Privacy Policy

EVED is a software-as-a-service platform providing an AI-powered WhatsApp patient coordinator designed exclusively for hair transplant clinics.

This policy covers personal data collected directly by EVED through the eved.ai website, including the demo request form and any direct communications.

It does not govern data processed by EVED on behalf of clinic clients within the platform. That processing is governed by a separate Data Processing Agreement (DPA) concluded at the time of subscription, in which EVED acts as a data processor on behalf of the clinic, which acts as data controller.

EVED's platform is built on a privacy-by-design architecture. Conversations processed through the AI agent are handled in a manner that renders re-identification technically impossible using any means reasonably likely to be used.

Specifically, no association is maintained between a conversation and any identifier — including phone number, name, or device — within EVED's systems. The processing pipeline is designed so that by the time data reaches storage, all attributes that could directly or indirectly identify a natural person have been irreversibly dissociated.

As a result, EVED does not act as a data controller or data processor with respect to conversation content under GDPR. The clinic retains full responsibility for informing its patients of how their communications are processed on the clinic's end, in accordance with applicable data protection law.

All data stored on EVED's private servers is encrypted at rest. No conversation data is transmitted to third parties, cloud providers, or external infrastructure.

We process your data on the following legal bases under GDPR Article 6:

• •Legitimate interest (Article 6(1)(f)) — to respond to demo requests and assess fit with our product.
• •Pre-contractual measures (Article 6(1)(b)) — when a request initiates steps toward a potential subscription.
• •Contract performance (Article 6(1)(b)) — to deliver and manage the service for subscribed clients.
• •Legal obligation (Article 6(1)(c)) — where required by applicable French or EU law, including accounting and tax obligations.

EVED does not sell, rent, or share personal data with third parties for commercial purposes.

Data may be disclosed to competent authorities where required by law or court order.

EVED operates its own private server infrastructure. No personal data is transferred to external hosting providers, cloud platforms, or sub-processors.

EVED stores and processes all data on private servers located within the European Union. No personal data is transferred outside the EEA.

EVED implements technical and organizational measures appropriate to the nature of the data processed. These include:

• ✓End-to-end encryption of all communications handled through the platform
• ✓Encryption at rest for all stored data
• ✓Strict access controls limited to authorized personnel
• ✓Regular security audits
• ✓Physical security of server infrastructure

In the event of a personal data breach affecting your rights, EVED will notify you and the relevant supervisory authority within the timeframes required by applicable law.

Under GDPR, you have the following rights regarding personal data we hold about you:

• •Right of access — you can request a copy of the data we hold about you.
• •Right to rectification — you can request correction of inaccurate or incomplete data.
• •Right to erasure — you can request deletion of your data where no legal obligation requires its retention.
• •Right to restriction — you can request that we limit processing of your data in certain circumstances.
• •Right to portability — you can request your data in a structured, commonly used, machine-readable format.
• •Right to object — you can object to processing based on legitimate interest at any time.
• •Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

The eved.ai website does not use analytics, tracking, or advertising cookies. Only technically necessary cookies required for basic site functionality may be present.

If this changes, this policy will be updated and appropriate consent mechanisms will be implemented prior to any non-essential cookie deployment.

EVED services are directed exclusively at healthcare professionals and clinic operators. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that such data has been collected inadvertently, it will be deleted promptly.

We may update this policy to reflect changes in our practices, services, or legal requirements. The date at the top of this page reflects the most recent revision.

For material changes, we will notify active clients by email prior to the change taking effect. Continued use of the site or service after an update constitutes acceptance of the revised policy.