Last updated: June 2023
This Privacy Notice applies to Users residing in the State of California (hereinafter the "California Privacy Notice" or "Notice"), who are entitled to certain rights and protections with respect to their personal information under the California Consumer Privacy Act of 2018 (the "CCPA" as amended by the California Privacy Rights Act of 2020, or “CPRA”). This Notice supplements the information contained in the EverAfter Privacy Policy (the "Privacy Policy") and solely applies to information “sold” or “shared” by us in the past 12 months.
The terms “personal information,” “business purpose,” “commercial purpose,” “sale,” “sensitive personal information,” and “service provider” as used in this Notice have the meanings ascribed to them in the CCPA. Capitalized terms used but not defined in this Notice will have the meanings set out in the Privacy Policy. If there is any conflict or inconsistency between the terms of this Notice and the Privacy Policy, the terms of this Notice will govern.
We may change this Notice from time to time. The last revision date will be reflected in the “Last updated” heading at this Notice’s top. Any changes to this Notice will become effective when posted unless indicated otherwise.
In the preceding 12 months, we have collected the following categories and types of personal information from California consumers and intend to continue doing so subject to the requirements under the CCPA. Please note that not all categories of information will be collected or received for every individual.
Personal information does not include publicly available information or lawfully obtained, truthful information that is a matter of public concern, information that is de-identified or aggregated with other consumer information, or information that falls outside the scope of the CCPA.
For more information about the types of personal information we collect, please see the “What Types of Information Do We Collect” section in our Privacy Policy
We may obtain and combine personal information from the sources listed below, which are further described in our Privacy Policy:
From time to time and subject to the requirements of the CCPA, we may offer you certain financial or otherwise incentives to encourage you to share your personal information with us, which we’ll use to send you future marketing communications. Those incentives may consist of discounts and/or credits on future purchases on our website. You always have the right under the CCPA to opt out of receiving these marketing communications and/or to request the deletion of your personal information from our records, as we describe below.
We collect and share your personal information for the following Business and Commercial purposes: to provide and improve our Services; to be able to deliver and enhance our Services, and to provide Users with technical assistance and support; to provide our Users with personalized Services; to respond to a “Contact Us” or administrative request (for example, to change your password); to send you updates, eBooks, webinar, customer reports, notices, notifications, newsletters, and additional information related to the Services; to create cumulative statistical data and other cumulative information that is non-personal, with which we and/or our business partners might make use in order to operate and improve our Services and offer related products; to identify and authenticate your access to the Services (or any part thereof) which you are authorized to access, including your Workspace; to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.
We do not make your data publicly available; we do not act as data brokers, and we do not trade in your data. However, certain standard and generally accepted business practices may be deemed as a "Sale" of data under the CCPA, such as when we utilize third-party service providers that provide us with services, while they retain certain rights to use your data for their own business needs (e.g., Google Analytics).
If you are a California customer, you have a right to request to opt-out of data transfers of personal information which we conduct. Please refer to Section 6 (“Your California Consumer Rights”) below for information on how EverAfter will accommodate such requests.
For more details on how and to whom we share your data please refer to the “The Way We Share Personal Information,” section in our Privacy Policy.
We may share your information, including personal and sensitive personal information, with our Service Providers to perform services specified by a written agreement. In addition, we may share personal information with our affiliates and subsidiaries, vendors working on our behalf, or when required by law or in relation to legal processes. These kinds of disclosures may be deemed selling or sharing personal information under California law and you have the right to opt out of these disclosures.
California consumers have the right to request access to the personal information we have collected about them in the last 12 months. You may make this request up to two times in a 12-month period.
You may also request additional details about our information practices, including the categories of personal information we have collected about you, the categories of sources of such collection, the Business or Commercial purposes for collecting, Sharing, Selling, or otherwise disclosing your personal information, the categories of third parties with whom we share, sell or otherwise disclose your personal information, the categories of personal information we have disclosed and "sold" or “shared” about you in the preceding 12 months, and the categories of third parties to whom we sold or shared personal information in the preceding 12 months.
You have the right to request the correction of inaccurate personal information. We reserve the right to request identifying documentation from you in certain circumstances, as permitted by law.
You have the right to request deletion of your personal information (subject to certain exceptions). Once we receive and confirm a consumer request, we will delete (and direct our Service Providers to delete) your personal information from our records, unless an exception applies.
You have the right to receive equal service and price and not be discriminated against even if you exercise any of your CCPA rights. Unless otherwise permitted by applicable law (such as if the differences are reasonably related to your information), we will not:
Our Services do not sell (as “sell” is traditionally defined) your personal information. We don’t provide your name, phone number, address, email address, or other personally identifiable information to third parties in exchange for money. However, under California law, certain cases of sharing information, such as for advertising purposes, may be considered a “sale” of “personal information.” If you’ve visited our digital properties within the past 12 months, personal information about you may have been “sold” under the CCPA to our advertising or other partners for their own use.
Under the CCPA and the CPRA, California residents now have the right to opt out of both the “sale” and “sharing” of personal information. We’ve made it easy for anyone to stop the information transfers that might be considered such a “sale” from our website or mobile app. For additional clarification, sharing your personal information with our service providers so that they may send you an email communication on our behalf isn’t considered a “sale” under the CCPA.
Finally, we may collect certain categories of personal information from you and third parties, as described in the “Collection” section above, that may be considered "Sensitive Personal Information" under California law. Our use of your Sensitive Personal Information is generally limited to performing services or providing the goods you requested.
We’ve made it easy for anyone to opt out of the information transfers that might be considered a Sale or Sharing under the CCPA by providing the methods listed below:
Please note that by opting out of the sale or sharing of your personal information:
California consumers may make a rights request by submitting a request via email at privacy@everafter.ai.
Your request must include sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information, which may include your email address, name, and account id (which is required only if you already have an account with us). Additionally, the request must provide enough detail for the company to properly understand which right(s) you wish to exercise and our ability to satisfy your request.
After you submit a request to exercise a California Consumer Right as described above (other than a request to stop the sale or sharing of your Personal Information or to limit the use and disclosure of your Sensitive Personal Information), we will acknowledge receipt of your request within 10 business days of receipt of your request and you will enter into a multi-step process.
First, we will ask you to verify your identity. Once your identity is successfully verified, your request will be processed.
After your identity is confirmed in relation to a request for access, correction, deletion, or appeal, we will provide a substantive response to your request as soon as we can, generally within 45 days from when we received your request. However, we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. If this is the case, we will endeavor to provide you with an explanation as to why.
For requests to delete your personal information (which in the case of EverAfter also includes any “opt-out” requests), we will comply within 15 business days after receipt of your request.
If you would like, you can permit someone to submit a request to know what Personal Information the Company has collected, or a request to delete the Personal Information that the Company has collected. This person is an “Authorized Agent.” If an Authorized Agent sends a request on your behalf, we will ask that person to give us proof that you gave them written permission to make a request for you. If that person doesn’t provide such written proof, we will deny their request so that we can protect your Personal Information.
If you would like to get in touch with us or if you have any privacy-related questions, concerns, requests, or complaints, please contact us.
By email: privacy@everafter.ai,
By mail: EverAfter AI Ltd. Yigal Alon 82, Tel Aviv, Israel 6789124.
Q: Where are EverAfter data centers located?
A: EverAfter hosts it’s systems in AWS US region, in multiple availability zones.
Q: Which Security and Privacy-related regulations, standards and certifications does EverAfter comply with?
A: EverAfter has a Service Organization Control 2 (SOC-2) Type II certificate and is compliant with The General Data Protection Regulation (EU) 2016/679 (GDPR).
Q: As it relates to the GDPR, is EverAfter considered a processor or a controller?
A. GDPR defines ‘Controller’ as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Everafter lets you integrate to your organizational systems and fetch data from the systems — in order to create hubs to share with your clients. herefore, according to the GDPR definitions, EverAfter is considered as a processor.
Q: How long does EverAfter retain my data for? What happens to the data if I stop using the service?
A: EverAfter keeps customer data for and retains your data for as long as your workspace is active.As soon as you stop using EverAfter, your workspace along with all your data will be deleted from our databases.
Q: Who is EverAfter’s security personnel?
A: In EverAfter, we understand security is very important to our clients and their users. This is why we have our most reliable and educated people taking care of the security. For any question or concern regarding security, please feel free to contacts Tal Shemesh, our CTO at securty@everafter.ai
Last updated: March 3th, 2022