The things people ask before trusting a new analytics product with their traffic. If yours isn't here, email ben@evarist.ai — he replies fast.
An email address. We send a one-time sign-in link — there is no password to set, and no credit-card step anywhere in the product. (During the beta, access starts with an email to ben@evarist.ai.)
Your email address, and a record of which version of our terms you accepted and when. That's the whole list — we never ask for your name. Connection tokens for your AI are stored only as hashes.
Read your analytics, and manage your Evarist setup: create a site, tag events, set conversion goals, group your own domains, generate a Shopify install link. Every tool that changes something is labeled as a write in the protocol itself, so your AI asks before acting. The full tool list, read/write tagged, is in the docs.
Touch your website — no code, no content, no deploys. Spend money — Evarist has no billing system. Delete your analytics. Or reach any account but yours: every query runs against a database account scoped to your sites, enforced by the database engine, not by the AI's good behavior. Details in how Evarist handles your data.
No. Evarist doesn't train models on your data, and Anthropic — the one AI provider we use server-side — doesn't train on API traffic. Your own AI client (claude.ai, ChatGPT…) processes your questions under your agreement with that provider, not ours.
What a query can reach is decided by which account authenticated, not by what the prompt says. A malicious instruction can't widen access. More in the AI layer.
No. It's about 13 KB on the wire (compressed) — roughly 10× lighter than GA4's tag. It loads asynchronously after your page and never blocks rendering. If it ever fails to load, it fails silently; your site is unaffected.
Behavior: pages, referrers, scroll depth, time on page, the events and conversions you tag. Identifiers are random first-party cookies — no third-party cookies, no fingerprinting. Visitor IP addresses are masked before storage. It never reads what people type: no form contents, no keystrokes.
(One optional email-capture feature connects form signups to visits; it's off by default, needs both your opt-in and the visitor's consent, and isn't enabled for any customer today.)
Yes. By default the snippet simply composes with your consent tool. And if your compliance posture requires no cookies before consent, switch on consent mode: visitors are still counted from their first page, but identifiers stay in per-tab session storage — zero cookies — until your banner signals consent, and are removed if the visitor declines. On Shopify, Evarist reads the store's own consent signal automatically.
Ask your AI: "Is my tracker live?" Evarist reports each site's status — created, warming, live — and tells you when data is flowing.
You remain the controller of your visitors' data; Evarist processes it on your instructions under a DPA that is part of the terms. The security page has a section written for your DPO, and all documents are public.
Remove the snippet. The tracker stops immediately; nothing keeps running. Cookies it set expire on their own (session within 30 minutes, visitor within 13 months).
On AWS (us-east-1), on the analytics infrastructure Evarist shares with Wisepops. Sub-processors are listed publicly.
Identifiable visitor data: 25 months, then deleted or anonymised. Account data: for the life of your account.
Out: ask your AI; every query result is yours to keep. Deleted: deleting your account removes your sites and configuration immediately. Already-collected visitor events aren't deleted with it — they age out under the 25-month retention, or sooner if you ask us to erase them (erasure requests are handled within 30 days).
You and the teammates you invite. Isolation between customers is enforced by the database engine — see tenant isolation.
The team behind Wisepops, the onsite-engagement platform 1,500+ brands rely on. Evarist is founded by Ben Cahen, Wisepops' founder — same team, same infrastructure discipline, new product.
Beta means the product evolves weekly — not that your data is at risk. The isolation, encryption and legal terms on the security page are already in place, and Evarist is live with real companies in ecommerce, media and education.
ben@evarist.ai — no form, a direct conversation with Ben.