Everview AI Customer Data Privacy Policy

Overview 🔗

Everview AI Inc. (“Everview AI,” “we,” “us,” or “our”) is committed to safeguarding the privacy, security, and integrity of customer data. This Privacy Policy explains how we collect, use, disclose, retain, and protect Customer Data in connection with our Everview AI software-as-a-service offerings (the “Service”). It also describes customers’ and end users’ rights regarding their data. By accessing or using the Service, you (“Customer”) agree to the terms of this Privacy Policy. If you do not agree, please do not use or access the Service.

1. Scope 🔗

This Privacy Policy applies to:

• Customers (organizations and entities) who register for or subscribe to Everview AI;
• Authorized Users (employees, contractors, or agents of Customer) who use the Service on behalf of Customer;
• End users whose data may be processed or accessed in the course of Customer’s subscription and use of the Service.

All capitalized terms used but not defined here have the meanings given in our Terms of Service.

2. Definitions 🔗

“Customer Data”

Any data, content, or materials that Customer or Authorized Users upload, enter, store, or otherwise provide through the Service, including but not limited to:

• User account information synchronized from Customer’s Jira instance (e.g., Atlassian account IDs, user display names);
• Project artifacts such as tasks, issues, sprints, capacity data, dependencies, comments, attachments, and metadata;
• Any other structured or unstructured text, files, or records that Customer or Authorized Users create or import into Everview AI.

“Personal Data”

Information that identifies or can reasonably be linked to an individual. We do not collect or store end users’ email addresses, private contact details, or other sensitive PII through the Service—only Atlassian account IDs and display names used to correlate who performed which action in the system.

“Subprocessors”

Our third-party service providers, vendors, or contractors who process Customer Data on our behalf (e.g., cloud hosting providers, database operators, security monitoring services).

“End User”

Any individual (including Customer’s employees, contractors, agents, or users of Customer’s Jira instance) whose information is processed or stored in the Service by Customer.

3. Information We Collect and Process 🔗

3.1 Customer-Provided Data 🔗

We collect and process Customer Data only at Customer’s direction. This includes, for example:

• User Identifiers: Atlassian account IDs and display names imported from Customer’s Jira Cloud or Data Center instance.
• Project and Issue Data: Issue keys, summaries, descriptions, story points, statuses, assignees, attachments, comments, and custom fields synchronized from Jira.
• Capacity & Availability: Calendar dates, sprint start/end dates, velocity metrics, resource availability, and capacity allocation data that Customer or Authorized Users input into Everview AI.
• Roadmap & Dependencies: Relationships between issues (e.g., “blocks,” “depends on”), custom links, timeline markers, and any visual mappings created on the canvas.
• User-Generated Content: Notes, comments, annotations, @-mentions, and other free-text fields added by Customer or Authorized Users to support collaboration in the canvas.
• Settings & Configurations: Project-level settings, permission levels, notification preferences, custom color-coding schemas, swimlane configurations, and any other account-specific metadata.

We do not collect or store:

• End users’ private email addresses or personal contact information (other than Atlassian account IDs/display names).
• End users’ passwords. Authentication is managed through Atlassian’s OAuth or SAML SSO, so Everview AI never directly handles raw credentials.
• Payment card information—billing data is handled through our payment processor and is not retained by Everview AI.

3.2 Automatically-Collected Technical Data 🔗

When Authorized Users interact with the Service, we may collect certain technical metadata and usage logs (always in aggregated or pseudonymized form) to maintain service health, troubleshoot issues, optimize performance, and improve features. This includes:

• Access Logs: Timestamps, IP addresses (only the public IP addresses from which users access the Service), device and browser information, operating system, and API calls made.
• Activity Metrics: Pages visited within the app, features used (e.g., “drag-and-drop,” “dependency mapping”), frequency of sessions, errors encountered, and performance telemetry (e.g., response times, load times).
• Application Logs: System and error logs, stack traces, and operational events for debugging, security incident detection, and capacity planning.

All automatically collected data is stored in a secure, encrypted form and is used only as described in Section 4.

4. How We Use Customer Data 🔗

We process Customer Data solely to deliver and enhance the Service as directed by Customer. Permitted uses include:

1. Service Provisioning
   • Synchronize issues, sprints, and user assignments from Jira into Everview AI.
   • Render interactive canvases, capacity charts, and dependency diagrams in real time.
   • Compute capacity metrics, velocity forecasts, and sprint projections.
   • Store and retrieve Customer Data for “save,” “undo,” and “history” purposes as Customers interact with the canvas.
2. Customer Support
   • Assist in diagnosing and resolving technical issues or configuration problems at Customer’s request.
   • Maintain support tickets, reproduce customer-reported bugs, and share screen captures or logs (only with explicit Customer consent when troubleshooting).
3. Service Improvement & Analytics (Pseudonymized)
   • Analyze aggregated usage patterns to identify areas for performance tuning, feature enhancement, or UI/UX improvements.
   • Measure feature adoption (e.g., “time to create a new roadmap,” “frequency of dependency updates”) to prioritize our product roadmap.
4. Security & Compliance
   • Detect and respond to security incidents, unauthorized access attempts, or suspicious activity.
   • Perform vulnerability scanning, penetration testing, and regular audits.
   • Retain logs temporarily to investigate and mitigate security breaches as required by applicable laws or regulation.
5. Legal Requirements & Enforcement
   • Comply with valid legal processes, judicial orders, or governmental requests (e.g., court orders, subpoenas).
   • Enforce our Terms of Service, including investigating potential violations or misconduct.

Everview AI does not sell, lease, or trade Customer Data to third parties for marketing or any other commercial purpose.

5. Legal Basis for Processing 🔗

Because Everview AI provides a subscription-based software service, our processing of Customer Data is governed by the contractual relationship between Customer and Everview AI. The primary legal grounds include:

• Contract Performance: Processing is necessary to fulfill our obligations under the Terms of Service (e.g., synchronizing Jira data, generating capacity charts, storing project artifacts).
• Legitimate Interests: We have a legitimate interest in operating, securing, and improving our Service (e.g., detecting abuse, optimizing performance, conducting analytics).
• Legal Compliance: Processing is necessary to comply with applicable laws, regulations, or judicial orders.

For any Personal Data processing beyond strictly contract performance (e.g., optional participation in product research or surveys), we obtain Customer’s explicit consent before proceeding.

6. Data Security Measures 🔗

Everview AI treats data security as a top priority. We implement and maintain administrative, technical, and physical safeguards designed to protect Customer Data against unauthorized access, disclosure, alteration, or destruction:

1. Encryption
   • All data in transit between Customer browsers and our servers is encrypted via TLS 1.2+ (HTTPS).
   • Customer Data at rest is encrypted using industry-standard AES-256 encryption on our database disks and backups.
2. Access Controls & Authentication
   • Role-based access control (RBAC) ensures that only authorized Everview AI personnel (e.g., system administrators, support engineers) can access production data environments.
   • All personnel must log in with unique credentials, protected by strong passwords and optional multi-factor authentication (MFA).
   • Administrative logs record all access attempts, data modification events, and privilege escalations.
3. Network & Infrastructure Security
   • Servers are hosted in SOC 2-compliant data centers with 24/7 physical security, biometric access controls, and CCTV monitoring.
   • Firewalls and intrusion detection/prevention systems (IDS/IPS) guard against unauthorized network traffic.
   • Automated vulnerability scanning and patch management keep all software dependencies up to date.
4. Application Security
   • Web application firewalls (WAF) filter malicious requests and block common web exploits (e.g., SQL injection, XSS).
   • Regular code reviews, secure coding guidelines, and third-party penetration tests validate that our application follows best practices.
   • Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) are performed on each release.
5. Incident Response & Monitoring
   • Real-time monitoring systems generate alerts on anomalous behavior (e.g., suspicious login patterns, data exfiltration attempts).
   • A formal Incident Response Plan (IRP) details roles, responsibilities, and communications for security incidents.
   • In the event of a confirmed breach affecting Customer Data, we notify Customer within 72 hours (or as required by law) and provide remediation guidance.
6. Personnel Training & Policies
   • All Everview AI employees and contractors undergo annual security training covering data privacy, phishing awareness, and secure development practices.
   • Strict confidentiality agreements are in place with all personnel and third-party vendors handling Customer Data.

7. Data Retention 🔗

We retain Customer Data only for as long as is necessary to:

1. Provide the Service under your active subscription;
2. Satisfy any contractual obligations to Customer;
3. Comply with applicable legal, regulatory, or accounting requirements;
4. Enforce our Terms of Service or defend against legal claims.

7.1 Retention Periods 🔗

• Active Accounts: Customer Data is stored for the duration of the active subscription + a 30-day grace period after cancellation (to allow for reactivation).
• Inactive/Cancelled Accounts: Upon expiration or termination of a subscription without renewal, Customer Data is held for an additional 90 days (unless Customer requests immediate deletion). After 90 days, data is permanently deleted from our production and backup environments.

7.2 Customer’s Right to Delete 🔗

• Customers may request immediate deletion of their account and associated Customer Data at any time by contacting support@everview.ai.
• Upon receiving a valid deletion request, we will disable the account and remove all Customer Data from live production systems within 30 days. Backups containing deleted data will be purged in accordance with our backup retention policy (typically within 90 days).

8. Data Sharing and Disclosure 🔗

Everview AI does not sell, rent, or lease Customer Data to third parties. We disclose Customer Data only in the following circumstances:

8.1 Subprocessors & Service Providers 🔗

We engage Subprocessors to help deliver the Service. Each Subprocessor acts on our behalf and is contractually bound to maintain at least the same level of data protection as described in this Privacy Policy. Current Subprocessors include but are not limited to:

• Cloud Infrastructure & Hosting: Amazon Web Services (AWS) – hosts primary production servers, databases, and backups.
• Database Management: Amazon RDS and Amazon S3 – store and replicate encrypted Customer Data.
• Application Monitoring & Logging: Datadog – collects pseudonymized telemetry and logs for performance monitoring; logs are encrypted at rest.
• Error Reporting & Crash Analytics: Rollbar – captures exception traces with minimal metadata.
• Content Delivery Network (CDN): Cloudflare – accelerates static asset delivery and provides DDoS protection.
• Email Delivery: SendGrid – sends transactional emails (onboarding, password resets, notifications). We never include raw Customer Data in marketing emails.
• Payment Processing: Stripe – handles all billing and subscription payments; No raw payment data is stored by Everview AI.

Whenever we onboard a new Subprocessor, we conduct a privacy and security due diligence review, and Customers will be notified of any material changes that could affect how their data is processed.

8.2 Legal & Regulatory Obligations 🔗

We may disclose Customer Data if required by law or a valid subpoena, court order, or other legal process. In such cases, we will:

1. Promptly notify Customer (unless prohibited by law) so Customer has an opportunity to object or seek protective measures.
2. Limit the scope of disclosure to only what is legally required.

8.3 Business Transfers 🔗

If Everview AI undergoes a merger, acquisition, or asset sale, Customer Data may be transferred to the acquiring entity. In such an event, we will:

• Notify existing Customers and give them at least 30 days to review the change and delete their data if they choose.
• Require that the acquiring entity continue to honor the commitments in this Privacy Policy.

9. International Data Transfers 🔗

Everview AI Inc. is headquartered in Vancouver, British Columbia, Canada. Customer Data is stored and processed primarily on servers located in North America (AWS regions in Canada and/or the U.S.). If Customer is located outside of Canada, this may involve transferring data across international borders.

When transferring Customer Data from the European Economic Area (EEA), United Kingdom (UK), or other jurisdictions with data export restrictions:

1. Everview AI relies on standard contractual clauses (SCCs) approved by the European Commission for lawful transfers from the EEA/UK to Canada or the United States.
2. For transfers from other jurisdictions, we will implement comparable safeguards (such as binding corporate rules or local data processing agreements) as required by applicable law.
3. Customers may request a copy of our data transfer mechanisms at any time by contacting privacy@everview.ai.

10. Customer and End-User Rights 🔗

Subject to applicable law, Customer and individual End Users have the following rights with respect to their Personal Data and Customer Data:

10.1 Right to Access and Portability 🔗

• Customers may request a machine-readable export of their entire Customer Data set (including projects, issues, comments, attachments, capacity models) by emailing support@everview.ai.
• We will provide the export within 30 days in JSON or CSV format.

10.2 Right to Rectification 🔗

If Customer’s data is inaccurate or incomplete (e.g., incorrect issue metadata, out-of-date user names), Customer may edit it directly within Everview AI or request correction by contacting support.

10.3 Right to Erasure (“Right to be Forgotten”) 🔗

Customers may request permanent deletion of all Customer Data at any time. We will confirm completion of the erasure request within 30 days (90 days for backup purges).

10.4 Right to Restrict Processing 🔗

In certain jurisdictions, if Customer contests the accuracy of personal data or requests restriction, we will cease processing that data except for storage, and notify Customer once restrictions are lifted or resolved.

10.5 Right to Object to Processing 🔗

Although Everview AI does not engage in profiling or automated decision-making, Customers can always object to processing of Customer Data not strictly necessary for contract performance (for example, participation in aggregated analytics). In these cases, we will halt that processing unless we demonstrate compelling legitimate grounds.

10.6 Right to Withdraw Consent 🔗

If Customer has separately provided consent for a specific data use (e.g., participation in a beta research program), they may withdraw consent at any time by emailing privacy@everview.ai. Withdrawal of consent does not affect the lawfulness of processing performed before the withdrawal.

10.7 How to Exercise Rights 🔗

To exercise any of the above rights, Customer should send a verifiable request to:

Email:privacy@everview.ai
Mailing Address: Customer Privacy Team, Everview AI Inc., 1151 Georgia Street, Vancouver, BC V6B 4E6, Canada

We will respond to all valid requests within thirty (30) days. If we require additional time (up to 60 days total) due to complexity, we will inform Customer in writing.

11. Cookies & Tracking Technologies 🔗

Everview AI does not use cookies to track end users across third-party websites. However, when you access our website (https://everview.ai), we may employ cookies and similar technologies (e.g., local storage, pixel tags) for the following purposes:

1. Essential Cookies: Required for security, login sessions, and basic functionality.
2. Performance & Analytics Cookies: We use Google Analytics (or similar) to understand website traffic, page views, and user interaction patterns. These cookies collect anonymous information about how users navigate the site so we can improve content and design.
3. Preference Cookies: Remember site preferences (language, theme) between visits.

You can manage or disable cookies via your browser settings. Disabling essential cookies may interfere with certain site functions.

12. Children’s Privacy 🔗

Everview AI is intended for business and professional use only. We do not knowingly collect or solicit Personal Data from individuals under the age of 16. If you become aware that a child under 16 has provided us with Personal Data, please contact us at privacy@everview.ai. We will promptly delete such information.

13. Third-Party Links & Embedded Content 🔗

The Service and our website may contain links to third-party websites or services (e.g., FAQs, Atlassian documentation, security partners’ pages). This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third parties you visit. Everview AI is not responsible for the privacy practices or content of those third-party sites.

14. Changes to This Privacy Policy 🔗

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or Service features. We will:

1. Post the updated Privacy Policy on our website with a revised “Last Updated” date.
2. Send email notification to all active Customers at least 30 days before material changes take effect.
3. Obtain explicit consent for any changes that materially broaden the scope of Personal Data processing beyond what was originally disclosed.

Your continued use of the Service after the “Last Updated” date constitutes acceptance of the revised Privacy Policy. If you do not agree to the changes, you must stop using the Service and request deletion of your Customer Data.

15. Contact Us 🔗

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Everview AI Inc.
Privacy Team
Email: privacy@everview.ai
Mailing Address: 1151 Georgia Street, Vancouver, BC V6B 4E6, Canada

For general support inquiries (non-privacy), email: support@everview.ai.

By using Everview AI, you acknowledge that you have read and understand this Privacy Policy and consent to the collection, use, and disclosure of Customer Data as described herein.