Legal
Privacy Policy
How we collect, use, and protect your data — and the control you keep over it.
Last updated: June 7, 2026
Overview
evaloha (“evaloha,” “we,” “us,” or “our”) builds the control plane for safe, accountable AI agents. We take the privacy of our customers, their teams, and their end users seriously, and we designed our products — AgentCheck and AgentHealth — with data protection in mind.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights and choices you have. It applies to our website, our products, and any related services that link to this policy (together, the “Services”).
When you use evaloha to govern or monitor your own AI agents, you stay in control of the data you connect. We act as a processor of that data on your behalf and as a controller of the account and usage information described below.
Information we collect
We collect only what we need to provide, secure, and improve the Services. The categories below describe what we may collect, depending on how you interact with us.
Information you provide to us:
- Account & contact data — name, work email, company, role, and credentials you use to create or manage an account or join our waitlist.
- Communications — messages you send us through forms, email, or support, and the contents of those exchanges.
- Billing data — company billing details processed by our payment provider; we do not store full card numbers on our systems.
Information we collect automatically:
- Usage data — pages and features you interact with, actions taken, and timestamps, used to operate and improve the Services.
- Device & log data — IP address, browser type, device identifiers, and diagnostic logs.
- Cookies & similar technologies — as described in our Cookie Policy.
Agent & operational data:
- Connected agent telemetry — metadata about the AI agents, tools, models, and integrations you connect — such as action events, policy decisions, evaluation results, token usage, and health metrics — so we can govern, score, and report on them.
- Customer-supplied content — data you choose to send through the Services for evaluation or monitoring. You control this content; we process it under your instructions.
How we use information
We use the information we collect to:
- Provide, maintain, and secure the Services, including authorizing actions and monitoring agent health.
- Authenticate users, prevent fraud and abuse, and protect the integrity of the Services.
- Respond to your requests and provide customer support.
- Analyze usage to understand, troubleshoot, and improve our products.
- Send you service, security, and administrative communications.
- Send product updates and marketing where permitted — you can opt out at any time.
- Comply with legal obligations and enforce our agreements.
Legal bases for processing (EEA/UK)
If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:
- Contract — to provide the Services you or your organization have requested.
- Legitimate interests — to secure, operate, and improve the Services, where those interests are not overridden by your rights.
- Consent — for optional cookies and certain marketing communications; you may withdraw consent at any time.
- Legal obligation — to comply with applicable laws and lawful requests.
AI and your data
Trust is the product. We do not use your customer content or connected agent data to train foundation models, and we do not sell it. Your data is used to deliver the Services you ask for — evaluating, governing, and monitoring your agents — and nothing more.
Where we use AI internally to operate the Services, we apply the same access controls, retention limits, and security safeguards described in this policy.
Data retention
We keep personal data only for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and context; when data is no longer needed, we delete or anonymize it.
You can ask us to delete account or customer data at any time, subject to limited exceptions required by law.
International data transfers
evaloha is based in the United States, and the Services are operated from there and from other regions where our providers operate. If you access the Services from outside the United States, your information may be transferred to and processed in countries with different data-protection laws.
When we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, together with additional technical and organizational measures.
How we protect your data
We use technical and organizational measures designed to protect your information, including encryption in transit, access controls and least-privilege principles, audit logging, and continuous monitoring. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident.
Your privacy rights
Depending on where you live, you may have some or all of the following rights over your personal data:
- Access & portability — request a copy of the data we hold about you.
- Correction — ask us to fix inaccurate or incomplete data.
- Deletion — ask us to delete your personal data.
- Restriction & objection — limit or object to certain processing, including direct marketing.
- Opt out of sale/sharing — we do not sell or share personal information, so there is nothing to opt out of — but you retain this right.
- Withdraw consent — where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, contact us using the details below. We will respond within the timeframes required by applicable law, and we will not discriminate against you for exercising your rights. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data-protection authority.
Children’s privacy
The Services are intended for businesses and are not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, please contact us and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of the Services after an update means you accept the revised policy.
Contact us
If you have questions about this policy or how we handle your data, we’re happy to help.
Related: