Eversince | Privacy Policy

This Privacy Policy describes how Eversince (“Eversince,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use the Eversince platform and services (collectively, the “Service”). It also explains your privacy rights and the choices available to you.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

Eversince is an AI creative agent. For privacy-related inquiries, contact us at support@eversince.ai.

1. Information We Collect

1.1 Information You Provide

Category	Examples
Account Information	Name, email address, password (hashed), profile picture
Payment Information	Billing address, payment card details (processed and stored by our payment processor — we do not store full payment card numbers)
User Content	Images, videos, audio files, brand assets, and reference materials you upload
Inputs and Prompts	Text prompts, descriptions, instructions, and parameters you provide to AI tools
Chat Messages	Messages you send to the AI agent within the studio
Voice Data	Audio recordings from your microphone when using speech-to-text features
Communications	Emails, support requests, and feedback you send us

1.2 Information Collected Automatically

Category	Examples
Device Information	Device type, operating system, browser type and version, screen resolution
Identifiers	IP address, unique device identifiers, advertising identifiers
Usage Data	Pages visited, features used, actions taken, time spent, navigation paths, referring URLs
Log Data	Server logs including access times, error logs, and request metadata
Location Data	Approximate geographic location derived from your IP address

1.3 Information from Third Parties

Source	Information
Google OAuth	Name, email address, and profile picture (when you sign in with Google)
Lemon Squeezy	Transaction confirmation and billing status

1.4 Cookies and Similar Technologies

We use cookies, local storage, and similar technologies to operate the Service, remember your preferences, and understand how you use the Service. See Section 13 for details.

2. How We Use Your Information

We use your information for the following purposes:

2.1 Providing and Operating the Service

Creating and managing your account
Processing your Inputs through AI models to generate Outputs
Transmitting your prompts, images, audio, and other content to third-party AI providers for processing
Storing and displaying your User Content, Inputs, and Outputs within your account
Enabling sharing and export features you initiate
Processing credits and payments
Delivering transactional emails (welcome messages, export notifications, account alerts)

2.2 Improving and Developing the Service

Analyzing usage patterns to improve features and user experience
Diagnosing technical issues and bugs
Monitoring system performance and reliability
Understanding how features are used to inform development priorities
Reviewing interactions with the AI agent (chat messages, agent actions, generation results) to evaluate and improve the quality of the Service, including agent behavior, prompts, tools, and workflows

We do not use your User Content, Inputs, or Outputs to train or fine-tune AI models (i.e., adjusting the weights or parameters of a machine learning model). See Section 15 for details.

2.3 Safety and Security

Preventing fraud, abuse, and unauthorized access
Enforcing our Terms of Use and Acceptable Use Policy
Monitoring for prohibited content
Protecting the rights, safety, and property of Eversince and our users

2.4 Communications

Responding to your support requests and inquiries
Sending service-related notices and updates
Sending marketing communications (with your consent, where required)

2.5 Legal Compliance

Complying with applicable laws, regulations, and legal processes
Responding to lawful requests from public authorities
Establishing, exercising, or defending legal claims

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data under the following legal bases:

Legal Basis	Processing Activities
Performance of Contract (Art. 6(1)(b) GDPR)	Account creation and management, processing Inputs to generate Outputs, credit and payment processing, providing customer support
Legitimate Interests (Art. 6(1)(f) GDPR)	Service improvement and analytics, fraud prevention and security, debugging and performance monitoring. Our legitimate interests do not override your fundamental rights and freedoms.
Consent (Art. 6(1)(a) GDPR)	Marketing communications, non-essential cookies and analytics tracking. You may withdraw consent at any time.
Legal Obligation (Art. 6(1)(c) GDPR)	Tax and accounting records, responding to lawful data requests, compliance with applicable regulations

4. How We Share Your Information

We share your information with the following categories of recipients:

4.1 Third-Party AI Service Providers

To provide AI generation features, we transmit your data to third-party AI providers. See Section 5 for a complete list of providers and what data is shared with each.

4.2 Infrastructure and Service Providers

Provider	Purpose	Data Shared
Supabase	Database, authentication, file storage	Account data, project data, user content metadata, authentication tokens
Cloudflare	Content delivery, object storage (R2), security, bot protection (Turnstile)	Generated media files, user uploads, request metadata, bot detection tokens
Vercel	Application hosting	Server logs, request data
Inngest	Background job processing	Event data for async generation tracking, email triggers
Resend	Transactional email delivery	Email addresses, email content
Remotion / AWS Lambda	Video rendering and export	Timeline data, scene configurations
PostHog	Product analytics	Usage data, feature interactions, device information, IP address (anonymized)
Lemon Squeezy	Payment processing and subscriptions	Payment card details, billing address, transaction data, subscription status
Stripe	Payment processing (via Lemon Squeezy)	Payment card details, billing address, transaction data
Sentry	Error monitoring and performance tracking	Error reports, stack traces, request metadata, device information
Intercom	Customer support messaging	Name, email address, user ID, support conversations
Upstash	Rate limiting and caching (Redis)	Request metadata, rate limit counters

4.3 Other Disclosures

We may also share your information:

With your consent — when you direct us to share information
For legal reasons — to comply with applicable law, legal process, or government requests; to enforce our Terms; to protect the rights, privacy, safety, or property of Eversince, our users, or the public
Business transfers — in connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the successor entity
Aggregated or de-identified data — we may share aggregated or de-identified information that cannot reasonably be used to identify you

We do not sell your personal information for monetary consideration. See Section 11.2 for details on how “sale” and “sharing” are defined under California law.

5. Third-Party AI Service Providers

The following third-party AI providers process your data when you use AI features. We select providers that, under their standard API and enterprise terms, do not use customer inputs or outputs for training their own models. However, each provider has its own privacy policy and practices.

Provider	Features	Data Processed	Provider Privacy Policy
Google Cloud / Vertex AI	Image generation (Imagen), video generation (Veo), video analysis (Gemini)	Text prompts, reference images, video frames, audio	Google Cloud Privacy Notice
Anthropic	AI agent (Claude) — orchestrates creative workflows, chat	Chat messages, project descriptions, scene context	Anthropic Privacy Policy
Replicate	Image, video, and music generation (various models)	Text prompts, reference images, song lyrics	Replicate Privacy Policy
BytePlus / ModelArk	Image generation, video generation	Text prompts, reference images, video, audio	BytePlus Privacy Policy
xAI	Image and video generation (Grok)	Text prompts	xAI Privacy Policy
ElevenLabs	Text-to-speech voiceover, sound effects, music composition	Text scripts, music composition parameters	ElevenLabs Privacy Policy
OpenAI	Text-to-speech, text processing	Text for speech synthesis, text content	OpenAI Privacy Policy
Deepgram	Speech-to-text transcription	Real-time audio stream from microphone	Deepgram Privacy Policy
Perplexity	Market research and web search for the AI agent	Research queries	Perplexity Privacy Policy
Firecrawl	Website content extraction (for creative research)	URLs you provide	Firecrawl Privacy Policy

We may update this list as we add, remove, or change providers. Material changes to our provider list will be reflected in updates to this Privacy Policy.

6. International Data Transfers

Eversince is operated from Menakhem Begin Rd 121, Tel Aviv-Yafo, Israel. Your information may be transferred to, stored, and processed in the United States, Israel, and other countries where our service providers operate, including countries that may not provide the same level of data protection as your home country.

6.1 Transfers from the EEA, UK, and Switzerland

For transfers of personal data from the EEA, UK, or Switzerland to the United States or other countries without an adequacy decision, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914)
EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework, where applicable
Supplementary measures including encryption in transit (TLS) and at rest, access controls, and data minimization

6.2 Sub-Processor Data Transfers

Our sub-processors may transfer data to various jurisdictions. We require that all sub-processors implement appropriate safeguards for international data transfers consistent with applicable data protection law.

7. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data Category	Retention Period
Account Information	Retained while your account is active. Deleted within 90 days of account deletion.
User Content and Outputs	Retained while your account is active. Deleted within 90 days of account deletion or when you delete specific content.
Chat Messages and Inputs	Retained while your account is active as part of your project history. Deleted within 90 days of account deletion.
Voice Data	Processed in real-time for transcription. Audio streams are not stored by Eversince after processing.
Payment Records	Retained as required for tax and accounting purposes (typically 7 years).
Usage and Log Data	Retained for up to 12 months for analytics and debugging, then aggregated or deleted.
Cookies and Tracking Data	See Section 13.

When data is deleted, it is removed from our active systems. Backup systems may retain data for an additional period (typically up to 30 days) before automatic purge.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

Encryption of data in transit (TLS/HTTPS) and at rest
Row Level Security (RLS) policies ensuring users can only access their own data
Hashed password storage (through Supabase Auth)
API keys and credentials stored securely in environment variables, never exposed to the client
Access controls and authentication for all backend services

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your information. If you believe your account has been compromised, contact us immediately at support@eversince.ai.

8.1 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

EEA/UK users: Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay (Article 34).
US users: Notify you in accordance with applicable state breach notification laws. All US states require breach notification, with timelines typically ranging from 30 to 60 days.
All users: Provide details about the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach.

We will cooperate with relevant authorities in the event of a data breach.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We honor privacy rights for all users regardless of location, to the extent technically feasible.

9.1 Rights for All Users

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate personal information
Deletion: Request deletion of your personal information and account
Data Export: Export your Outputs and project data through the Service before account deletion
Marketing Opt-Out: Unsubscribe from marketing communications at any time

9.2 How to Exercise Your Rights

You can exercise these rights by:

Using the account settings and features within the Service
Contacting us at support@eversince.ai

We will respond to your request within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA). We may need to verify your identity before processing your request.

10. Additional Rights for EEA, UK, and Swiss Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following additional rights under the GDPR:

Right to Restriction: Request that we restrict processing of your personal data in certain circumstances
Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format, and transmit it to another controller
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes. Where you object to processing for direct marketing, we will cease such processing immediately. For other objections based on legitimate interests, we will cease processing unless we demonstrate compelling legitimate grounds.
Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing
Right Regarding Automated Decision-Making: We do not make decisions based solely on automated processing that produce legal effects or similarly significant effects on you. AI content generation is a tool you direct, not an automated decision about you.

Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at the European Data Protection Board website.

EU/EEA Representative (GDPR Article 27): Emi Tsoref, Estrada Colegio, Quinta Lys, Caixa Postal 450-R, 8600-073 Bensafrim, Lagos, Portugal. Email: hello@eversince.ai

11. Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”).

11.1 Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information:

CCPA Category	Examples	Sources	Business Purpose
Identifiers	Name, email, IP address, account ID	You, automatically	Account management, service delivery
Customer Records	Billing address, payment information	You	Payment processing
Commercial Information	Purchase history, credit balances, subscription data	You, automatically	Billing, service delivery
Internet/Electronic Activity	Browsing history, feature usage, interaction data	Automatically	Analytics, service improvement
Geolocation Data	Approximate location from IP address	Automatically	Security, compliance
Audio, Electronic, Visual Information	Uploaded images/videos, microphone audio, generated content	You	Service delivery (AI generation)
Inferences	Usage patterns, feature preferences	Automatically	Service improvement

11.2 Sale and Sharing of Personal Information

We do not sell your personal information for monetary consideration.
We may share (as defined under CCPA) certain identifiers and internet activity data with analytics providers for service improvement purposes. You have the right to opt out of this sharing.

We do not sell or share the personal information of consumers under 16 years of age.

11.3 Your CCPA Rights

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
Right to Delete: Request deletion of your personal information (subject to certain exceptions)
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing: Opt out of the sale or sharing of your personal information
Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond what is necessary to provide the Service
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

11.4 How to Exercise CCPA Rights

Opt-Out of Sharing: Contact support@eversince.ai or use the opt-out mechanism on our website when available
All Other Requests: Contact support@eversince.ai
Authorized Agent: You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority.

11.5 Global Privacy Control

We honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out of the sale or sharing of personal information associated with that browser.

12. Additional Rights Under Other US State Privacy Laws

If you reside in a state with a comprehensive privacy law (including Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Minnesota, Maryland, Tennessee, Indiana, Kentucky, Rhode Island, and others), you may have similar rights to access, correct, delete, and opt out of certain processing of your personal information.

To exercise your rights under any state privacy law, contact support@eversince.ai. We will process your request in accordance with the applicable law for your state of residence.

Where applicable, we honor universal opt-out signals (such as Global Privacy Control) as valid opt-out requests under your state's privacy law.

13. Cookies and Similar Technologies

13.1 Types of Cookies We Use

Cookie Type	Purpose	Required Consent?
Strictly Necessary	Essential for the Service to function (authentication, security, session management)	No (required for service)
Functional	Remember your preferences and settings	Yes (EEA/UK)
Analytics	Understand how you use the Service to improve it (PostHog)	Yes
Marketing	Deliver relevant advertising (if applicable)	Yes

13.2 Managing Cookies

Cookie Banner: When visiting our website from the EEA/UK, you may be presented with a cookie consent mechanism allowing you to accept or reject non-essential cookies.
Browser Settings: You can manage cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.
Opt-Out Links: For specific analytics or advertising cookies, you can use the opt-out mechanisms provided by those services.

13.3 Do Not Track

In addition to GPC signals (Section 11.5), we respect browser-level Do Not Track (DNT) preferences where technically feasible. When a DNT signal is detected, we limit non-essential tracking.

14. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@eversince.ai. If we discover that we have collected personal information from a child under 18, we will delete that information promptly.

15. AI-Specific Privacy Disclosures

15.1 How AI Processing Works

When you use AI features, your Inputs (prompts, images, audio, descriptions) are transmitted to third-party AI providers who process them to generate Outputs. This processing happens in real-time or near-real-time on the provider's infrastructure.

15.2 No Model Training on Your Data

We do not use your User Content, Inputs, or Outputs to train or fine-tune AI models — that is, we do not use your data to adjust the weights or parameters of any machine learning model, whether our own or any third party's. Your content is processed solely to generate the specific Outputs you request.

We do review and analyze interactions with the Service — including chat messages, agent actions, and generation results — to evaluate and improve the quality of the Service. This includes improving the AI agent's behavior, prompts, tools, and workflows. This is service improvement, not model training.

Our third-party AI providers process your data under API/enterprise terms that prohibit the use of customer data for model training. However, each provider has its own practices and policies, and we encourage you to review their privacy policies (linked in Section 5).

15.3 AI Agent and Chat Data

The AI agent (powered by Anthropic Claude) processes your chat messages and project context to assist you in creating content. This includes:

Your messages in the chat interface
Scene descriptions and project settings
Reference to your uploaded content and previously generated Outputs

Chat conversations are stored in your account and associated with your projects. They are not shared with other users. As described in Section 2.2 and 15.2, we may review interactions with the AI agent to evaluate and improve the quality of the Service.

15.4 Speech-to-Text Processing

When you use voice input features, your microphone audio is streamed in real-time to Deepgram for transcription. The raw audio stream is not stored by Eversince after the transcription is complete. However, the resulting text transcription and conversation summaries are retained as part of your project's chat history (see Section 7, Chat Messages and Inputs). Deepgram's retention and processing practices are governed by their own privacy policy.

15.5 AI-Generated Content Metadata

Outputs generated through the Service may contain metadata indicating they were AI-generated. This metadata supports compliance with emerging regulations on AI content labeling and transparency. You should not remove this metadata when distributing content in jurisdictions that require AI content disclosure.

15.6 Shared and Exported Content

When you export or share content through the Service, it is stored on our content delivery infrastructure (Cloudflare R2) and accessible via a public URL. Anyone with the link can view the shared content. We do not index shared content for search engines by default, but we cannot prevent recipients from further distributing the link. Once you share a link, you are responsible for controlling its distribution.

Shared content remains accessible until you delete it from your account or until your account is terminated. Upon account deletion, shared content is removed in accordance with the retention schedule in Section 7.

16. Data Processing Agreement

If you are a business customer subject to GDPR and require a Data Processing Agreement (DPA), please contact us at support@eversince.ai. We offer a standard DPA that covers:

Subject matter and duration of processing
Nature and purpose of processing
Types of personal data processed
Categories of data subjects
Sub-processor list and notification procedures
Technical and organizational security measures
Data breach notification obligations
Audit rights
Data deletion and return upon contract termination

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

Update the “Last Updated” date at the top of this policy
Notify you by email or through a prominent notice on the Service
Where required by law, obtain your consent to material changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

18. Teams

This section explains how we handle personal information in connection with the Teams feature, which allows a Team Admin to purchase Seats, invite Team Members, and manage shared Team Credits. Capitalized terms used in this section have the meanings given in our Terms of Use.

18.1 Information We Collect for Teams

From the Team Admin: Team name, Seat count, billing information (handled by our payment provider), and the email addresses of individuals the Team Admin invites to the Team.
About Team Members: Account information for each Team Member (as described in Section 1), Team membership status (pending, active, removed), whether the Team Member has signed in to their account, the Team Member's current Credits balance, and whether the Team Member has a personal Pro subscription.
Team activity logs: Records of Team Credit purchases, distributions, and reallocations, including the Team Member involved and the amounts.

18.2 What Team Admins Can and Cannot See About Team Members

Team Admins have a Team management dashboard that displays limited information about each Team Member to enable Team administration. Team Admins can see:

The Team Member's email address (as submitted during invitation);
The Team Member's Team membership status (pending, active, or removed) and whether the Team Member has signed in to their account at least once;
The Team Member's current Credits balance, which may include Credits that the Team Member purchased on their own account in addition to Credits distributed to them by the Team;
Whether the Team Member has a personal Pro subscription;
The history of Team Credit transactions involving that Team Member.

Team Admins cannot see:

The Team Member's projects, scenes, timelines, or any User Content;
The Team Member's Inputs, prompts, chat messages with the AI agent, or Outputs;
The Team Member's personal account settings or profile details beyond what is listed above;
Any activity the Team Member performs outside of the Team management context.

Each Team Member's creative work and conversations with the AI agent remain private to that Team Member.

18.3 Invitation Emails

When a Team Admin enters an email address to invite an individual to a Team, that email address is stored in our systems and associated with the Team. If the email address does not correspond to an existing Eversince account, an invitation email is sent to that address asking the recipient to create an account on Eversince. If the email address does correspond to an existing Eversince account, the invited individual is notified within the Service and must expressly accept the invitation before becoming a Team Member. The Team Admin is responsible for ensuring they have the authority to provide that email address to Eversince and to invite that individual, as set out in our Terms of Use. If you receive an invitation from Eversince and believe it was sent without your consent, you may decline the invitation within the Service, or contact us at support@eversince.ai.

18.4 Our Role Under Data Protection Law

For the limited information that a Team Admin provides to manage their Team — specifically, the email addresses and Team membership status of invited individuals — Eversince acts as a processor on behalf of the Team Admin, and the Team Admin acts as the controller of that information. For all other personal information processed in connection with each Team Member's individual use of the Service (including their account, User Content, Inputs, Outputs, chat messages, and usage data), Eversince acts as a controller directly with the Team Member, and our handling of that information is governed by the rest of this Privacy Policy.

18.5 Activity Logs and Audit Trail

We maintain logs of Team Credit purchases, distributions, reallocations, and Team Member additions and removals to enable Team administration, support, and dispute resolution. These logs are visible to the Team Admin within the Team dashboard.

18.6 What Happens When a Team Ends

When a Team subscription is cancelled, expires, or is terminated, or when a Team Member is removed from a Team, the Pro access granted through the Team is revoked. The Team Member's own Eversince account, User Content, Outputs, personal Credits, and other personal information are not affected and remain subject to this Privacy Policy and to the Team Member's own choices, including their right to delete their account.

18.7 Data Processing Agreement for Teams

Team Admins who require a Data Processing Agreement to govern Eversince's processing of personal information on their behalf may request one as described in Section 16.

19. Third-Party Application Access

You may connect third-party applications (such as Claude, Cursor, or other MCP-compatible clients) to your Eversince account via OAuth 2.1. When you authorize a third-party application:

The application can create and manage projects, spend credits, upload files, and access your project history, skills, and preferences on your behalf.
We share your account email and the data you explicitly request through the connected application. We do not share your password or payment information.
You can view and revoke connected applications at any time in your account settings under Connected Apps.
Access tokens are short-lived and automatically refreshed. Revoking access immediately invalidates refresh tokens.
We are not responsible for how third-party applications handle data received from your Eversince account. Review each application's own privacy policy before connecting.

20. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at support@eversince.ai.