evrhaven

EVRHaven Privacy Policy

Last updated: October 30, 2025

Back to app

This Privacy Policy explains how evrhaven ("we," "us," or "our") collects, uses, and protects information when you use our family-law help platform, including the LLM-powered case assistant, web dashboard, and any integrations (the "Service"). We know people use this product during stressful, sensitive family situations. Our defaults are simple: we minimize what we collect, keep it compartmentalized per case, and we do not sell your data.

1. Who this is for

This policy applies to people who create an account on evrhaven, connect third-party services (such as Gmail) for case imports, or chat with the LLM assistant about an active or potential family law matter. If you are using evrhaven on behalf of someone else, you are responsible for having the right to share that information.

2. What we collect

A. Account & profile data

  • Name or display name
  • Email address (required for login and notifications)
  • Password or SSO identifier (stored only as secure hashes)
  • Timezone and locale preferences

B. Case data you provide

  • Case title/ID, type, events, filings, and notes you enter
  • Documents you upload or attach
  • Information typed into the Case Chat Interface

C. Messages from integrations (e.g., Gmail)

If you connect Gmail, we may read and import message headers, bodies, attachments, and labels solely for the purposes you select (for example, importing messages into a case). We do not read mailboxes you did not connect and we do not sell Gmail data.

Google-specific notice: our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

D. Usage & device data

We collect limited log data (timestamps and app actions) and device/browser details to diagnose issues and protect the Service.

3. What we do with your information

  1. Provide the Service (case creation, timelines, document storage, chat, imports).
  2. Run the LLM assistant by sending your prompts and relevant context to our AI layer.
  3. Improve relevance through per-case vector search that keeps content scoped to the active case.
  4. Support security, debugging, abuse prevention, and rate limiting.
  5. Communicate with you about accounts, security, and product updates.

We do not sell your personal information.

4. AI / LLM use and data separation

The platform is designed around case isolation. Data stays inside the case where it was created unless you explicitly request a cross-case lookup. By default we do not use private case content to train models. When third-party model providers (such as OpenAI, Azure OpenAI, or Anthropic) are involved, your data is transmitted only to produce the requested answer. We prioritize providers that support private/enterprise usage and follow tenant-specific data requirements when the Service is deployed in your environment.

5. Legal basis (EEA/UK)

We process data under contract (to deliver the Service), legitimate interests (to secure and maintain the platform), and consent (for optional integrations or communications). You may withdraw consent at any time.

6. How long we keep data

We retain information while your account or case is active or as needed to provide the Service. Afterward, data may be archived, anonymized, or securely deleted per legal or business requirements. Disconnecting Gmail stops future imports, and previously imported messages remain until you remove them.

7. How we protect data

  • Encryption in transit (HTTPS/TLS)
  • Role- and tenant-scoped access to case data
  • Per-case data stores where possible
  • Audit trails for administrative access
  • Least-privilege permissions for support staff

8. Sharing and disclosures

We share information with service providers (hosting, storage, email, AI inference), to comply with legal obligations, or at your direction (such as inviting collaborators or exporting data). We do not sell personal data and do not allow third parties to use it for their own marketing.

9. Third-party integrations (Gmail)

Connecting Gmail routes you to Google’s OAuth screen. We receive tokens scoped only to the permissions you approved and use them solely for the features you enabled (e.g., importing messages). You may revoke access from Google at any time; revoked scopes may impair related features.

10. Children’s privacy

You may store information about a child when it is relevant to your case, provided you have the right to share it. The Service is not directed to children under 13 and we do not knowingly collect account data from children. Contact us if a child has created an account and we will delete it.

11. Your rights

Depending on your location, you may request access, correction, deletion, export, consent withdrawal, or objection/restriction of processing. We honor these rights where legally required and technically feasible, while retaining necessary records such as security or billing logs.

12. Data location

Data may be processed in the United States or other regions where our providers operate. Dedicated or single-region deployments are available via separate agreements for firms that require them.

13. Changes to this policy

We may update this policy from time to time. Material changes will be announced in the app or via email. Your continued use of the Service indicates acceptance of the updated policy.

14. Contact

Questions, rights requests, or addendum inquiries:

Privacy – evrhaven
Email: evermed@evermedresearch.org