Legal

Privacy Policy.

Effective: 21 May 2026

This Privacy Policy explains how ScaleBit Technologies, L.L.C. (“Evorxa”, “we”, “us”) collects, uses, discloses, and protects personal data when you visit evorxa.com or use our hosted services (collectively, the “Service”). By using the Service you acknowledge that you have read and understood this Policy. Capitalised terms not defined here have the meaning given in our Terms of Service.

1. Who we are and how to reach us

The data controller for the personal data described in this Policy is ScaleBit Technologies, L.L.C. You can reach us through our support team for any question regarding your personal data, including to exercise the rights described in Section 7.

2. The data we collect

We collect personal data in the following categories.

  • Account data. Name, email address, country, identity-provider user identifier, and (optionally) phone number when you create an Evorxa account.
  • Billing data. Payment-method metadata (card brand, last four digits, expiry), invoices, wallet transaction history, and the customer identifier issued by our payment processor. We do not store full card numbers ourselves; full card data is held by our payment processors.
  • Service-usage data. Information about your instances and projects (names, regions, plans, status, timestamps), tickets you open, and tokens you create to access the API.
  • AI-Agent interactions. The prompts and command results processed by the AI Agent, stored alongside the conversation that produced them. These are visible to you in your console and used by our model providers solely to fulfil your request.
  • Technical data. IP address, user-agent string, approximate location, request and response logs, error traces, and security event data (including Shield rule hits) generated by our edge and platform infrastructure.
  • Communications. The content of any support ticket or in-product message you send us.

3. How we use your data

We process the personal data described above for the following purposes, each grounded in a lawful basis under applicable data-protection law:

  • to provide the Service, including authenticating you, provisioning instances, billing your account, routing support requests, and operating the AI Agent and Shield features (performance of a contract);
  • to secure the Service, including detecting and preventing fraud, abuse, and security incidents, and to enforce our acceptable-use policy (legitimate interest);
  • to communicate with you about your account, billing, incidents, and material changes to the Service (performance of a contract);
  • to improve the Service, including aggregated analytics, performance measurement, and reliability work (legitimate interest);
  • to send marketing communications about new features and offers, where you have opted in or where local law allows on an opt-out basis (consent or legitimate interest); and
  • to comply with our legal obligations, including tax, accounting, anti-money-laundering, and lawful requests from public authorities (legal obligation).

4. Who we share your data with

We do not sell personal data. We share it only with the categories of recipients listed below, each bound by appropriate confidentiality and data-protection obligations.

  • Sub-processors and service providers that help us run the Service, including our identity provider, our card-payment processor, our local-payment processors, our content-delivery and edge-security provider, and our datacentre partner. A current list of sub-processors is available through our support team on request.
  • AI-model providers that power the AI Agent. Prompts and outputs are sent over encrypted connections subject to those providers' data-processing terms.
  • Professional advisers (accountants, auditors, lawyers) and corporate counterparties involved in a merger, acquisition, financing, or restructuring transaction.
  • Authorities, where required by law, judicial order, or to protect rights, property, or safety.

5. International transfers

Evorxa operates from the United States and our primary datacentre today is located in the Netherlands. When you use the Service from outside the United States, your personal data will be transferred to and processed in the United States and other countries where our sub-processors operate. Where transfers leave the European Economic Area, the United Kingdom, or other jurisdictions requiring additional safeguards, we rely on appropriate transfer mechanisms (such as the European Commission's Standard Contractual Clauses).

6. How long we keep your data

We retain personal data for as long as your Evorxa account is active and for a reasonable period afterwards to satisfy accounting, tax, and legal-record obligations, to defend ourselves against potential claims, and to deter fraud. Specifically:

  • Account and billing records are retained for at least seven (7) years after account closure, as required by tax law in our operating jurisdictions.
  • AI-Agent conversation history is retained while your account is open and deleted within thirty (30) days of account deletion, unless retention is required by law.
  • Security and audit logs are retained for up to one (1) year.
  • Snapshots and backups follow the retention periods stated on the relevant feature page.

7. Your rights

Subject to applicable law, you have the following rights with respect to your personal data:

  • to access the personal data we hold about you;
  • to correct inaccurate or incomplete data;
  • to delete your account and the personal data associated with it, subject to the retention obligations in Section 6;
  • to restrict or object to certain processing, including direct marketing;
  • to portability of data you provided to us, in a structured, machine-readable format; and
  • to lodge a complaint with a competent data-protection authority.

To exercise any of these rights, contact our support team. We may ask you to verify your identity before acting on a request. We will respond within thirty (30) days, or sooner where the law requires.

8. Cookies and similar technologies

We use a small number of cookies and similar technologies that are necessary for the Service to function (for example, authentication session cookies and your saved currency preference). We do not use third-party advertising cookies. Where local law requires consent for any non-essential cookie, we will ask for it before setting it.

9. Security

We apply technical and organisational measures designed to protect personal data from unauthorised access, alteration, disclosure, or destruction, including encryption in transit (TLS 1.3), encryption at rest for sensitive customer data, role-based access controls, security logging, and routine security review. No system is perfect; if we become aware of a personal-data breach affecting you, we will notify you and the relevant authorities as required by law.

10. Children

The Service is not directed to individuals under eighteen (18) years of age. We do not knowingly collect personal data from minors. If you believe that a minor has provided personal data to us, please contact our support team and we will take appropriate steps to delete it.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated through the customer console at least thirty (30) days before they take effect. The “Effective” date at the top of this page reflects the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

12. Contact

ScaleBit Technologies, L.L.C.
For any privacy question or to exercise the rights in Section 7, reach us through our support team.