Privacy Policy

Effective Date: May 3, 2026  |  Last Updated: May 3, 2026

This Privacy Policy describes how EVO TrustGuard ("TrustGuard," "we," "us," or "our") collects, uses, shares, and protects information in connection with the EVO TrustGuard platform and related services located at evotrustguard.com (the "Service").

This Privacy Policy applies to information we collect when you use the Service, communicate with us, or interact with our website. It is incorporated into our Terms of Service.

---

1. Scope

The Service is currently offered to users in the United States only. By using the Service, you confirm that you are accessing it from the United States and consent to the collection, transfer, storage, and processing of your information in the United States.

If you are a California resident, please also see Section 9 (California Privacy Rights).

2. Information We Collect

2.1 Information You Provide

When you create an account, use the Service, or communicate with us, you may provide:

• Account information: name, business name, email address, phone number, business address, password
• Identity and licensing information: licenses, permits, and certifications you choose to upload
• Payment information: billing address and payment method details (payment card numbers are processed by Stripe and never stored on our servers)
• Client and lead information: names, contact details, service requests, contracts, invoices, and other records you create or upload as User Content
• Communications: support requests, suggestions, feedback, and other messages you send us

2.2 Information We Collect Automatically

When you use the Service, we automatically collect:

• Usage data: pages visited, features used, actions taken, timestamps, referring URLs, time spent on pages
• Device and connection data: IP address, browser type and version, operating system, device identifiers, language preferences
• Cookies and similar technologies: see Section 6 (Cookies and Tracking)
• Error and diagnostic data: crash reports, performance metrics, console errors collected via our error monitoring tools

2.3 Information from Third Parties

We may receive limited information from third-party services we integrate with, including:

• Stripe: subscription status, payment confirmations, invoice events, dispute notifications
• SendGrid: email delivery status, bounces, opens
• Google Analytics and Google Ads: aggregated traffic and conversion data
• Make.com: automated lead alert delivery confirmations
• Sentry: error and performance telemetry

3. How We Use Information

We use information we collect to:

• Provide, operate, maintain, and improve the Service
• Process subscription payments and lead credit purchases
• Authenticate users and secure accounts
• Send transactional communications (account notices, billing receipts, lead alerts, password resets, security alerts, service updates)
• Respond to support requests and feedback
• Match leads to guard companies based on tier, service types, coverage areas, and armed/unarmed preferences
• Operate the lead marketplace, including parsing freeform lead descriptions into structured data via the Anthropic API
• Detect, investigate, and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service and other policies
• Comply with legal obligations and respond to lawful requests
• Analyze usage patterns to improve features, performance, and user experience
• Communicate platform updates, new features, and changes to our policies

4. How We Share Information

We do not sell your personal information. We do not rent your personal information. We do not share your personal information with third parties for their own marketing purposes.

We share information only as follows:

4.1 Service Providers

We share information with third-party service providers who help us operate the Service. Each provider receives only the information necessary to perform their function and is contractually obligated to protect that information. Our service providers include:

• Stripe — payment processing, subscription billing, Connect-based client invoicing
• Supabase — database hosting, authentication, file storage
• SendGrid — transactional email delivery
• Twilio — SMS delivery for lead alerts (via Make.com pipeline)
• Make.com — automated workflow orchestration for lead alerts
• Anthropic — AI-powered parsing of freeform lead descriptions
• Sentry — error monitoring and performance diagnostics
• Google Analytics 4 / Google Ads — website analytics and conversion measurement
• Dropbox Sign — eSignature delivery and signed-document storage (when you use the contracts feature)
• Netlify — website and application hosting

4.2 Between Users of the Service

The Service connects guard companies with leads (potential clients). When a guard company purchases a lead, we share that lead's contact information and service request with the purchasing guard company. Lead contact information is masked until the lead is purchased.

When a guard company creates client records, contracts, invoices, or sends documents to a client, the relevant content is delivered to that client's contact information by the guard company's authority.

4.3 Legal Compliance and Protection

We may disclose information if we believe in good faith that disclosure is necessary to:

• Comply with applicable law, court order, subpoena, or other legal process
• Respond to lawful requests from public authorities, including law enforcement
• Investigate or prevent fraud, abuse, or security threats
• Protect the rights, property, or safety of TrustGuard, our users, or others
• Enforce our Terms of Service or other agreements

4.4 Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, reorganization, bankruptcy, or similar transaction, your information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your information.

4.5 With Your Consent

We may share information for any other purpose with your consent.

5. Data Retention

We retain your information for as long as your account is active and for the period necessary to provide the Service. When you cancel or terminate your account, we retain your data for a 90-day reactivation window during which you may reactivate your account or export your data. After 90 days, we permanently delete your account data, except where retention is required by law, necessary to resolve disputes, enforce our agreements, comply with regulatory obligations, or protect against fraud.

Aggregated, anonymized data not tied to any identifiable individual may be retained beyond this period.

6. Cookies and Tracking

We use cookies and similar technologies to operate the Service, remember your preferences, analyze usage, and improve the user experience.

6.1 Categories of Cookies and Tracking We Use

• Strictly necessary: authentication cookies (Supabase Auth), session storage (logo cache, company initial cache), CSRF protection. These cannot be disabled without breaking core Service functionality.
• Analytics: Google Analytics 4 (measurement ID G-K80CEC5SN8) — measures site traffic, user behavior, and feature usage to improve the Service.
• Advertising and conversion measurement: Google Ads conversion tracking — measures the effectiveness of our advertising campaigns.
• Performance and error monitoring: Sentry — collects error reports and performance metrics to help us diagnose and fix problems.
• Push notification subscriptions: Web Push (VAPID) — used to deliver real-time lead alerts and platform updates to users who opt in.

6.2 Your Choices

Most browsers allow you to control cookies through their settings. You can:

• Block or delete cookies via browser settings (note: blocking strictly necessary cookies will break the Service)
• Opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-On
• Manage push notification subscriptions through your browser or device settings
• Disable advertising personalization in your Google Account settings

We do not currently respond to "Do Not Track" browser signals because no industry-standard interpretation of those signals exists.

7. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your information, including:

• HTTPS/TLS encryption for data in transit
• Encryption at rest for sensitive data stored in Supabase
• Row-level security policies enforcing user-scoped data access in our database
• Server-side enforcement of all sensitive write operations via secured Netlify functions
• Service-role credentials limited to server-side contexts and never exposed to clients
• Rate limiting on user-facing endpoints
• Content Security Policy headers limiting what content can execute on our pages
• Regular review of access controls and security configurations

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

8. Your Choices and Rights

You may:

• Access and update your information through your account settings
• Export your data in CSV format via the Service's export functions
• Delete your account by cancelling your subscription and contacting us; your data will be deleted on the schedule described in Section 5
• Opt out of marketing communications via the unsubscribe link in any marketing email; transactional communications about your account, billing, and security will continue
• Manage push notifications through your browser or device settings
• Request information about the personal data we hold about you by emailing legal@evotrustguard.com

9. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.

9.1 Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information from California consumers:

• Identifiers (name, email, phone, account ID, IP address)
• Customer records (business name, business address, payment information processed by Stripe)
• Commercial information (subscription history, purchase history, lead credit purchases)
• Internet activity (browsing actions, usage data, device information)
• Geolocation (approximate location derived from IP address)
• Inferences (preferences and characteristics derived from usage patterns)

9.2 Sources of Personal Information

We collect personal information directly from you, automatically from your use of the Service, and from third-party service providers as described in Section 2.

9.3 Business Purposes for Collection

We use personal information for the business purposes described in Section 3.

9.4 Sale or Sharing of Personal Information

We do not sell your personal information as the term "sell" is defined under the CCPA. We do not share your personal information for cross-context behavioral advertising as the term "share" is defined under the CPRA.

9.5 Your California Rights

As a California resident, you have the right to:

• Know what personal information we have collected about you, the categories of sources, the purposes for collecting it, and the categories of third parties with whom we share it
• Access the specific pieces of personal information we have collected about you
• Delete personal information we have collected about you, subject to certain exceptions
• Correct inaccurate personal information we maintain about you
• Limit use of sensitive personal information to certain purposes
• Non-discrimination for exercising any of these rights

9.6 How to Exercise Your Rights

You may exercise these rights by emailing legal@evotrustguard.com with the subject line "California Privacy Rights Request" and a description of your request. We will verify your identity before responding, typically by confirming the email address associated with your account. We will respond to verified requests within 45 days, with a possible 45-day extension when reasonably necessary.

You may designate an authorized agent to make a request on your behalf. We will require written authorization and may require verification of the agent's identity.

9.7 "Shine the Light"

California residents may request information about disclosures of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

10. Children's Privacy

The Service is intended for users 18 years of age and older. We do not knowingly collect personal information from children under 18. If we learn we have collected personal information from a child under 18, we will delete it promptly. If you believe a child has provided us personal information, contact legal@evotrustguard.com.

11. Third-Party Links and Services

The Service may contain links to or integrations with third-party websites and services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to your account email address or through the Service. The "Last Updated" date at the top of this policy reflects when it was most recently revised. Continued use of the Service after the effective date of an update constitutes acceptance.

13. Contact

Questions, concerns, or requests regarding this Privacy Policy or our data practices may be directed to:

Sean Leonard
d/b/a EVO TrustGuard
Email: legal@evotrustguard.com
Website: evotrustguard.com