how we use it, where we store it, and the rights you have regarding your data.

1. Information We Collect

1.1 LinkedIn Data

Data	Purpose
Profile identifiers (LinkedIn ID, public URL, avatar)	OAuth authentication & attribution
Access & refresh tokens	Secure, revocable API access for posting and analytics
Post content (text, URNs, media links)	Drafting, scheduling, monitoring engagement
Engagement metrics (likes, comments, impressions)	Dashboards & continuous model improvement

We never store your email address, connection lists, direct messages, or ad-account data.

1.2 Customer Intake Data (CatalystOS)

Category	Example Fields	Why We Need It	Retention
Company profile	Name, industry, HQ region, revenue band	Personalise ROI models & benchmarking	24 months after last activity
Contact & team details	Primary contact name, business email, CX team size	Onboarding, support & collaboration	Until workspace deletion or consent withdrawal
CX/EX maturity metrics	NPS, CSAT, churn %, ticket volume, cost/contact	Baseline dashboards & maturity scoring	24 months
Technology stack	CRM, CCaaS, WFM, BI tools, AI platforms	Integration mapping & agentic-AI suggestions	24 months
Pain triggers & goals	Top CX pain points, budget, timeline	Prioritise playbook recommendations	24 months
ROI modelling inputs	Average order value, retention %, marketing spend	Quick-win projections in PDF playbooks	24 months (then anonymised)
Free-form notes / uploads	Process maps, screenshots, PDFs	Consultant tailoring	Purged when project closes (default 12 months)

2. How We Use Information

Draft, publish, and analyse LinkedIn content for Gabe Rivero and the EvolveCX company page.
Generate tailored playbooks, dashboards, and benchmark analyses inside CatalystOS.
Improve our models and workflows—only in aggregate, never to target ads or sell data.

3. Storage & Security

Layer	Location	Protection
Access tokens	Google Secret Manager (US)	AES-256 encryption at rest
Post & intake data	Google Cloud SQL (US)	AES-256 at rest, TLS 1.2+ in transit
Embeddings	Pinecone vector store (US)	AES-256 at rest
File uploads	Google Cloud Storage (US)	Private buckets, signed URLs

Additional safeguards include role-based access, audit logs, regular penetration tests, and a 72-hour incident-response SLA.

4. Sharing & Third-Party Processors

We only share data with processors that help us deliver the service:

Processor	Purpose
OpenAI & Gemini	Content generation & moderation
Google Cloud	Hosting, database, storage, logging
Pinecone	Vector similarity search for content retrieval

No data is sold or shared with advertisers, social networks, or data brokers.

5. Retention & Deletion

LinkedIn tokens & post data – deleted within 30 days of access revocation or 12 months after last activity.
CatalystOS intake data – retained for 24 months, then deleted or anonymised for statistical benchmarking.
You may request deletion at any time (see Section 6).

6. Your Rights

You have the right to:

Access the data we hold about you.
Correct inaccurate or incomplete information.
Delete your data and revoke consent.
Object to or restrict certain processing.
Data portability (receive a copy in machine-readable format).

Email privacy@evolvecx.ai to exercise any right. We respond within 30 days.

7. Children’s Privacy

Our services are intended for users 16 years and older. We do not knowingly collect personal data from children.

8. International Transfers

All processing occurs on US-based infrastructure that complies with GDPR adequacy safeguards and standard contractual clauses (SCCs).

9. Changes to This Policy

We may update this policy periodically. Material changes will be announced on our website and, where appropriate, emailed to affected users.

10. Contact Us

EvolveCX LLC
900 Ave at Port Imperial Unit 628, Weehawken, NJ 07086, USA
✉︎ privacy@evolvecx.ai
☎︎ +1 (201) 500-8284