Privacy Policy
Last Updated: February 22, 2026
This Privacy Policy describes how Eversince (“Eversince,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use the Eversince platform and services (collectively, the “Service”). It also explains your privacy rights and the choices available to you.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
1. Who We Are
Eversince is an AI-powered ad creation platform operated from Israel. For privacy-related inquiries, contact us at support@eversince.ai.
2. Information We Collect
2.1 Information You Provide
| Category | Examples |
|---|---|
| Account Information | Name, email address, password (hashed), profile picture |
| Payment Information | Billing address, payment card details (processed and stored by our payment processor — we do not store full payment card numbers) |
| User Content | Images, videos, audio files, brand assets, and reference materials you upload |
| Inputs and Prompts | Text prompts, descriptions, instructions, and parameters you provide to AI tools |
| Chat Messages | Messages you send to the AI agent within the studio |
| Voice Data | Audio recordings from your microphone when using speech-to-text features |
| Communications | Emails, support requests, and feedback you send us |
2.2 Information Collected Automatically
| Category | Examples |
|---|---|
| Device Information | Device type, operating system, browser type and version, screen resolution |
| Identifiers | IP address, unique device identifiers, advertising identifiers |
| Usage Data | Pages visited, features used, actions taken, time spent, navigation paths, referring URLs |
| Log Data | Server logs including access times, error logs, and request metadata |
| Location Data | Approximate geographic location derived from your IP address |
2.3 Information from Third Parties
| Source | Information |
|---|---|
| Google OAuth | Name, email address, and profile picture (when you sign in with Google) |
| Lemon Squeezy | Transaction confirmation and billing status |
2.4 Cookies and Similar Technologies
We use cookies, local storage, and similar technologies to operate the Service, remember your preferences, and understand how you use the Service. See Section 14 for details.
3. How We Use Your Information
We use your information for the following purposes:
3.1 Providing and Operating the Service
- Creating and managing your account
- Processing your Inputs through AI models to generate Outputs
- Transmitting your prompts, images, audio, and other content to third-party AI providers for processing
- Storing and displaying your User Content, Inputs, and Outputs within your account
- Enabling sharing and export features you initiate
- Processing credits and payments
- Delivering transactional emails (welcome messages, export notifications, account alerts)
3.2 Improving and Developing the Service
- Analyzing usage patterns to improve features and user experience
- Diagnosing technical issues and bugs
- Monitoring system performance and reliability
- Understanding how features are used to inform development priorities
- Reviewing interactions with the AI agent (chat messages, agent actions, generation results) to evaluate and improve the quality of the Service, including agent behavior, prompts, tools, and workflows
We do not use your User Content, Inputs, or Outputs to train or fine-tune AI models (i.e., adjusting the weights or parameters of a machine learning model). See Section 16 for details.
3.3 Safety and Security
- Preventing fraud, abuse, and unauthorized access
- Enforcing our Terms of Use and Acceptable Use Policy
- Monitoring for prohibited content
- Protecting the rights, safety, and property of Eversince and our users
3.4 Communications
- Responding to your support requests and inquiries
- Sending service-related notices and updates
- Sending marketing communications (with your consent, where required)
3.5 Legal Compliance
- Complying with applicable laws, regulations, and legal processes
- Responding to lawful requests from public authorities
- Establishing, exercising, or defending legal claims
4. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data under the following legal bases:
| Legal Basis | Processing Activities |
|---|---|
| Performance of Contract (Art. 6(1)(b) GDPR) | Account creation and management, processing Inputs to generate Outputs, credit and payment processing, providing customer support |
| Legitimate Interests (Art. 6(1)(f) GDPR) | Service improvement and analytics, fraud prevention and security, debugging and performance monitoring. Our legitimate interests do not override your fundamental rights and freedoms. |
| Consent (Art. 6(1)(a) GDPR) | Marketing communications, non-essential cookies and analytics tracking. You may withdraw consent at any time. |
| Legal Obligation (Art. 6(1)(c) GDPR) | Tax and accounting records, responding to lawful data requests, compliance with applicable regulations |
5. How We Share Your Information
We share your information with the following categories of recipients:
5.1 Third-Party AI Service Providers
To provide AI generation features, we transmit your data to third-party AI providers. See Section 6 for a complete list of providers and what data is shared with each.
5.2 Infrastructure and Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | Account data, project data, user content metadata, authentication tokens |
| Cloudflare | Content delivery, object storage (R2), security, bot protection (Turnstile) | Generated media files, user uploads, request metadata, bot detection tokens |
| Vercel | Application hosting | Server logs, request data |
| Inngest | Background job processing | Event data for async generation tracking, email triggers |
| Resend | Transactional email delivery | Email addresses, email content |
| Remotion / AWS Lambda | Video rendering and export | Timeline data, scene configurations |
| PostHog | Product analytics | Usage data, feature interactions, device information, IP address (anonymized) |
| Lemon Squeezy | Payment processing and subscriptions | Payment card details, billing address, transaction data, subscription status |
| Stripe | Payment processing (via Lemon Squeezy) | Payment card details, billing address, transaction data |
| Sentry | Error monitoring and performance tracking | Error reports, stack traces, request metadata, device information |
| Intercom | Customer support messaging | Name, email address, user ID, support conversations |
| Upstash | Rate limiting and caching (Redis) | Request metadata, rate limit counters |
5.3 Other Disclosures
We may also share your information:
- With your consent — when you direct us to share information
- For legal reasons — to comply with applicable law, legal process, or government requests; to enforce our Terms; to protect the rights, privacy, safety, or property of Eversince, our users, or the public
- Business transfers — in connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the successor entity
- Aggregated or de-identified data — we may share aggregated or de-identified information that cannot reasonably be used to identify you
We do not sell your personal information for monetary consideration. See Section 10 for details on how “sale” and “sharing” are defined under California law.
6. Third-Party AI Service Providers
The following third-party AI providers process your data when you use AI features. We select providers that, under their standard API and enterprise terms, do not use customer inputs or outputs for training their own models. However, each provider has its own privacy policy and practices.
| Provider | Features | Data Processed | Provider Privacy Policy |
|---|---|---|---|
| Google Cloud / Vertex AI | Image generation (Imagen), video generation (Veo), video analysis (Gemini) | Text prompts, reference images, video frames, audio | Google Cloud Privacy Notice |
| Anthropic | AI agent (Claude) — orchestrates creative workflows, chat | Chat messages, commercial descriptions, scene context | Anthropic Privacy Policy |
| Replicate | Image and video generation (various models) | Text prompts, reference images | Replicate Privacy Policy |
| BytePlus / ModelArk | Image generation, video generation | Text prompts, reference images, video, audio | BytePlus Privacy Policy |
| xAI | Image and video generation (Grok) | Text prompts | xAI Privacy Policy |
| ElevenLabs | Text-to-speech voiceover, sound effects, music composition | Text scripts, music composition parameters | ElevenLabs Privacy Policy |
| OpenAI | Text-to-speech, text processing | Text for speech synthesis, text content | OpenAI Privacy Policy |
| Deepgram | Speech-to-text transcription | Real-time audio stream from microphone | Deepgram Privacy Policy |
| Perplexity | Market research and web search for the AI agent | Research queries | Perplexity Privacy Policy |
| Firecrawl | Website content extraction (for ad research) | URLs you provide | Firecrawl Privacy Policy |
We may update this list as we add, remove, or change providers. Material changes to our provider list will be reflected in updates to this Privacy Policy.
7. International Data Transfers
Eversince is operated from Menakhem Begin Rd 121, Tel Aviv-Yafo, Israel. Your information may be transferred to, stored, and processed in the United States, Israel, and other countries where our service providers operate, including countries that may not provide the same level of data protection as your home country.
7.1 Transfers from the EEA, UK, and Switzerland
For transfers of personal data from the EEA, UK, or Switzerland to the United States or other countries without an adequacy decision, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914)
- EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework, where applicable
- Supplementary measures including encryption in transit (TLS) and at rest, access controls, and data minimization
7.2 Sub-Processor Data Transfers
Our sub-processors may transfer data to various jurisdictions. We require that all sub-processors implement appropriate safeguards for international data transfers consistent with applicable data protection law.
8. Data Retention
We retain your personal information only as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data Category | Retention Period |
|---|---|
| Account Information | Retained while your account is active. Deleted within 90 days of account deletion. |
| User Content and Outputs | Retained while your account is active. Deleted within 90 days of account deletion or when you delete specific content. |
| Chat Messages and Inputs | Retained while your account is active as part of your project history. Deleted within 90 days of account deletion. |
| Voice Data | Processed in real-time for transcription. Audio streams are not stored by Eversince after processing. |
| Payment Records | Retained as required for tax and accounting purposes (typically 7 years). |
| Usage and Log Data | Retained for up to 12 months for analytics and debugging, then aggregated or deleted. |
| Cookies and Tracking Data | See Section 14. |
When data is deleted, it is removed from our active systems. Backup systems may retain data for an additional period (typically up to 30 days) before automatic purge.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Row Level Security (RLS) policies ensuring users can only access their own data
- Hashed password storage (through Supabase Auth)
- API keys and credentials stored securely in environment variables, never exposed to the client
- Access controls and authentication for all backend services
Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your information. If you believe your account has been compromised, contact us immediately at support@eversince.ai.
9.1 Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- EEA/UK users: Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay (Article 34).
- US users: Notify you in accordance with applicable state breach notification laws. All US states require breach notification, with timelines typically ranging from 30 to 60 days.
- All users: Provide details about the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach.
We will cooperate with relevant authorities in the event of a data breach.
10. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information. We honor privacy rights for all users regardless of location, to the extent technically feasible.
10.1 Rights for All Users
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate personal information
- Deletion: Request deletion of your personal information and account
- Data Export: Export your Outputs and project data through the Service before account deletion
- Marketing Opt-Out: Unsubscribe from marketing communications at any time
10.2 How to Exercise Your Rights
You can exercise these rights by:
- Using the account settings and features within the Service
- Contacting us at support@eversince.ai
We will respond to your request within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA). We may need to verify your identity before processing your request.
11. Additional Rights for EEA, UK, and Swiss Residents (GDPR)
If you are located in the EEA, UK, or Switzerland, you have the following additional rights under the GDPR:
- Right to Restriction: Request that we restrict processing of your personal data in certain circumstances
- Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format, and transmit it to another controller
- Right to Object: Object to processing based on legitimate interests or for direct marketing purposes. Where you object to processing for direct marketing, we will cease such processing immediately. For other objections based on legitimate interests, we will cease processing unless we demonstrate compelling legitimate grounds.
- Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing
- Right Regarding Automated Decision-Making: We do not make decisions based solely on automated processing that produce legal effects or similarly significant effects on you. AI content generation is a tool you direct, not an automated decision about you.
Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at the European Data Protection Board website.
EU/EEA Representative (GDPR Article 27): Emi Tsoref, Estrada Colegio, Quinta Lys, Caixa Postal 450-R, 8600-073 Bensafrim, Lagos, Portugal. Email: hello@eversince.ai
12. Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”).
12.1 Categories of Personal Information
In the preceding 12 months, we have collected the following categories of personal information:
| CCPA Category | Examples | Sources | Business Purpose |
|---|---|---|---|
| Identifiers | Name, email, IP address, account ID | You, automatically | Account management, service delivery |
| Customer Records | Billing address, payment information | You | Payment processing |
| Commercial Information | Purchase history, credit balances, subscription data | You, automatically | Billing, service delivery |
| Internet/Electronic Activity | Browsing history, feature usage, interaction data | Automatically | Analytics, service improvement |
| Geolocation Data | Approximate location from IP address | Automatically | Security, compliance |
| Audio, Electronic, Visual Information | Uploaded images/videos, microphone audio, generated content | You | Service delivery (AI generation) |
| Inferences | Usage patterns, feature preferences | Automatically | Service improvement |
12.2 Sale and Sharing of Personal Information
- We do not sell your personal information for monetary consideration.
- We may share (as defined under CCPA) certain identifiers and internet activity data with analytics providers for service improvement purposes. You have the right to opt out of this sharing.
We do not sell or share the personal information of consumers under 16 years of age.
12.3 Your CCPA Rights
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to Delete: Request deletion of your personal information (subject to certain exceptions)
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: Opt out of the sale or sharing of your personal information
- Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond what is necessary to provide the Service
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
12.4 How to Exercise CCPA Rights
- Opt-Out of Sharing: Contact support@eversince.ai or use the opt-out mechanism on our website when available
- All Other Requests: Contact support@eversince.ai
- Authorized Agent: You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority.
12.5 Global Privacy Control
We honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out of the sale or sharing of personal information associated with that browser.
13. Additional Rights Under Other US State Privacy Laws
If you reside in a state with a comprehensive privacy law (including Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Minnesota, Maryland, Tennessee, Indiana, Kentucky, Rhode Island, and others), you may have similar rights to access, correct, delete, and opt out of certain processing of your personal information.
To exercise your rights under any state privacy law, contact support@eversince.ai. We will process your request in accordance with the applicable law for your state of residence.
Where applicable, we honor universal opt-out signals (such as Global Privacy Control) as valid opt-out requests under your state's privacy law.
14. Cookies and Similar Technologies
14.1 Types of Cookies We Use
| Cookie Type | Purpose | Required Consent? |
|---|---|---|
| Strictly Necessary | Essential for the Service to function (authentication, security, session management) | No (required for service) |
| Functional | Remember your preferences and settings | Yes (EEA/UK) |
| Analytics | Understand how you use the Service to improve it (PostHog) | Yes |
| Marketing | Deliver relevant advertising (if applicable) | Yes |
14.2 Managing Cookies
- Cookie Banner: When visiting our website from the EEA/UK, you may be presented with a cookie consent mechanism allowing you to accept or reject non-essential cookies.
- Browser Settings: You can manage cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.
- Opt-Out Links: For specific analytics or advertising cookies, you can use the opt-out mechanisms provided by those services.
14.3 Do Not Track
In addition to GPC signals (Section 12.5), we respect browser-level Do Not Track (DNT) preferences where technically feasible. When a DNT signal is detected, we limit non-essential tracking.
15. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@eversince.ai. If we discover that we have collected personal information from a child under 18, we will delete that information promptly.
16. AI-Specific Privacy Disclosures
16.1 How AI Processing Works
When you use AI features, your Inputs (prompts, images, audio, descriptions) are transmitted to third-party AI providers who process them to generate Outputs. This processing happens in real-time or near-real-time on the provider's infrastructure.
16.2 No Model Training on Your Data
We do not use your User Content, Inputs, or Outputs to train or fine-tune AI models — that is, we do not use your data to adjust the weights or parameters of any machine learning model, whether our own or any third party's. Your content is processed solely to generate the specific Outputs you request.
We do review and analyze interactions with the Service — including chat messages, agent actions, and generation results — to evaluate and improve the quality of the Service. This includes improving the AI agent's behavior, prompts, tools, and workflows. This is service improvement, not model training.
Our third-party AI providers process your data under API/enterprise terms that prohibit the use of customer data for model training. However, each provider has its own practices and policies, and we encourage you to review their privacy policies (linked in Section 6).
16.3 AI Agent and Chat Data
The AI agent (powered by Anthropic Claude) processes your chat messages and project context to assist you in creating ads. This includes:
- Your messages in the chat interface
- Scene descriptions and commercial settings
- Reference to your uploaded content and previously generated Outputs
Chat conversations are stored in your account and associated with your commercial projects. They are not shared with other users. As described in Section 3.2 and 16.2, we may review interactions with the AI agent to evaluate and improve the quality of the Service.
16.4 Speech-to-Text Processing
When you use voice input features, your microphone audio is streamed in real-time to Deepgram for transcription. The raw audio stream is not stored by Eversince after the transcription is complete. However, the resulting text transcription and conversation summaries are retained as part of your project's chat history (see Section 8, Chat Messages and Inputs). Deepgram's retention and processing practices are governed by their own privacy policy.
16.5 AI-Generated Content Metadata
Outputs generated through the Service may contain metadata indicating they were AI-generated. This metadata supports compliance with emerging regulations on AI content labeling and transparency. You should not remove this metadata when distributing content in jurisdictions that require AI content disclosure.
16.6 Shared and Exported Content
When you export or share content through the Service, it is stored on our content delivery infrastructure (Cloudflare R2) and accessible via a public URL. Anyone with the link can view the shared content. We do not index shared content for search engines by default, but we cannot prevent recipients from further distributing the link. Once you share a link, you are responsible for controlling its distribution.
Shared content remains accessible until you delete it from your account or until your account is terminated. Upon account deletion, shared content is removed in accordance with the retention schedule in Section 8.
17. Data Processing Agreement
If you are a business customer subject to GDPR and require a Data Processing Agreement (DPA), please contact us at support@eversince.ai. We offer a standard DPA that covers:
- Subject matter and duration of processing
- Nature and purpose of processing
- Types of personal data processed
- Categories of data subjects
- Sub-processor list and notification procedures
- Technical and organizational security measures
- Data breach notification obligations
- Audit rights
- Data deletion and return upon contract termination
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the “Last Updated” date at the top of this policy
- Notify you by email or through a prominent notice on the Service
- Where required by law, obtain your consent to material changes
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.
19. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at support@eversince.ai.