Privacy Policy

Effective date: April 7, 2026

Eva ("we," "our," or "the app") is an AI-powered personal assistant. This policy describes what data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

When you use Eva, we collect and store the following information on our private server:

• Account information: Username, display name, and a hashed PIN for authentication.
• Gmail data (if connected): Email metadata (sender, subject, snippet, received date) and email body content, accessed via the Gmail API in read-only mode. Eva never sends, deletes, or modifies your emails.
• App data: Tasks, meal logs, notes, gym workouts, bill information, and other content you create within the app.
• Device tokens: Apple Push Notification service (APNs) tokens for sending push notifications to your device.
• Usage logs: API request logs and system metrics for performance monitoring and debugging.

2. How We Use Gmail Data

Eva accesses your Gmail account through Google's OAuth 2.0 authorization with the gmail.readonly scope. This means Eva can only read your emails — it cannot send, delete, or modify any messages.

Your email data is used to:

• Classify emails into categories (urgent, important, bills, financial, newsletters, spam) to surface what matters most.
• Generate short summaries of important emails.
• Detect bills and payment due dates from email content.
• Identify appointment confirmations and create task reminders.
• Suggest inbox cleanup actions (unsubscribe from junk senders).

3. Third-Party AI Processing

To classify and summarize emails, Eva sends email metadata (subject line, sender, and a preview snippet) to third-party AI services:

• OpenAI (primary) — for email classification, summarization, and action extraction.
• Anthropic (fallback) — used when OpenAI is unavailable.

Only the minimum data needed for classification is sent to these services. Full email bodies are only sent when generating summaries or extracting actionable information (bill amounts, appointment dates). These services process data per their own privacy policies and do not use your data to train their models when accessed via API.

4. Data Storage and Security

• All data is stored in a private SQLite database on a secured server (DigitalOcean).
• All connections use HTTPS with automatic TLS certificates.
• Authentication uses JWT tokens; PINs are stored as bcrypt hashes.
• Gmail OAuth tokens are stored in the database and are only used to access your Gmail on your behalf.
• Your data is not sold, shared with, or disclosed to any third parties except the AI services described above for the purpose of providing app functionality.

5. Data Retention and Deletion

• You can disconnect Gmail at any time from the Settings tab. This immediately stops all email processing.
• Deleting your account removes all associated data (credentials, emails, tasks, bills, logs) from our server.
• Email data cached in the app is not shared externally and is deleted when you disconnect or delete your account.

6. Your Rights

• You can revoke Eva's Gmail access at any time through your Google Account permissions or through the app's Settings.
• You can request deletion of all your data by contacting us.
• You can review what data Eva has stored by browsing the app's features (email list, tasks, bills, etc.).

7. Liability and Security Disclaimers

While we implement reasonable security measures (HTTPS, hashed credentials, private infrastructure), no system is completely secure. To the maximum extent permitted by applicable law, Eva and its developer are not liable for unauthorized access to your account or data resulting from circumstances beyond our reasonable control, including but not limited to security breaches, compromised credentials, or third-party service failures.

You are responsible for keeping your PIN secure. Do not share your PIN with anyone.

8. Children's Privacy

Eva is not intended for use by anyone under the age of 13. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected by the effective date at the top of this page.

10. Contact

If you have questions about this privacy policy or your data, contact us at support@evaa-app.com.