Security · Data handling

How Evarist handles your data.

Evarist reads behavioral analytics so your AI can reason about your traffic. This page describes, precisely, what we collect, where it lives, and the boundaries that protect it — written for you and for your security reviewer. Every claim reflects how the product is actually built.

Last reviewed · July 2026
01 / What we collect

Behavior, never identity

The full inventory — and the things the tracker is built to never touch.

The tracker collects behavioral events from your site: pages viewed and their titles, referrers and traffic source, browser timezone, scroll depth, visible time on page, plus the interactions and conversions you choose to tag.

Identifiers are two first-party cookies holding random IDs — a visitor ID (13 months) and a session ID (30 minutes). Both are generated in the browser as random UUIDs, derived from nothing about the device. Country, browser and device family are derived on our servers at ingestion from standard request headers; the visitor's IP address is masked before storage and the full IP is never retained.

If you install our Shopify app, we also read a narrow set of order facts from Shopify's Admin API — order number, timestamps, currency, status, and the monetary totals (net payment, price, refunds, discounts) — plus your product and inventory records. That is what lets Evarist tell you which traffic sources actually produced revenue. We never ask Shopify for customer names, emails, phone numbers or addresses: the app holds no customer-data permissions, and the queries we send contain no customer fields. Individual orders are deleted after 65 days; only daily totals per traffic source are kept beyond that.

What we never collect:

  • No form contents, no keystrokes. The tracker does not read what people type.
  • No third-party cookies, nothing in localStorage, no cross-site tracking.
  • No fingerprinting. No canvas, font, or device-signal collection — identifiers are random, not derived.
No cookies before consent, if you need it. An opt-in consent mode holds the identifiers in per-tab session storage — zero cookies — until your consent banner signals agreement; if the visitor declines, Evarist's cookies are removed. On Shopify storefronts, Evarist reads Shopify's own Customer Privacy signal automatically. See consent mode in the docs.
One disclosed exception. An optional email-capture feature can connect a form signup to a visit. It is off by default, requires both a per-site opt-in by you and the visitor's consent, and is not enabled for any customer today.

Names, emails and phone numbers collected by Wisepops campaigns live in a separate system Evarist cannot query.

02 / Tenant isolation

Enforced by the database engine

One customer's data must never surface in another's AI answers — so we enforce it at the lowest layer available.

  • Every analytics query runs as a database account created for your user, whose row policy admits only rows belonging to your sites.
  • The engine applies the policy to every SELECT — a crafted query, UNION, or subquery cannot escape it.
  • The application's default database account has no read access at all: if your identity ever failed to attach, the query fails closed instead of falling back to broader access.
  • Per-user database credentials are network-restricted to our cluster — useless if they ever leaked.
  • A user with no sites matches nothing.
03 / The AI layer

Authorization comes from authentication

A chatbot sits on top of this data, so the AI layer gets its own boundaries.

Not from the prompt. Your AI's requests carry your token; the token selects your scoped database account; nothing the model writes can widen it. A prompt-injection attempt can phrase any query it likes — the engine still only returns your rows.

Database errors are sanitized before the model sees them; raw internals are logged only on our side. Queries are rate- and size-capped per user.

Server-side, Evarist calls one model provider: Anthropic. Three uses — profiling your public website pages, suggesting event tags, and generating analytics insights from query results. Visitor PII is never sent. Neither Evarist nor Anthropic trains models on this data.

When you connect your own AI client (claude.ai, ChatGPT…), that provider processes your questions under your agreement with them — it is your processor, not our sub-processor. Our sub-processor list spells out the distinction.

04 / Encryption

In transit and at rest

All traffic is encrypted in transit (TLS): the tracker, the MCP connection, the web app. Account and configuration data is stored on encrypted volumes (AWS EBS), and its backups are AES-256 server-side-encrypted in S3.

05 / Access control

Least privilege, no passwords

  • No passwords to steal — sign-in is a one-time emailed link.
  • AI connections use OAuth 2.1 with PKCE; access tokens expire after 1 hour, refresh tokens after 30 days, and all tokens are stored only as SHA-256 hashes.
  • Analytics reads use least-privilege, per-user database accounts (section 02) with per-user query quotas.
  • Production access is limited to the small team operating the service, over short-lived credentials.
06 / Where your data lives

Hosting & sub-processors

On AWS (us-east-1, United States) — the analytics infrastructure Evarist shares with Wisepops. Our sub-processors — AWS, Cloudflare, Postmark, Anthropic — are listed publicly with their purpose and location at app.evarist.ai/subprocessors.

For EU/UK customers: transfers rely on the EU-US Data Privacy Framework and/or Standard Contractual Clauses with the UK Addendum, as set out in the DPA.

07 / Retention & deletion

Bounded by default

  • Identifiable visitor event data is deleted or anonymised after 25 months.
  • The visitor cookie expires after 13 months; the session cookie after 30 minutes.
  • Deleting your account removes your account, sites, and configuration immediately. Already-collected visitor events are not deleted with the account — they age out under the 25-month retention above, or sooner if you ask us to erase them.
  • Visitor-erasure requests (DSARs) are supported with a 30-day turnaround; we assist you, the controller, in fulfilling them.
08 / For your legal team

The facts your DPO will ask about

With the documents to forward.

09 / What we don't claim yet

Listed plainly, not implied

  • No SOC 2 audit yet.
  • No published penetration test.
  • DNT / GPC signals not honored.

We would rather list these plainly than imply them. This section shrinks as we grow.

Questions your reviewer wants answered directly? support@evarist.ai