The following policies (Security and Privacy Policies) describe our practices regarding the collection, processing, use, backups, and disclosure of the information we collect from and about you when you access our websites (including evxsoftware.com) and when you use the EVX Software Services that link to this Policy (the “Services”). By accessing our websites or using the Services, you agree to this Privacy Policy and our Terms of Service.
At EVX Software, we always put our clients and our users first. We have worked hard to make these policies the leading standard in data protection, encompassing both data security and privacy. We make our best effort to take all possible technical, legal, and organizational measures to protect your personal data against accidental and unlawful destruction or accidental loss, alteration, unauthorized disclosure or access.
As a Software as a Service provider, EVX Software handles two main concerns and two main sets of information.
The two main concerns are:
The two mains sets of information are:
In the following sections, we describe the policies that address these concerns and the treatment of each set of data.
We hope you find these policies not only satisfactory, but the best in the industry. With that said, if you do not agree to any of our security or privacy policies, we kindly ask that you choose not to use our website and/or our services.
As an introduction to our policies, let’s begin by further defining the two main sets of information.
The first set of information (we call it ‘Personal Information’) is used to provide you with the best possible service. Our only intention is to reach out to you for support and to make your experience with EVX Software a good and pleasant one. We do use that information to provide you with news about EVX Software, the industry in general, and services we offer that we believe might be of interest to you. If at any point you feel we are being overwhelming or invasive, we have processes in place to reduce our communication outreach - even to the point of deleting all records we have of you.
Another frequent concern and something we honor is: we don’t share or sell your personal information to any third-party entities. The only people who have access to your personal information through our systems are our employees, partners, and contractors, and they use this information with the sole purposes described above. Everybody on our team signs a confidentiality agreement and a code of conduct that expressly forbids them of using this data with any other purpose. We implement technical and procedural security controls to monitor and ensure this.
The second set of information (we call it ‘Private Information’) is the business information you trust EVX Software, through your installation of our platform, to store and process for you. Nobody, other than you and your team, can access this information without your explicit permission. The only reason we would access this information is to help you troubleshoot any issues, support you during your EVX Software implementation, or any other action that you request from us to help you make the best use of the system.
When client data is stored on the EVX Software cloud, it is physically stored in a specialized Data Center. Data Centers are buildings specially equipped to host server computers and possess many security measures to control access; as well as contingency measures to ensure power supply, redundant network access; as well as preventive measures to block intrusion attempts, cope with fires, earthquakes, and other acts of nature or vandalism that could affect a system server.
The EVX Software team works hard to select its Data Centers, ensuring their security and confidentiality policies adhere to EVX Software standards, and are among the largest and most recognized in the world.
EVX Software Data Centers have been designed to provide the maximum level of security and confidentiality. All EVX Software Data Centers have a 24*7*365 system for monitoring, redundant energy, fire prevention and additional hardware security systems.
To access Data Center rooms, several security and surveillance measures have to be met, ensuring that only authorized personnel access the location.
EVX Software owns and manages its proprietary security controls, firewalls, antivirus and monitoring systems to ensure 24 x 7 x 365 hardware and software support and control of its client’s data and systems, ensuring detection and alerts over suspicious activity.
All of EVX Software’s infrastructure servers are up to date with the latest versions and secured with state-of-the-art software security systems.
All EVX Software servers are dedicated for EVX Software only (No shared or virtualized environments are used).
Each and every client installation hosted on the EVX Software cloud is backed up in adherence to our backup policies, detailed below.
Access to EVX Software servers is restricted by a dual password system. No EVX Software employee has the technical possibility of accessing the servers without the additional approval of a colleague.
In case a client wishes to encrypt their information transferred to and from their EVX Software installation, an SSL certificate that enables HTTPS connections can be deployed.
All cloud based EVX Software installations are backed up to ensure data integrity.
Backups are performed using state-of-the-art technology in real time. Backups include a copy of the database as well as a copy of the file-system files, so data integrity is safeguarded in case of hardware or software failure.
Backups are performed in an independent server, under an independent geographical location, so that data integrity is also ensured in case of large-scale disasters (fires, earthquakes, armed attacks, etc.).
All clients have, at their disposal, a copy of their system, which can be downloaded free of charge once a month; or more often should the client contract a higher frequency service.
Additionally, a weekly backup of the server is made and kept on a third geographical location, so that information has a double backup system.
In using the Services, you may upload or input various types of content, including but not limited to: tasks, attachments, project names, team names, and conversations (together, the “Content” or “Private Information”).
This information is treated with the highest possible level of privacy and confidentiality that we can provide, and we take every possible legal, technical and procedural measure to ensure this policy. The security policies have been described in the section above. The legal and procedural policies are described in the section below.
If you are using the Services in connection with an account created by an EVX Software Customer (e.g., employer, organization, or an individual), the service will automatically collect, store and process the content you submit on behalf of the customer. As described more throughout this Policy, our Customers, and not EVX Software, determine their own policies regarding storage, access, modification, deletion, sharing, and retention of Content which may apply to your use of the Services. For example, a Customer may provide or remove access to the Services, enable or disable third party integrations, manage permissions, retention and export settings, transfer or assign teams, or share projects.
Please check with the Customer about the policies and settings that they have instituted with respect to the Content that you provide when using the Services.
EVX Software uses all reasonable legal measures to ensure client data is protected and confidential. The EVX Software Terms of Service clearly states that EVX Software does not own and has no rights over the customer’s data that is stored on its servers.
EVX Software takes all necessary actions to ensure compliance with the European Parliament General Data Protection Regulation (EU 2016/679, aka GDPR), the EU-US Privacy Shield Framework, and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Union and Switzerland to the United States, respectively. EVX Software certifies that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov. In compliance with the EU-US Privacy Shield and Swiss-US Privacy Shield Principles, EVX Software commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss citizens with inquiries or complaints regarding this privacy policy should first contact EVX Software at: contact@evxoftware.com. EVX Software has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by EVX Software, please visit the BBB EU Privacy Shield website at www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Third parties may have access to your information for the limited purpose of providing the service we have contracted with them to provide. They are required to have a privacy policy and security standards in place that are at least as protective of your information as is this Privacy Policy (including those provisions related to compliance with the EU-US and Swiss-US Privacy Shield). EVX Software will take all reasonable and appropriate steps necessary to ensure that any third party who is acting as a “data processor” under EU and Swiss terminology is processing the personal information we entrust to them in a manner that is consistent with the EU-US and Swiss-US Privacy Shield Principles. EVX Software is potentially liable in cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, respectively.
All personal information that EVX Software collects is either entered directly and with the consent of the person, or is publicly available, published and shared with the consent of the person.
For the purposes of this regulation, the appointed controller, processor, and data protection officer is Mr. Conrado Viña. All GDPR related concerns, compliance requests, rectification, and data removal requests shall be directed at contact@evxsoftware.com.
Every EVX Software employee signs a Non Disclosure Agreement, a Confidentiality Agreement, and a Code of Conduct with an obligation to respect and protect our client's data confidentiality.
In addition, no EVX Software employee is allowed to access a client database or file system, unless it is required for a particular system support task. In every case, the explicit authorization of the client is required.
Data Centers, used by EVX Software for the physical accommodation of their servers, also have security and confidentiality policies that are compatible with its own. This means that Data Center employees have legal and technical restrictions that impede them from accessing the servers. EVX Software will keep strict secrecy and will not reveal, nor concede client data stored within their EVX Software systems to third parties, neither during, nor after the length of its contracts.
All data provided to EVX Software, either by clients or potential clients, will not be shared in any way unless the client or an authorized representative of the client makes an explicit request. Client data will be solely used for the provision, support, administration, and delivery of EVX Software products and services.
Additionally, EVX Software offers its client the possibility to select the country of their Data Center, and an On-Premise service, allowing the client to choose where to install and host its information.
EVX Software System offers a very robust and granular permission system. The client defines permissions to EVX Software System directly, managing users permissions and rights. It is also the client’s responsibility to determine who accesses and uses the information.
This means you can control who your Content is used by/shared with others via your settings on the System. EVX Software may view and share your Content only as necessary (i) to maintain, provide and improve the Service; (ii) prevent or address technical or security issues and resolve support requests; (iii) as reasonably necessary to allow EVX Software to comply with or avoid the violation of applicable law or regulation; (iv) to comply with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines; and (v) as set forth in our Subscription Agreement with the Customer or as expressly permitted in writing by the Customer. We may also analyze your usage aggregated statistics (on an anonymized basis) in order to better understand the manner in which our Service is being used.
All EVX Software systems access is restricted by passwords. EVX Software optionally provides an advanced password policy system.
As part of our services, EVX Software also offers access control by IP addresses. In case the Client would like to restrict access to the EVX Software System by IP addresses, it is enough to contact EVX Software Support Team, and provide a list with the IP addresses to either allow or block.
For further information about our privacy and security policies, please contact us at contact@evxsoftware.com.
EVX Software collects a variety of information that you provide directly to us or that is publicly available. We process your information when necessary to provide you with the Services that you have requested when accepting our Terms of Service, or where we have obtained your prior consent, or where we have a legitimate interest to do so. For example, we may have a legitimate interest to process your information for security, testing, maintenance, and enhancement purposes of the Services we provide to you, or for analytics, research, and reporting purposes. Without your information we cannot provide you with the Services you have requested or you may be limited in your use of the Services.
The types of information we collect will depend upon the Services you use, how you use them, and what you choose to provide. The types of data we collect directly from you may include:
EVX Software collects personal information from you through:
If you are a user of our paid premium service, we will utilize a third party credit card payment processing company (PCI compliant) to collect payment information, including your credit card number, billing address and phone number. The third party service provider, and not EVX Software, stores your payment information on our behalf.
If you choose to use our invitation service to invite a friend or contact to the Services, we will ask you for that person’s contact information, which may include their email address or their social network identity, and automatically send an invitation. EVX Software stores the information you provide to send the invitation, to register your friend or contact if your invitation is accepted, and to track the success of our invitation service.
We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer or a shorter retention period is required or permitted by law.
When you use our Services that connect to the Internet, including, but not limited to, when you access the Services via our websites, your mobile devices, and your installation of the EVX Software platform, we automatically collect certain information as described in this Section.
We and our service providers (which are third party companies that work on our behalf to provide and enhance the Services) use a variety of technologies, including cookies and similar tools, to assist in collecting this information.
As discussed throughout our policies, this information is used with the sole purpose of providing our clients with the best possible system and is not shared with any third-party for any other purposes. We only partner with Third-Party Service providers that guarantee this policy.
When you use the Services, our servers automatically record certain information in server logs. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type and settings, referring / exit pages and URLs, number of clicks and how you interact with links on the Services, metadata associated with uploaded Content, domain names, landing pages, pages viewed, mobile carrier, date and time stamp information and other such information.
When you access the Services using a mobile device, we collect specific device information, including your MAC address and other unique device identifiers. We also collect information such as the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may associate this device identifier with your account and will use data associated with your device identifier to customize our Services to your device and to analyze any device-related issues.
Location Information. We collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
If you choose to use third-party integrations through the Services or are required to do so by a Customer, such providers may allow us and our service providers to have access to and store additional information about your interaction with those services and platforms as it relates to the use of the Services. If you do not wish to have this information shared, do not initiate these connections.
Sometimes, we may use the information we collect — for instance, usernames, IP addresses and unique mobile device identifiers — to locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets) in order to save your preferences across devices and produce usage statistics of the Services.
To collect the information in the “Information We Automatically Collect” section above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the Services. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which web pages of the Services you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the Services and associated advertising, and to access user cookies. As we adopt additional technologies, we may also gather information through other methods.
Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).
We use your information (including any information that we collect, as described in this Privacy Policy) for various purposes depending on the types of information we have collected from and about you and the specific EVX Software Services you use, including to:
We may aggregate and/or de-identify information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including research and marketing purposes.
We use third-party web analytics services (e.g., Google Analytics) on our websites to collect and analyze the information discussed above, and to engage in auditing, research and reporting. The information (including your IP address) collected by various analytics technologies described in the “Cookies and similar Technologies” section will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the websites, including by noting the third-party website from which you arrive, analyzing usage trends across EVX Software products and mobile devices, assisting with fraud prevention, and providing certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on.
If you receive email messages from us, we may use certain analytics tools, such as clear GIFs, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.
Third parties or affiliates may administer EVX Software banner advertising programs and other online marketing on non-EVX Software websites and services. To do so, these parties may set and access first-party cookies delivered from an EVX Software domain, or they may use third-party cookies or other tracking mechanisms. For example, a third-party provider may use the fact that you visited the EVX Software website to target online ads for EVX Software services to you on non-EVX Software websites. Or a third-party ad network might collect information on the Services and other websites to develop a profile of your interests and target advertisements to you based on your online behavior. These parties that use these technologies may offer you a way to opt out of ad targeting as described below. You may receive tailored advertising on your computer through a web browser.
As stated above, EVX Software does not share any of your private information, unless required by law, and even in such an instance we will do our best effort to protect your information, requiring extensive and sufficient information from government entities, and communicating with you in the process.
For the provision and delivery of our services, and for marketing and advertising purposes, EVX Software will share your information in the following ways:
We provide you with a number of choices with respect to the information we collect and use as discussed throughout this Privacy Policy. For example: - You may instruct us not to use your contact information to contact you by email, postal mail or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us – see the EVX Software Contact section below. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails. You may opt-out of receiving categories of Services-related notices that are not deemed by EVX Software to be integral to your use of the Services. Depending on whether you are using our free services or are a user of a paid account that belongs to a Customer, you will have certain choices regarding how to make tasks, projects, and other information private. For more information on how this works, please see the “Permissions” section of our help guide.
The Services contain links to third-party websites such as social media sites, and also contain third-party integrations. If you choose to use these sites or integrations, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. Because these third-party websites and services are not operated by EVX Software, EVX Software is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your personal and other information will be subject to the privacy policies of the third party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third-parties.
The Services are intended for general audiences and not for children under the age of 13. If we become aware that we have collected personal information (as defined by the Children’s Online Privacy Protection Act) from children under the age of 13, we will take reasonable steps to delete it as soon as practicable.
If you want to learn more about the information collected through the Services, or if you would like to access or rectify your information and/or request deletion of information we collect about you, or restrict or object to the processing of your information, please contact us using the contact information below. Where you have provided consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing that was carried out prior to withdrawing your consent. If you are dissatisfied with the way we process your information, you may lodge a complaint with the data protection authority (“DPA”) in your jurisdiction. If you are a resident of France, your DPA is the Commission Nationale de l’Informatique et des Libertés (“CNIL”). If you are a resident of Germany, please see the DPA located in your particular state. If you are a resident of France, you may provide us with instructions regarding the manner in which we may continue to store, erase and share your information after your death, and where applicable, the person you have designated to exercise these rights after your death.
We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. We will make the revised Policy accessible through the Services, so you should review the Policy periodically. If we make a material change to the Policy, you will be provided with appropriate notice and we will seek your consent to the updated Policy in accordance with legal requirements.
The data controller of your information is EVX Software, located at 701 Brazos Street, Suite 525, Austin, TX 78701. If you wish to contact us or have any questions about or complaints in relation to this Privacy Policy, please contact us at contact@evxsoftware.com.
