We never train on your data.
Your email is processed to extract contacts and nothing else. It is never used to train, fine‑tune, or improve any model. We use synthetic and licensed corpora for that, never your inbox.
Evercontact reads the most sensitive system your company owns, your email. We've spent years earning the right to. We never train models on your data, never resell contacts, and encrypt everything end to end.
Your email is processed to extract contacts and nothing else. It is never used to train, fine‑tune, or improve any model. We use synthetic and licensed corpora for that, never your inbox.
Evercontact has no data‑broker business and no shared enrichment pool fed by customer mail. The contacts we extract are yours alone. Our only revenue is the software you pay for.
Access is granted by revocable OAuth and can be withdrawn instantly. You can export or delete your data at any time, and we honor every GDPR data‑subject request within statutory windows.
Mail moves over TLS 1.3, is processed in isolated per‑tenant environments, and contact records are stored under AES‑256 encryption. Every action writes to an immutable audit log with configurable retention.
| Area | Standard | What it covers |
|---|---|---|
| Service controls | SOC 2 Type II | Security, availability, and confidentiality, audited annually by an independent firm. |
| App & API security | Google CASA | Cloud Application Security Assessment (Tier 2) validating how we handle Google Workspace data and OAuth scopes. |
| Data protection | GDPR | Lawful basis, DPA, sub‑processor transparency, and data‑subject rights to access, delete, and port data. |
| Identity | SSO + SCIM | SAML single sign‑on and automated provisioning via Okta, Azure AD, and Google. |
| Resilience | 99.99% SLA | Redundant infrastructure, monitored uptime, and a public status page. |
Privacy-first architecture, no training on your data, and encryption end to end — built in from day one. Connect your inbox and see it for yourself, free for 14 days.