Eva

Privacy Policy

Effective May 15, 2026 · Draft pending legal review

Eva ("Eva," "we," "us") provides software that helps independent cleaning business owners run their business — scheduling, client communication, invoicing, and team coordination. This policy explains what we collect, why we collect it, how we share it, and the choices you have.

1. Who is covered

This policy covers three groups of people:

  • Owners — the cleaning business operators who sign up for a Eva account
  • Cleaners— team members invited into the owner's account
  • Clients — the homeowners whose information the owner records in Eva to schedule and bill cleaning visits

2. What we collect

Account & profile data

  • Name, email, password (hashed), phone number
  • Business name, business address, time zone, service area
  • Profile photo (if uploaded)

Operational data the owner enters

  • Client contact details (name, phone, email, address)
  • Visit schedules, checklists, photos, notes
  • Invoices, quotes, payment records
  • Messages exchanged with clients (SMS, in-app)

Payment data

Card details are collected and stored by Stripe, Inc., our payment processor — we never see or store full card numbers. We retain a reference token + last 4 digits + expiry month/year for display and recurring billing.

Automatically collected

  • IP address, browser type, device info, timestamps (server logs)
  • Authentication cookies (set by Supabase Auth) — required for sign-in to work
  • Service-worker cache (for the PWA to load offline) — local to your device, not transmitted to us
  • Error reports captured by Sentry (no message bodies, no payment details)

3. How we use the data

  • Provide the service the owner subscribed to
  • Send transactional emails and SMS the owner explicitly configured (visit reminders, invoice receipts, review requests, password resets)
  • Process payments and pay out to the owner via Stripe
  • Generate AI summaries and suggestions inside the owner's account
  • Detect abuse, debug errors, and improve reliability
  • Comply with legal obligations

4. AI processing

Owner-only AI features (the assistant chat, the morning briefing, draft replies) send the relevant slice of the owner's data to Anthropic for inference. Anthropic does not train on this data and does not retain it beyond what is necessary to process the request. AI features never run on data from another owner's account.

5. SMS to clients

When the owner configures Eva to text their clients (visit reminders, receipts, review requests, the owner's own outbound messages), we deliver those messages via Twilio. The client's phone number, message body, and delivery timestamp are stored so the owner can audit what was sent.

Clients can opt out at any time by replying STOP— we honor it immediately and the owner cannot override it.

6. Sub-processors

We use the following third parties to operate Eva. Each is contractually bound to handle data only on our instructions:

  • Supabase — database, authentication, file storage
  • Vercel — application hosting, edge runtime
  • Stripe — payment processing and payouts
  • Twilio — SMS delivery
  • Resend — transactional email delivery
  • Anthropic — AI inference (Claude)
  • Sentry — error monitoring

7. How we share data

We do not sell personal data. We share data only with the sub-processors listed above, when legally required (subpoenas, court orders), or when the owner explicitly asks us to (for example, exporting their data).

8. Data retention

While the owner's account is active, we retain all data the owner created. If the owner closes the account, we delete their data within 30 days, except where retention is required for tax, accounting, or legal compliance. Owners can request earlier deletion by emailing the address below.

9. Your rights

Depending on where you live, you may have the right to access, correct, port, or delete personal data we hold about you. To exercise any of these rights, contact us at privacy@followeva.com. Cleaners and clients should contact the owner of their account first — the owner controls the data inside their workspace.

10. Security

We use HTTPS for every connection, encrypt data at rest, follow the principle of least privilege for internal access, and run an automated row-level security audit before each release. No system is perfectly secure, but we work hard to keep yours.

11. Changes to this policy

We will post material changes here and email account owners at least 14 days before they take effect.

12. Contact

Questions, requests, or concerns: privacy@followeva.com