Skip to main content
Back to Eva AI

Legal

Privacy Policy

How Eva collects, uses, discloses, retains, and protects personal information.

Effective July 15, 2026

Purpose-limited collection

Sensitive-data safeguards

Access and deletion choices

01

Scope

This Privacy Policy explains how Eva AI, Inc. (“Eva,” “we,” “us,” or “our”) handles personal information through getevaai.com, demo and contact forms, customer accounts, and services offered to aesthetic practices. The more specific Photo & AI Notice controls when you use an Eva-branded or practice-branded AI Before & After preview. A participating practice may separately control information in its clinical, scheduling, or business systems and may provide its own privacy notice.
02

Information we collect

Depending on how you interact with Eva, we may collect contact and account details; messages, demo requests, support requests, and consultation preferences; appointment and workflow information received from you, a participating practice, or an authorized integration; transaction records handled with payment providers; and device, browser, referral, cookie, and usage information. The Photo & AI Notice describes photos, generated previews, treatment choices, stated goals, consent records, session activity, and nonclinical consultation-readiness information collected by the preview tool.
03

How we collect it

We receive information directly from you; from the practice whose page or services you use; from integrations the practice authorizes; automatically from browsers, devices, cookies, and service logs; and from vendors that help us operate, secure, communicate about, and support the services.
04

How we use information

We use information to provide and secure the services; respond to inquiries; create and deliver requested previews; support requested consultations and authorized booking or communication workflows; maintain accounts; troubleshoot and prevent misuse; measure service performance; comply with law; and establish or defend legal claims. We may send promotional email or text only when the required consent exists. The preview tool may summarize stated goals and estimate nonclinical consultation readiness, but it does not determine medical eligibility or clinical suitability. Customer photos, previews, and related customer data are not used to train or fine-tune AI models under the current service permission.
05

When information is disclosed

We may disclose information to the participating practice you chose or whose branded page you used; to contracted providers for hosting, storage, authentication, AI generation, security, communications, analytics, payments, and authorized integrations; to professional advisers; and to authorities or other parties when reasonably necessary for legal, security, or rights-protection purposes. We may also disclose information in a merger, financing, acquisition, or sale of assets, subject to appropriate protections. Service providers may process preview data only to perform Eva's contracted purposes and may not use it to train their own models.
06

Analytics, cookies, and advertising

Ordinary marketing pages may use cookies and configured analytics or advertising services to understand traffic and campaign performance. You can limit cookies through your browser or device settings. The AI preview and practice-branded preview routes do not load Eva's global Google Analytics, Google Tag Manager, Microsoft Clarity, Meta Pixel, or another third-party advertising/behavioral tracker. They use bounded first-party operational events and may preserve campaign tags, advertising campaign/ad-set/ad identifiers, and a platform click identifier from the link used to reach the preview. This attribution data is kept separate from source photos and generated previews; pre-lead operational events also exclude direct contact details and persistent click identifiers. Eva does not sell photos or generated previews.
07

Retention and deletion

We keep personal information only as long as reasonably needed for the purposes described here, the applicable customer relationship, security and consent evidence, dispute resolution, and legal obligations. Stored preview source photos and generated images are deleted when their disclosed purposes are complete or no later than three years after the most recent saved preview, whichever comes first, and may be deleted sooner through the in-product control or a verified request. Backup deletion may take additional time where permitted by law. Other records may have different retention periods, as explained in the Photo & AI Notice or an applicable customer agreement.
08

Security and location

We use administrative, technical, and physical safeguards designed for the sensitivity of the information, including access controls, encrypted transport, provider-managed encryption at rest, tenant scoping, and audit records. No system is completely secure. Eva and its providers may process information in the United States and other locations where they operate, subject to applicable contractual and legal safeguards.
09

Your privacy choices

Depending on where you live, you may have rights to know, access, correct, delete, or obtain a copy of personal information; withdraw consent; opt out of certain marketing or targeted advertising; or appeal a denied request. You may use the preview's deletion control, reply STOP to eligible texts, use an unsubscribe link in promotional email, or email us. We may request information reasonably needed to verify you or an authorized agent. We will not unlawfully discriminate against you for exercising a privacy right.
10

Children

Eva's public preview is limited to adults age 18 or older, and our services are not directed to children under 13. If you believe a child provided personal information, contact us so we can evaluate and delete it as appropriate.
11

Changes and contact

We may update this policy as our services or legal obligations change. We will post the updated policy with a new effective date and provide additional notice when required. For privacy questions or requests, email hello@getevaai.com. If your request concerns a participating practice's own records, you may also need to contact that practice.

See also our Terms of Use and Photo & AI Notice.