Privacy Policy, EvadeGPT

§01What we collect

In plain English

Your email + password (hashed) to run your account, the text you paste in to process it, and standard device/usage signals to keep the service running and safe.

We collect the information you give us directly and a small amount we collect automatically when you use EvadeGPT (the "Services").

Things you give us

Account info. Email, password (stored only as a salted hash), and optional profile details like a display name or avatar.
Payment info. Billing is handled by Stripe, we never see or store full card numbers. We keep the Stripe customer ID, plan tier, and invoice history.
Content you submit. The text, prompts, and uploads you put into our tools. We process these to deliver the feature you asked for.
Messages to us. Anything you email, post in our feedback channels, or submit through the contact form.

Things we collect automatically

Device + network signals. IP, browser version, OS, and approximate region. Used to serve the app, protect against abuse, and keep sessions alive.
Usage telemetry. Which features you use, how long requests take, and whether they succeed. We don't read your content to do this.
Cookies. Essential (login, sessions), analytics (Vercel), and a marketing pixel (Meta) for ad measurement. You can opt out of non-essential cookies in your browser.

§02How we use it

In plain English

To deliver the feature you asked for, keep your account secure, and occasionally email you about important updates. That's it.

Run the Services. Process your text, return results, bill correctly, and prevent runaway usage.
Keep accounts safe. Authenticate sessions, detect abuse, and block automated attacks.
Talk to you. Transactional email (password resets, billing receipts, critical security notices). Marketing email only if you opt in.
Improve the product. Aggregate usage patterns help us know what to build next. We don't train foundation models on your content, see AI training, the honest answer.
Meet legal obligations. Tax, fraud, subpoena response, and enforcement of our Terms of Service.

§04AI training, the honest answer

In plain English

We do not train models on your content. Upstream providers are contractually bound to the same. If that ever changes, this section changes first.

Your prompts and outputs are processed ephemerally by our AI provider of choice and returned to you. They are not added to any training corpus. Our upstream providers (OpenRouter routing, DeepSeek direct, Gemini, xAI, etc.) operate under data-processing agreements that prohibit training on API traffic unless you explicitly opt in, which we do not.

We keep short-lived request logs for debugging and abuse detection. These are purged automatically.

§05How we secure your data

In plain English

TLS everywhere, hashed passwords, row-level security on the database, least-privilege access, and rapid incident response.

Encryption in transit (TLS 1.2+) on every request.
Encryption at rest for the primary database.
Passwords stored only as salted bcrypt hashes, we can never "look them up".
Row-level security (RLS) on every user-scoped table so one account can't see another's data even via a bug.
Production access limited to on-call engineers for incident response.

No service is 100% secure. If we ever detect a breach that affects you, we'll notify affected users within 72 hours of confirmation.

§06How long we keep it

In plain English

Account data while you have an account. Submitted content is kept only as long as needed to deliver the feature and return results. Delete your account and it all goes.

Account records: kept for the lifetime of your account.
Submitted content (humanizer input, chat messages, etc.): stored alongside your account so you can re-open past sessions, removed when you delete the session or the account.
Billing + invoices: retained for 7 years to comply with tax law, even after account deletion.
Short-lived logs: purged within 30 days.

§07Your rights + choices

In plain English

You can see it, fix it, export it, or delete it. Email us and we'll act within 30 days.

Access: request a copy of the personal info we hold about you.
Correction: ask us to fix anything inaccurate.
Deletion: delete your account in settings, or email us and we'll do it for you.
Portability: export your sessions, essays, and flashcards from inside the app, or request a complete dump from support.
Opt-out: unsubscribe from marketing email via the footer link in any message.

Email us at contactevadegpt@gmail.com to exercise any of these rights. We verify identity before acting and respond within 30 days.

§08Users under 18

In plain English

The Services are intended for adults. If you're under 18, please don't use EvadeGPT without a guardian involved.

EvadeGPT is not directed at children. We do not knowingly collect personal information from anyone under 18. If we learn that we have, we'll delete it. If you believe a minor has signed up, contact contactevadegpt@gmail.com and we'll act quickly.

§09International transfers

In plain English

Our servers are primarily in the EU/US. If you're elsewhere, your data crosses borders to reach them.

By using EvadeGPT you consent to your data being transferred to and processed in countries where we and our vendors operate. We use Standard Contractual Clauses with EU/UK vendors and comparable safeguards elsewhere.

§10Changes to this policy

In plain English

We'll update this page when our practices change. Material changes get an email + in-app notice before they take effect.

The "Updated" badge at the top of this page reflects the most recent revision. For material changes (new categories of data, new sharing, narrower retention), we'll tell you in the app or by email at least 14 days before the change takes effect.

§11Reach us

Questions about this policy, or want to exercise a right? Email contactevadegpt@gmail.com or use the contact form. We read every message.

§01What we collect

In plain English

Your email + password (hashed) to run your account, the text you paste in to process it, and standard device/usage signals to keep the service running and safe.

We collect the information you give us directly and a small amount we collect automatically when you use EvadeGPT (the "Services").

Things you give us

Account info. Email, password (stored only as a salted hash), and optional profile details like a display name or avatar.
Payment info. Billing is handled by Stripe, we never see or store full card numbers. We keep the Stripe customer ID, plan tier, and invoice history.
Content you submit. The text, prompts, and uploads you put into our tools. We process these to deliver the feature you asked for.
Messages to us. Anything you email, post in our feedback channels, or submit through the contact form.

Things we collect automatically

Device + network signals. IP, browser version, OS, and approximate region. Used to serve the app, protect against abuse, and keep sessions alive.
Usage telemetry. Which features you use, how long requests take, and whether they succeed. We don't read your content to do this.
Cookies. Essential (login, sessions), analytics (Vercel), and a marketing pixel (Meta) for ad measurement. You can opt out of non-essential cookies in your browser.

§02How we use it

In plain English

To deliver the feature you asked for, keep your account secure, and occasionally email you about important updates. That's it.

Run the Services. Process your text, return results, bill correctly, and prevent runaway usage.
Keep accounts safe. Authenticate sessions, detect abuse, and block automated attacks.
Talk to you. Transactional email (password resets, billing receipts, critical security notices). Marketing email only if you opt in.
Improve the product. Aggregate usage patterns help us know what to build next. We don't train foundation models on your content, see AI training, the honest answer.
Meet legal obligations. Tax, fraud, subpoena response, and enforcement of our Terms of Service.

§04AI training, the honest answer

In plain English

We do not train models on your content. Upstream providers are contractually bound to the same. If that ever changes, this section changes first.

We keep short-lived request logs for debugging and abuse detection. These are purged automatically.

§05How we secure your data

In plain English

TLS everywhere, hashed passwords, row-level security on the database, least-privilege access, and rapid incident response.

Encryption in transit (TLS 1.2+) on every request.
Encryption at rest for the primary database.
Passwords stored only as salted bcrypt hashes, we can never "look them up".
Row-level security (RLS) on every user-scoped table so one account can't see another's data even via a bug.
Production access limited to on-call engineers for incident response.

No service is 100% secure. If we ever detect a breach that affects you, we'll notify affected users within 72 hours of confirmation.

§06How long we keep it

In plain English

Account data while you have an account. Submitted content is kept only as long as needed to deliver the feature and return results. Delete your account and it all goes.

Account records: kept for the lifetime of your account.
Submitted content (humanizer input, chat messages, etc.): stored alongside your account so you can re-open past sessions, removed when you delete the session or the account.
Billing + invoices: retained for 7 years to comply with tax law, even after account deletion.
Short-lived logs: purged within 30 days.

§07Your rights + choices

In plain English

You can see it, fix it, export it, or delete it. Email us and we'll act within 30 days.

Access: request a copy of the personal info we hold about you.
Correction: ask us to fix anything inaccurate.
Deletion: delete your account in settings, or email us and we'll do it for you.
Portability: export your sessions, essays, and flashcards from inside the app, or request a complete dump from support.
Opt-out: unsubscribe from marketing email via the footer link in any message.

Email us at contactevadegpt@gmail.com to exercise any of these rights. We verify identity before acting and respond within 30 days.

§08Users under 18

In plain English

The Services are intended for adults. If you're under 18, please don't use EvadeGPT without a guardian involved.

§09International transfers

In plain English

Our servers are primarily in the EU/US. If you're elsewhere, your data crosses borders to reach them.

§10Changes to this policy

In plain English

We'll update this page when our practices change. Material changes get an email + in-app notice before they take effect.

§11Reach us

Questions about this policy, or want to exercise a right? Email contactevadegpt@gmail.com or use the contact form. We read every message.

§01What we collect

Things you give us

Things we collect automatically

§02How we use it

§03Who we share it with

§04AI training, the honest answer

§05How we secure your data

§06How long we keep it

§07Your rights + choices

§08Users under 18

§09International transfers

§10Changes to this policy

§11Reach us

§01What we collect

Things you give us

Things we collect automatically

§02How we use it

§03Who we share it with

§04AI training, the honest answer

§05How we secure your data

§06How long we keep it

§07Your rights + choices

§08Users under 18

§09International transfers

§10Changes to this policy

§11Reach us