Security at Evenli
Our practical, plain-English security overview.
Encryption in transit
All requests between your browser, our servers and our sub-processors use HTTPS/TLS. Data sent to and from Evenli is encrypted on the wire.
UK ICO registration
Evenli is registered with the UK Information Commissioner's Office under registration number ZC102321. We process personal data in accordance with the UK GDPR and Data Protection Act 2018.
Data minimisation and retention
- Messages automatically delete 28 days after sending. You're emailed two days beforehand so you can export.
- You can export your messages, calendar, canvas and expenses to PDF at any time.
- Account deletion removes your personal data, subject to short legal-retention windows.
AI processing
AI message scoring and rewriting is performed server-side by OpenAI's GPT-4o mini under a contractual arrangement that prohibits training on your messages. AI is a suggestion engine — the user always chooses what to send.
Access controls
Evenli uses role-based access controls internally; production data is accessible only to a small number of named engineers, and access is logged. Professional access to a family is permission-based, read-only and revocable by the family at any time. Child profiles on Evenli Link are restricted to chat with the family group only.
Reporting a security issue
If you believe you've found a security issue, please email info@evenli.co.uk with the subject line "Security". We aim to acknowledge reports within two working days.