EvocosEvocos.ai
Sign In
← Back to Home

Privacy Policy

Last updated: February 11, 2026

1. Introduction

Evocos ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our portfolio-building service.

2. Information We Collect

  • Account information: name, email address
  • Resume and career documents you upload
  • Portfolio content you create (evidence items, descriptions, artifacts)
  • Usage data: pages visited, features used, time spent

3. How We Use Your Information

  • To provide and improve the Evocos service
  • To extract skills from your resume using AI
  • To generate portfolio suggestions and coaching
  • To communicate with you about your account

We do NOT sell your personal data to third parties.

4. AI Processing

Your content is processed by the following AI services to provide Evocos's features:

  • OpenAI (GPT-4o): Processes job descriptions, resume text, and portfolio narratives for parsing, skill matching, STAR-E coaching, and portfolio text generation.
  • Google Gemini (Gemini 2.0 Flash): Processes artifact generation prompts containing portfolio context for generating charts, diagrams, and visual artifacts.
  • Google Gemini (Gemini 2.5 Flash Image): Generates cover images for portfolio artifacts based on descriptions derived from your career content.
  • Google Stitch (Vertex AI): Generates UI mockup artifacts. Processed under Google Cloud enterprise terms.

What we send: Prompts derived from your resume text, job descriptions, STAR-E narratives, and artifact descriptions. We do NOT send your raw uploaded files (PDFs, images, videos) to AI providers unless you explicitly request AI artifact generation.

Data training: We do not opt in to any AI provider's model training programs. Your career data is not used to train AI models. OpenAI retains API data for up to 30 days for abuse monitoring. Google retains API data for up to 55 days for abuse monitoring.

5. Data Storage & Security

  • Database: Structured data (account information, STAR-E narratives, portfolio content, job descriptions) is stored in Neon PostgreSQL, a serverless database service.
  • File storage: Uploaded files (resumes, artifacts, images, videos) are stored using Vercel Blob, a cloud storage service powered by Amazon Web Services (AWS) S3 infrastructure.
  • Encryption: All data is encrypted at rest using AES-256 encryption. All data is encrypted in transit using TLS 1.2 or higher. Database encryption keys are managed via AWS Key Management Service (KMS).
  • Retention: We retain your data while your account is active. See Section 6A for data deletion details.

6. Your Rights

You have the following rights regarding your personal data:

  • Access: View all your data in your account dashboard
  • Correction: Update your information in account settings
  • Export: Download your portfolio data at any time
  • Deletion: Delete your account through account settings or by emailing hello@evocos.ai (see Section 6A below for details)

To exercise any of these rights, contact us at hello@evocos.ai. We will respond within 30 days.

6A. Data Deletion

When you delete your account:

  • Your account is immediately deactivated and you can no longer sign in
  • Published portfolios are immediately unpublished and removed from public access
  • Within 30 days, we permanently delete: your user profile, resumes, job descriptions, STAR-E narratives, evidence library items, portfolios, and associated files from our storage systems
  • Data previously sent to AI providers for processing is subject to their retention policies (OpenAI: up to 30 days; Google: up to 55 days) and cannot be recalled by us
  • Anonymized, aggregated usage data (e.g., feature usage counts) may be retained
  • Database backups containing your data are purged within 90 days

Note: During the Alpha program, hard deletion is performed manually within 30 days of your request. An automated deletion pipeline is planned for general availability. If you need expedited deletion, contact us directly.

7. Third-Party Services

We use these services to operate Evocos:

  • Vercel Inc. — Hosting, CDN, and file storage (Vercel Blob)
  • Neon Inc. — PostgreSQL database
  • OpenAI — AI text processing for skill extraction, JD parsing, STAR-E coaching, and portfolio generation
  • Google LLC — AI services: Gemini 2.0 Flash for artifact generation, Gemini 2.5 Flash Image for cover image generation, and Vertex AI Stitch for UI mockups
  • Sentry (Functional Data Systems, Inc.) — Error tracking and application performance monitoring. Sentry may receive technical data including error messages, browser information, and device type when errors occur. Session recordings may capture anonymized user interactions for debugging purposes; all text content and media are masked before transmission.

Each service has their own privacy policy governing their handling of data.

7A. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Notify affected users via email within 72 hours of confirming the breach
  • Notify relevant regulatory authorities as required by applicable law, including the Massachusetts Attorney General and Office of Consumer Affairs
  • Provide details of what information was affected, what we are doing to address the breach, and steps you can take to protect yourself
  • Post a notice on our website if the breach affects a large number of users

8. Cookies

  • We use essential cookies for authentication and session management
  • We may use analytics to understand how users interact with Evocos

9. Children's Privacy

  • Evocos is not intended for users under 18 years of age
  • We do not knowingly collect data from minors

10. Changes to This Policy

  • We may update this policy as our service evolves
  • We'll notify you of significant changes via email or in-app notice

11. Contact Us

Questions about this Privacy Policy? Email us at hello@evocos.ai