Privacy policy

Evonaire Privacy Policy
Last update: October 22, 2025
Version: 31. INTRODUCTION
Welcome to Evonaire, a global platform dedicated to providing a voice-first, neuro-safeguarded space for emotional, cultural, and spiritual expression provided by Evonaire Inc. (“Evonaire,” “we,” “us,” or “our”).You remain the owner and primary controller of your personal and emotional data. Evonaire acts as a data steward and, where necessary to operate the Platform as described in this Privacy Policy, may act as a controller for limited processing activities.Our purpose is to enable users to share rituals, voice-based content, and neuro-expressive experiences while ensuring privacy, dignity, and informed consent at every stage. Evonaire combines advanced technology and ethical frameworks, including NeuroProtect™, UPstream™ Licensing, and ClaimChain™, to create a safe environment for the sharing and distribution of personal expression, cultural diversity, and conscious well-being without compromising individual rights.Capitalized terms used in this Privacy Policy that are not specifically defined shall have the meanings given to the applicable capitalized terms in the Evonaire Terms of Service.Privacy is a cornerstone foundation of the Evonaire Platform, and this Privacy Policy explains how we collect, store, use, disclose, and otherwise process your personal data when you use the Platform and any other services provided by us (the “Services”).Information relating to our use of cookies and similar technologies is set out in our Cookie Policy, which forms part of the Privacy Policy. When we refer to the Privacy Policy, we are referring to both this Privacy Policy and the Cookie Policy.This Privacy Policy only applies to the Platform. When using the Platform, you may find links to other websites, apps, or services, or tools that enable you to share information externally. Evonaire is not responsible for the privacy practices of these third parties. We recommend that you review their privacy policies before sharing any personal data with them.Data Protection Officer (DPO): Jeevana Muninarayana - [email protected]
Mailing Address: Evonaire Inc., 344 Ellis Street, San Francisco, CA 94102, USA2. DEFINITIONS
“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
“EEA” includes all current Member States of the European Union and the European Economic Area.
“UK DPA” means the United Kingdom Data Protection Act 2018.
“CCPA/CPRA” means the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020.
“COPPA” means the U.S. Children’s Online Privacy Protection Act.
“Personal data/personal information” means any information relating to an identified or identifiable natural person.
“Sensitive personal information” includes precise geolocation, biometric data, genetic data, union membership, contents of communications, and highly protected identifiers; in this Policy, “biometric/emotional/neurodata” are treated as sensitive.
“Process” means, in respect of personal data, collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, alignment, restriction, erasure, or deletion.
Controller/Processor - Evonaire is a controller for core Platform operations and may act as a processor when handling creator-managed data under written instructions (see Section 16).3. WHAT CATEGORIES OF PERSONAL DATA DO WE COLLECT?We collect data you make available to us voluntarily (for example, email address, name, and payment information). We also collect data automatically when you use the Platform (for example, IP address, device type).3.1. Data you give us
You provide data about yourself when you register for and/or use the Platform, for example, when you create a user profile (“Profile”), respond to our emails, or report a problem. The data that you give us includes:
Profile data. Your name, country of residence, email address, password, and optional profile details (photo/handle/bio).
Subscription data. If you purchase a subscription, you must provide your legal name, billing address, and payment verification information. We only receive limited payment verification data from our processor and do not store full payment card numbers. Processing is for contractual purposes.
Monetization data. If you monetize Offerings, you must provide payment details (e.g., payout account), tax information, and identifiers necessary to distribute net earnings and comply with financial laws.
Financial/tax data. If you are located in the U.S. or another jurisdiction that requires tax reporting, we collect personal data (e.g., TIN/SSN or equivalent, residency certifications) to report eligible payouts to authorities.
Support correspondence. Contents of messages you send to support, including attachments and logs you choose to share.
Consent records. Timestamped records of consents, opt-ins, opt-outs, and licensing choices (including UPstream™ license scopes).
Cultural Declaration Data. If you identify an Offering as Cultural IP, we collect and store the declared culture or heritage registry reference, documentation links, and related consent metadata solely for transparency and licensing purposes.
This information is not publicly disclosed except when required by the originating cultural authority or when you consent.3.2. Data we collect automatically
Referral data. Your referring URL (site/app you visited before ours).
Cookies and similar technologies. As described in our Cookie Policy, we use cookies, local storage, and device identifiers for authentication, security, analytics, and preference management. You can control cookies via browser settings and our consent tool. Typical retention ranges: session to 13 months (EU/UK).
Browser and device data. IP address, device model, OS version, language, time zone, device settings, network provider, and hardware identifiers.
Advertising identifiers. Apple IDFA or Google AAID (resettable).
Transaction data. For payments made via the Platform, our processors handle card data. We may receive transaction metadata (date, time, amount, payment method type, outcome).
Usage/event data. Feature taps, screens viewed, session duration, crash logs, error diagnostics, and content engagement metrics.
Location data. Approximate city/region when you enable location features or permit location access in your device. We do not collect precise geolocation without a separate explicit opt-in.
Aggregated and pseudonymized data. Non-identifying statistics are used for analytics, benchmarking, safety, and reporting.
Third-party telemetry. Where permitted by you, certain service providers may place cookies/SDKs for analytics and performance. See Cookie Policy for a current list and retention.
EU/EEA/UK cookie consent. Non-essential cookies are set only after you consent in our cookie tool; you can change preferences anytime under “Advertising” in account settings.4. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
We process your personal data:4.1. to provide services to you
We authenticate and authorize users, operate core features, maintain security and availability, and prevent/address errors or technical issues.
AI functionality. We utilize certain third-party and Evonaire-hosted AI features. You control whether to use these features. We do not use voice, emotional, or neurodata for model training without your explicit opt-in consent. AI data is encrypted and subject to access controls and audit logging.
Refunds via app stores. If you request a refund (e.g., via Apple), we may share relevant consumption data with the store provider solely to process your request, consistent with the store’s policies.
Cultural Registry Verification. When creators designate content as Cultural IP, Evonaire verifies declared registry references against publicly available databases (e.g., UNESCO Intangible Heritage List, WIPO Traditional Knowledge Database, or national registries).
Verification uses minimal identifying data and excludes biometric, emotional, or neuro-related data.
The purpose is to confirm eligibility for Cultural IP status without requiring human review or subjective evaluation.4.2. to research and analyze your use of the Platform
We conduct surveys, research, A/B tests, and diagnostics to evaluate and improve functionality, content layout, and performance. We may create aggregated analytics to understand usage patterns.4.3. to customize the Platform for you
We personalize experiences (e.g., feed order, recommendations) and provide creators with aggregated, de-identified insights about listener engagement, subject to applicable law and your choices.4.4. to process your payments
We enable purchases and creator payouts via third-party processors. We conduct limited anti-fraud checks and keep legally required records of transactions.4.5. to enforce the Terms and to prevent, detect, investigate, and resolve disputes and/or remediate malicious activities
We enforce the Terms and Community Guidelines; detect, prevent, and combat fraud, spam, bots, and cybercrime; and take legally required actions. If necessary, we may share information with law enforcement or regulators in accordance with applicable law.4.6. to communicate with you regarding your use of our Platform
We send account notices, service announcements, security alerts, and responses to inquiries by email, in-app messaging, or push notifications (subject to device settings).4.7. to show and/or send you marketing communications
We may send you news about features, offers, promotions, or events. You can opt out at any time via the “Unsubscribe” link or by contacting us.4.8. to provide you with customer service and support
We notify you about availability, security, transactions, order status, legal updates, or other Platform-related information.4.9. to comply with legal obligations and maintain a safe environment
We process and, where appropriate, share data to comply with law, respond to lawful requests, protect safety, and ensure platform integrity.5. LEGAL BASIS FOR DATA PROCESSING (EEA/UK)
This section applies to users in the EEA and UK.
We process your personal data under the following legal grounds:5.1. your consent
Where required (e.g., certain cookies, marketing, and any biometric/emotional/neurodata), we rely on your consent. You may withdraw consent at any time without affecting prior lawful processing.5.2. to perform our contract with you
Under this legal basis we:
Provide the Services;
Customize your experience;
Communicate with you regarding your use of the Platform;
Verify your identity;
Manage your account and provide you with customer support;
Process your payments.5.3. for our legitimate interests, unless overridden by your interests or fundamental rights and freedoms
Our legitimate interests include: service improvement and analytics; communicating with you about the Platform; measured, appropriate marketing (where allowed); platform security/fraud prevention; and enforcing the Terms. Where local law requires consent, we will seek consent instead of relying on legitimate interests.5.4. to comply with legal obligations
We process data to satisfy legal, regulatory, tax, accounting, AML/KYC, and audit requirements, including identity verification where required.5.5. special-category data (Article 9 GDPR)
Where processing involves biometric, emotional, or neuro-related data, we rely on explicit consent under Article 9(2)(a) and, where necessary, Article 9(2)(f) for the establishment, exercise, or defense of legal claims.
Response timelines (EEA/UK). We respond to rights requests within one month (extendable by two months for complexity/volume). We will notify you of any extension and the reasons.6. CALIFORNIA AND U.S. STATE PRIVACY RIGHTS6.1. California (CPRA)
Evonaire does not “sell” or “share” personal information as defined by Cal. Civ. Code §1798.140. We do not use or disclose Sensitive Personal Information for purposes other than those permitted by §1798.121.
California residents have rights to know, access, correct, delete, opt out of sale/sharing, limit use of Sensitive PI, and be free from non-discrimination. Submit requests to [email protected] or [email protected], with “California Privacy Rights Request” in the subject line. We verify identity as required by law and respond within 45 days (extendable by 45 days with notice).
CPRA Categories Table
Category
Examples
Source
Purpose
Disclosure (past 12 mo.)
Retention (typical)
Identifiers
Name, email, IP
You; device
Account, security, support
Hosting/support providers
Account life +2y
Commercial Info
Purchases, payouts
You; payment processor
Transactions, fraud
Payment processors
7y (legal)
Internet/Network
Usage logs, device data
Device; SDKs
Security, analytics
Analytics providers
24 months
Geolocation (general)
City/region
Device (opt-in)
Localization, safety
Infra/anti-fraud
24 months
Sensitive PI
Biometric/emotional/neuro (opt-in)
You
Licensed features only
None (restricted)
≤30 days after withdrawalAuthorized agents & appeals. You may use an authorized agent (with signed permission and verification). If we deny a request, California residents may request a reconsideration; residents of some other states have a formal appeal right (see below).6.2. Other U.S. States (VA/CO/CT/UT and similar)
Residents may have rights to access, correct, delete, portability, and to opt out of targeted advertising, sale, and profiling in furtherance of decisions with legal or similarly significant effects. If we deny your request, you may appeal within 45 days; appeal instructions will be in our response.7. DATA RETENTION
We retain personal data only as long as necessary for the purposes described or as required by law. We apply defensible schedules and minimize retention.
Data Type
Examples
Retention Period
Rationale
Account & Profile
Name, email, settings
Life of account + 2 years
Account defense / reactivation
Payments & Financial
Payout records, invoices, tax IDs
7 years
Financial/AML/legal
Logs & Diagnostics
Security logs, crash reports
24 months
Security & reliability
Support Records
Tickets, emails, attachments
24 months
Service quality & audit
Marketing Preferences
Email subscriptions
Until opt-out or 24 months inactivity
Compliance & UX
Consent Records
Opt-ins/outs, licenses
Life of account + 2 years
Evidence of lawful basis
Biometric/Neurodata
Voice prints, signals (opt-in)
≤30 days after withdrawal
Neuroprivacy & minimality
Where deletion is not immediately feasible (e.g., backups), we segregate and securely store data until erasure is possible.8. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
We share information with third parties that help us operate, provide, improve, integrate, customize, support, and market our Service. We may share personal data for the purposes indicated in Section 4.8.1. Service providers
We share personal data with third parties that we hire to provide services or perform business functions on our behalf, based on our instructions, under data processing agreements (DPAs). Typical categories include:
Cloud infrastructure & storage (e.g., Google Cloud Platform, Servers.com)
Analytics & telemetry (e.g., Google, Amplitude)
Marketing & communications (e.g., email delivery, campaign tools)
Payment processors & fraud screening
Customer support tooling
Security monitoring & incident response8.2. Law enforcement agencies and other public authorities
We may use and disclose personal data to enforce the Terms, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, and to respond to requests from courts, law enforcement agencies, regulators, and other public authorities, as required by law.8.3. Third parties as part of a merger or acquisition
If we engage in a merger, acquisition, restructuring, or sale of assets, personal data may be transferred subject to this Policy and applicable law. We will notify you of any material changes.9. INTERNATIONAL DATA TRANSFERS
We may transfer personal data to countries other than where it was collected

10. CHANGES TO THIS PRIVACY POLICY
We may modify this Privacy Policy at any time. If material changes are made, we will notify you through the Service, email, or other reasonable means and provide an opportunity to review. By continuing to access or use the Platform after changes become effective, you agree to be bound by the revised Privacy Policy.11. AGE LIMITATION
We do not knowingly process personal data from persons under 18 years of age. We implement age-gating and reasonable safeguards consistent with COPPA and the UK Children’s Code. If you learn that anyone younger than 18 has provided us with personal data, please contact [email protected] so we can delete it promptly.12. PRIVACY RIGHTS
To be in control of your personal data, you have the following rights (subject to applicable law):
Access/review/update/correction. You control your account and may access or correct personal data via settings or by contacting [email protected].
Deletion. You can request erasure of your personal data by emailing [email protected]. We will honor requests unless retention is required by law (e.g., financial records).
Restriction/objection. You can ask us to stop or limit certain processing. Where we rely on legitimate interests, you may object and we will assess your request.
Data portability. You may receive your data in a commonly used, machine-readable format (e.g., JSON or CSV). We aim to respond within 30 days (GDPR: one month).
Withdraw consent. You may withdraw consent at any time (e.g., cookies, marketing, biometric/neurodata).
Complaint. You may complain to a supervisory authority where you live or work. We encourage you to contact our DPO first so we can address your concerns quickly.
Identity verification & agents. We may ask for reasonable information to verify your identity and request scope. You may submit requests through an authorized agent; we will verify both your identity and the agent’s authority.
Appeals (certain U.S. states). If we deny your request, you may appeal within 45 days of our decision. Appeal instructions will accompany our response.13. HOW DO WE HANDLE “DO NOT TRACK” REQUESTS?
Except as otherwise stipulated in this Privacy Policy, the Platform does not support “Do Not Track” requests. Third-party services may have different practices; please read their privacy policies.14. NEUROPRIVACY, BIOMETRIC, AND EMOTIONAL DATA PROTECTIONS
Ownership and control. You retain full ownership and control of your voice recordings, likeness, emotional data, and any neuro-related signals.
Scope (opt-in only). Collection or processing of biometric, emotional, or neurodata occurs only for features you explicitly enable, with granular controls and revocable consents.
Use limits. Such data is not used for behavioral advertising and is not used to train third-party AI models. Evonaire does not use such data for internal model training without explicit opt-in consent.
Security. Data is encrypted in transit and at rest; access is least-privilege and logged for audit; storage is segregated with short retention by default.
Licensing & traceability. UPstream™ Licensing governs permitted uses you authorize. ClaimChain™ records consent metadata (license scopes, timestamps) to evidence lawful use without putting sensitive data on-chain.
Revocation & deletion. You may withdraw consent at any time via settings or by contacting [email protected]. We delete or anonymize biometric and neurodata within 30 days of verified withdrawal unless a longer period is required by law or expressly consented to for evidentiary purposes.
Oversight. The Evonaire NeuroEthics and AI Oversight Council reviews neuro-related processing at least quarterly for compliance and ethical integrity.
Cultural Integrity Data. Documentation or identifiers submitted to establish Cultural IP authenticity are processed under the same confidentiality, encryption, and access-control standards as other sensitive categories of data. Such data is retained for up to 24 months or until you withdraw consent and is then securely deleted or anonymized.15. CONTACT US
If you have any questions or concerns about this Privacy Policy or our collection, use, or storage of your data, please contact us:
Email: [email protected] (DPO), or [email protected] (Support)
Mailing Address: Evonaire Inc., 344 Ellis Street, San Francisco, CA 94102, USA
© 2025 Evonaire Inc. All Rights Reserved.