Privacy Policy
Last updated: January 15, 2024
Introduction
At EvalGate ("we," "our," or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.
By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
Information We Collect
Personal Information
When you register for an account, we collect:
- Name and email address
- Compunknown or organization name
- Billing and payment information (processed securely through Stripe)
- Account credentials (passwords are encrypted and never stored in plain text)
Usage Data
We automatically collect information about how you use our platform:
- API requests and responses
- Evaluation runs and test results
- Trace data and spans (LLM calls, tokens, latency)
- Browser type, IP address, and device information
- Pages visited, features used, and time spent on the platform
AI Content
When you use our evaluation and tracing features, we store:
- LLM inputs and outputs
- Test cases and expected results
- Annotation task data
- Judge model evaluations
How We Use Your Information
We use the collected information to:
- Provide, maintain, and improve our services
- Process your transactions and send billing information
- Send administrative information and service updates
- Respond to your comments, questions, and support requests
- Monitor and analyze usage patterns and trends
- Detect, prevent, and address technical issues or security vulnerabilities
- Develop new features and enhance user experience
Data Storage and Security
We implement industry-standard security measures to protect your data:
- All data is encrypted in transit using TLS 1.3
- Database encryption at rest using AES-256
- Regular security audits and penetration testing
- Role-based access controls and audit logging
- Hosted on SOC 2 Type II certified infrastructure providers
Your data is stored on secure servers located in the United States. We use AWS, Vercel, and other trusted cloud providers with SOC 2 Type II certified infrastructure and strict security standards.
Data Sharing and Disclosure
We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:
- Service Providers: With third-party vendors who perform services on our behalf (e.g., payment processing, hosting)
- Legal Requirements: When required by law or to respond to legal process
- Business Transfers: In connection with a merger, acquisition, or sale of assets
- With Your Consent: When you explicitly authorize us to share your information
Data Retention and PII Handling
We retain your data only as long as necessary to provide our services and comply with legal obligations:
- Account Data: Retained while your account is active and for 90 days after deletion
- Trace Data: Retained according to your plan limits; automatically deleted after 90 days for free tier, 1 year for paid plans
- Evaluation Results: Retained for the duration of your subscription plus 90 days
- PII in Traces: We do not automatically scan or redact PII from trace data. You are responsible for ensuring compliance with data protection regulations when sending trace data containing PII
- Backups: Backup data is retained for 30 days and then permanently deleted
Upon account deletion, all associated data is permanently removed from our production systems within 30 days, and from backups within 60 days.
Your Rights and Choices
You have the following rights regarding your data:
- Access: Request a copy of the personal data we hold about you
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and associated data
- Export: Download your data in a portable format
- Opt-out: Unsubscribe from marketing communications
To exercise these rights, contact us at GitHub Issues
Cookies and Tracking
We use cookies and similar technologies to:
- Maintain your session and keep you logged in
- Remember your preferences and settings
- Analyze site traffic and usage patterns
- Improve our services and user experience
You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our platform.
Children's Privacy
Our services are not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.
International Data Transfers
If you are accessing our services from outside the United States, please note that your information will be transferred to and processed in the United States. By using our services, you consent to this transfer and processing.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of unknown material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Email: GitHub Issues
Address: EvalGate, Inc.
123 Market Street, Suite 400
San Francisco, CA 94103
Data Protection Officer: GitHub Issues