Privacy Policy

Evident Privacy Policy

Last Updated: January 19, 2026

This Privacy Policy explains how Heartland Legacy Group, LLC, d.b.a. Evident ("Evident," "we," "us," or "our") collects, uses, discloses, and protects personal information when you access or use our websites, applications, and related services (collectively, the "Services"). It also describes your rights and choices.

By using the Services, you acknowledge that we will process personal information as described in this Privacy Policy. Where we rely on consent (such as for certain marketing communications and non-essential cookies in some jurisdictions), we will ask for it separately and you may withdraw it at any time.

Scope

This Privacy Policy applies to personal information we process:

  • when you visit our website,
  • create or manage an account,
  • purchase Reports or subscriptions,
  • communicate with us, or
  • otherwise interact with the Services.

This Privacy Policy does not apply to third-party websites, products, or services that may be linked from the Services.

Roles: Controller vs. Processor

Evident as Controller

In most cases, Evident acts as a controller (or equivalent) for personal information we collect and use for our own purposes, such as account creation, billing, website analytics, marketing (where permitted), security, and compliance.

Evident as Processor / Service Provider for Customer Data

If a business customer uploads or submits personal information to the Services as part of using the product (for example, names and contact details in internal lists, notes, or other business content) ("Customer Data"), the business customer is typically the controller (or "business" under certain U.S. laws) and Evident acts as a processor / service provider processing Customer Data on the customer's behalf, subject to our Data Processing Addendum ("DPA").

If you are a business customer and require a DPA, please contact us at contact@evidentco.com. Where applicable, the DPA will govern our processing of Customer Data and control in the event of a conflict with this Privacy Policy.

3) Information We Collect

We collect information in three ways: (a) information you provide, (b) information collected automatically, and (c) information from service providers.

A. Information you provide

  • Account and contact information: name, email, business type, mailing/billing address, and login credentials.
  • Onboarding and profile information: business details you provide (e.g., industries to evaluate, cities to evaluate).
  • Orders and transactions: purchase history, invoices/receipts, and related details.
  • Communications: information you provide when contacting support or communicating with us.

B. Payment information

Payments are processed by third-party processors. We generally receive limited payment-related information (e.g., payment method type, last four digits, transaction ID). We do not store full payment card numbers on our servers.

C. Information collected automatically

  • Device and usage data: IP address, browser type, device identifiers, operating system, referring URLs, pages viewed, actions taken, session duration, and timestamps.
  • Approximate location: inferred from IP address (e.g., city/state level), where permitted by law.
  • Cookies and similar technologies: described in "Cookies and Tracking."

D. Sensitive information

We do not request sensitive personal information (e.g., Social Security numbers, government ID numbers, health data). Please do not provide sensitive information through the Services.

4) How We Use Information

We use personal information to:

  • Provide and operate the Services (create accounts, authenticate users, deliver Reports, process Orders).
  • Process payments and billing (through payment processors), manage invoices, and maintain transaction records.
  • Improve and personalize the Services (analytics, feature testing, debugging, product improvements).
  • Communicate with you (service notices, account updates, receipts; marketing where permitted and subject to your choices).
  • Provide customer support (respond to inquiries and troubleshoot).
  • Security and fraud prevention (detect, prevent, and investigate misuse and suspicious activity).
  • Compliance and legal (comply with law, respond to lawful requests, and enforce our Terms).

Legal bases (EEA/UK/Switzerland)

Where applicable, we process personal information based on:

  • Contract necessity (to provide the Services),
  • Legitimate interests (security, product improvement, fraud prevention),
  • Consent (e.g., certain marketing and non-essential cookies),
  • Legal obligations.

5) How We Share Information

We disclose personal information in the following circumstances:

A. Service providers

We share information with vendors that help us run the Services (hosting, analytics, customer support tools, email delivery, security/fraud prevention). They are permitted to process personal information only to provide services to us and consistent with our instructions and contractual obligations.

B. Payment processors

We share information needed to process payments and prevent fraud.

C. Professional advisors

We may share information with accountants, auditors, lawyers, insurers, and other advisors as needed.

D. Legal and safety

We may disclose information if we believe it is necessary to comply with law, protect rights and safety, prevent fraud, or enforce our Terms.

E. Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate protections.

F. With your direction

We may share information at your request or with your consent.

G. Aggregated / de-identified information

We may share information that is aggregated or de-identified so it cannot reasonably identify you.

No sale / no cross-context behavioral advertising: We do not sell personal information and we do not share personal information for cross-context behavioral advertising (as defined under applicable U.S. state privacy laws).

6) Cookies and Tracking

A. What we use

  • Essential cookies required for core functionality (login, security, session management).
  • Analytics cookies to understand usage and improve the Services.

We do not use cookies for third-party behavioral advertising.

B. Analytics

We may use analytics providers, such as Google Analytics, to understand how users interact with our website and Services and to improve performance and user experience. These providers may process certain information in accordance with their own privacy policies.

C. Your choices

  • Cookie banner/consent tool: where required by law, we will ask for consent before placing non-essential cookies.
  • Browser controls: you can block or delete cookies. If you block essential cookies, parts of the Services may not function.
  • Global Privacy Control (GPC): where required by law, we honor GPC signals for applicable opt-outs. We do not respond to "Do Not Track" signals at this time, except where required by applicable law.

7) Data Security

We use commercially reasonable safeguards designed to protect personal information (e.g., encryption in transit, access controls, monitoring). No system is 100% secure and we cannot guarantee absolute security.

8) Data Retention

We retain personal information only for as long as reasonably necessary to provide and operate the Services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention periods vary based on the type of information, how it is used, and applicable legal requirements. In general, information is retained while an account is active and for a reasonable period thereafter, or as otherwise required or permitted by law, and may be aggregated or de-identified when no longer needed.

9) Your Rights and Choices

Depending on your jurisdiction, you may have rights to access, correct, delete, or obtain a portable copy of your personal information, and to opt out of certain processing in some cases.

How to submit requests

You may submit a privacy request by emailing contact@evidentco.com.

We may need to verify your identity before fulfilling a request.

Indiana residents: Appeals

If we deny your request, you may appeal our decision by:

  • Emailing contact@evidentco.com with the subject "Privacy Appeal",
  • Including your original request details and the reason you believe the decision should be reconsidered.

We will respond to appeals within 60 days (or sooner where required), and will explain the outcome.

California residents (CCPA/CPRA)

California residents may designate an authorized agent to submit requests. We will require proof of authorization and may verify your identity directly.

EEA/UK/Switzerland

You may have rights to access, correct, delete, restrict or object to processing, and data portability. You may also lodge a complaint with your local supervisory authority.

10) International Data Transfers

We may process and store personal information in the United States and other countries where we or our service providers operate.

If personal information subject to European data protection laws is transferred outside the EEA/UK/Switzerland, we generally rely on recognized transfer mechanisms, such as:

  • the European Commission's Standard Contractual Clauses (SCCs), and
  • for the UK, the UK Addendum to the SCCs or the UK International Data Transfer Agreement (IDTA) (as applicable),

along with additional safeguards where appropriate.

11) Children's Privacy

The Services are not intended for children under 13 (or a higher age where required by local law). We do not knowingly collect personal information from children.

12) Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised "Last Updated" date. If changes are material, we may provide additional notice.

13) Contact Us

Email: contact@evidentco.com