Legal Document

Privacy Policy

Last updated: January 2025

Overview

EvalOps is committed to protecting your privacy and the confidentiality of your evaluation data. This Privacy Policy describes how we collect, use, and safeguard information.

Data Collection

We collect only the minimum information necessary to provide our services:

  • • Account information (name, email, organization)
  • • Cryptographic hashes and signatures of evaluation results
  • • Certificate metadata (timestamps, evaluation IDs, system identifiers)
  • • Usage analytics (anonymized platform usage metrics via PostHog, using hashed identifiers, not raw PII)

Analytics & Privacy

We use PostHog for product analytics to improve our services. Analytics data is collected only with explicit consent and uses privacy-preserving techniques:

  • • Email addresses are SHA-256 hashed before transmission
  • • No raw PII (names, emails, company names) is sent to analytics providers
  • • Only non-identifiable metadata (company size, compliance type) is tracked
  • • You can opt out by not consenting to analytics tracking
  • • Data retention: 90 days for analytics events

What We Don't Collect

Our architecture is designed to never extract sensitive data:

  • • Raw evaluation data or results
  • • Model weights, architectures, or training data
  • • Prompts, completions, or user interactions
  • • Proprietary datasets or test cases

Data Storage & Security

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). For on-premises deployments, all evaluation data remains within your infrastructure. Access is logged and monitored with comprehensive audit trails.

Third-Party Disclosure

We do not sell, trade, or transfer your information to third parties. Certificate verification data may be shared with authorized auditors through our verification portal as part of your compliance processes.

Compliance

EvalOps complies with GDPR, CCPA, and other applicable data protection regulations. We maintain SOC 2 Type II and ISO 27001 certifications for our data handling practices.

Your Rights

You have the right to:

  • • Access your personal data
  • • Request data deletion
  • • Export your data
  • • Opt out of analytics

For privacy inquiries or to exercise your rights, contact:

privacy@evalops.dev