everfind is an AI workspace for company knowledge. It lets teams search and ask across emails, drives, and chat, and provides file-type views such as invoice tables.

everfind ist ein KI-Workspace für Unternehmenswissen. Teams können über E-Mails, Laufwerke und Chats hinweg suchen und fragen; zusätzlich gibt es dateitypspezifische Ansichten wie z. B. Rechnungs-Tabellen.

everfind is built for SMEs and mid-sized teams using tools like Outlook or Gmail, Google Drive or SharePoint, and Slack or Microsoft Teams who want one place to find information.

Für wen ist everfind gedacht?

everfind richtet sich an KMU und mittelgroße Teams, die mit Tools wie Outlook oder Gmail, Google Drive oder SharePoint sowie Slack oder Microsoft Teams arbeiten und einen zentralen Zugang zu Wissen möchten.

Do I need to migrate files?

No. You can keep files where they are. Connect your sources and everfind indexes them.

Muss ich Dateien migrieren?

Nein. Dateien bleiben, wo sie sind. Verbinde deine Quellen und everfind indexiert sie.

Is everfind GDPR compliant?

Yes. everfind follows GDPR. Data is encrypted in transit and at rest, and access is role-based.

Ist everfind DSGVO-konform?

Ja. everfind orientiert sich an der DSGVO. Daten sind während der Übertragung und im Ruhezustand verschlüsselt; der Zugriff ist rollenbasiert.

Traffic is encrypted in transit, indexes and stored data are encrypted at rest, and permissions are managed with role-based access control.

Wie werden Daten gesichert?

Die Übertragung ist verschlüsselt, Indizes und gespeicherte Daten sind im Ruhezustand verschlüsselt und Berechtigungen werden per rollenbasierter Zugriffskontrolle verwaltet.

Our Privacy Policy

Last updated: November 17, 2025

Snackbit UG (haftungsbeschränkt) (“Snackbit”, “we”, “us”, or “our”) is the company behind Everfind (the “Service”). Everfind comprises our website (everfind.ai) and our application that allows users to upload documents or connect third-party accounts to find information using AI. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the CPRA, and other applicable laws. This Privacy Policy explains what personal data we collect, how we use and share it, and your rights regarding that data.

By using the Everfind website or application, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use Everfind.

1. Who We Are and How to Contact Us

Everfind is a product of Snackbit UG (haftungsbeschränkt), a company incorporated in Germany. Our registered address is:

Snackbit UG (haftungsbeschränkt)
Bahnweg 26, 51588 Nümbrecht, Germany

If you have any questions or concerns about this Privacy Policy or your personal data, you can contact our team (Attn: Julian Dik) at legal@everfind.ai. We will be happy to assist you, and you can also use this contact to exercise any of your privacy rights described below.

Our Role: Controller vs Processor

For visitors of our website and individual users of the Everfind application who sign up directly with us, we generally act as a data controller under GDPR.
When a business customer uses Everfind for its organization (for example, rolling Everfind out to its employees), that customer is typically the data controller for the personal data stored in Everfind, and Snackbit acts as a data processor on its behalf.
In those cases we enter into a separate Data Processing Agreement (DPA) with the customer that governs our processing in accordance with Article 28 GDPR.

If you are unsure in which role we act for you, you can contact us at legal@everfind.ai and we will clarify.

Our competent supervisory authority for data protection is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Germany.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data processed by Everfind in relation to:

Visitors of our website everfind.ai (including any subdomains).
Users of the Everfind application (web or any other platform) who register an account or use our services.
Any other individuals who interact with us (for example, through customer support or email inquiries).

It covers what data we collect, why we collect it, how we use it, how it’s stored and protected, when it might be shared, and the rights you have regarding your data. This policy covers both the website and the application, including any integrations you choose to connect to Everfind. Please note that our website and app may contain links to third-party websites or services; if you navigate to those, their own privacy policies will apply.

3. Personal Data We Collect

We collect personal data that you provide to us directly, data that is collected automatically about your use of Everfind, and data from third-party services you connect. The types of personal data we process include:

Account Information

When you register or use Everfind, we collect information to identify you, such as your first name, last name, and email address. If you sign up using third-party authentication (e.g., Google Sign-In or Microsoft Account), we receive basic profile information from those providers (like your name, email, and any profile ID or token needed for authentication). We do not receive or store your passwords for those services; authentication is handled via secure OAuth tokens.

Uploaded Files and Documents

Everfind allows you to upload documents or files. When you upload files to the Service, we will store those files and the content within them in order to index and analyze them. This may include text, images, or other data contained in the documents. We treat all content you upload as confidential and use it only as described in this policy (for providing search results and related features to you).

Data from Connected Integrations

If you choose to connect third-party accounts or integrations to Everfind (for example, Jira, Gmail, or Google Drive), we will, with your permission, access certain data from those services:

Jira: If you integrate Atlassian Jira, Everfind will use the OAuth scopes you grant (Jira-webhook, Jira-user, Jira-work). This allows us read access to your Jira data such as issues, project information, tickets (including titles, descriptions, comments, and attachments), and basic profile info necessary to connect. We use this data to index and search your Jira issues and related content to answer your queries. We do not write or make changes to your Jira data.
Gmail: If you connect your Gmail account, we will request read-only access to your emails (through Google’s API). This allows Everfind to read email subject lines and bodies, and possibly attachments, for the purpose of indexing them and enabling you to search or ask questions about your email content. We do not send emails on your behalf or delete any messages.
Google Drive: If you connect Google Drive, we use the drive.readonly scope. This gives Everfind the ability to list and read files from your Google Drive (including file titles, text content, and metadata) so that we can index them and allow you to search them via Everfind. We do not alter or delete any files in your Drive.
Other Integrations: If we introduce additional integrations (e.g., other email providers or project management tools), we will similarly request only the minimum necessary permissions and will explicitly inform you of what data will be accessed. We will handle any such data under this Privacy Policy.

You have control over connecting or disconnecting these integrations at any time. If you disconnect an integration, we will stop any ongoing data import from that source, and you can request us to delete any data imported from that source (see Data Retention and Deletion below).

User Queries and Interaction Data

When you use Everfind’s core functionality – for example, asking a question or searching your documents – we process the query you enter and any relevant context from your data to generate a response. We may save your query and the AI-generated answer, along with references to which documents were used, to provide you with a history and to improve the service (such as refining search relevance or troubleshooting issues). Interaction data also includes your clicks, feature usage, and preferences within the app.

Analytics and Usage Data

We automatically collect certain information about how you access and use our website and app:

Device and Technical Information: such as your IP address, browser type, device type, operating system, and device identifiers.
Usage Information: such as pages or screens you view, the features you use (e.g., performing a search, connecting an integration), the time and date of your visits, and the amount of time spent on our site or app.
Interactions & Mouse Movements: We may use analytics tools that record how you interact with our site/app (including clicks, scrolling, mouse movements, and keystrokes entered in non-sensitive fields). Heatmaps and session recordings may be used to help us understand user behavior and improve the user experience. These tools are configured so that they do not record sensitive fields (like passwords) or the content of your uploaded documents or emails. We enable masking to avoid capturing such content.
Cookies and Similar Technologies: We and our third-party providers use cookies, web beacons, and similar tracking technologies to provide and optimize the Service. For instance, cookies help keep you logged in, remember preferences, and gather analytics data. You can control cookies through your browser settings and our cookie banner / preference center. Non-essential cookies (such as analytics cookies) are only used with your consent where required by law. Disabling certain cookies may affect some functionality (such as staying logged in or loading preferences).

Communication Data

If you join a waitlist, subscribe to a newsletter, or otherwise communicate with us (for example, emailing support or filling out a contact form), we will collect your name, email, and the content of your communication. If we send you emails (such as product updates or newsletters), we may track engagement (e.g., whether you opened the email or clicked a link) to help us understand interest and improve our communications.

Special Categories of Data

Everfind is not intended to collect or process any special categories of personal data (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification, health information, or information about sex life or sexual orientation). We do not ask for or intentionally collect this kind of information. We ask that you do not upload or share sensitive personal data through Everfind. If you do so inadvertently (for example, a document you upload contains health information), we will treat it with the same care as other data, but such data will not be specifically processed differently as special category data, and by providing it, you affirm that you have the right to do so.

Children’s Data

Everfind is a service intended for adults. We do not knowingly collect personal data from anyone under 18 years of age. If you are under 18, you are not permitted to use Everfind. If we learn that we have inadvertently collected personal information from a child under 18, we will delete that information without delay. Parents or guardians who believe we might have information about a minor can contact us at legal@everfind.ai to request deletion.

4. How We Use Personal Data

We use your personal data only for the following purposes, in accordance with applicable laws:

Providing and Improving the Service

We process your account information, uploaded documents, and integration data to deliver Everfind’s core functionality. For example, we use your data to:

Index and categorize your uploaded files and connected account data using artificial intelligence, making it searchable and organized for you.
Allow you to query your data and retrieve relevant answers. This includes processing your queries and employing AI models to generate answers based on your data.
Maintain your account and preferences (such as language, settings, connected integrations).
Provide customer support and respond to your inquiries or requests.
Understand how users interact with our Service (through analytics) so we can improve features, user experience, and performance.

AI Processing of Your Data (How Queries Are Answered)

When you ask Everfind a question, our system may use large language models (LLMs) to help formulate an answer:

Document Analysis: Everfind will search your indexed data (uploaded files, emails, Jira tickets, etc.) for information relevant to your question.
Query to AI Models: We may send parts of your query and relevant excerpts of your data to third-party AI services to help generate a natural language answer. For example, if you ask “What did my team discuss about Project X last week?”, Everfind might extract key points from your Jira and emails about Project X and send those snippets, along with your question, to an AI model to compose a summary answer.
The AI’s response is then returned to you through our app, often with references or links to the source documents in your data.

Important Privacy Notes:

We only send the minimum necessary snippets of your data required to answer a query, not your entire document collections.
Data shared with these AI services is only used to produce the requested answer on our behalf.
We configure and contractually require our AI providers so that they do not use your content to train or improve their general models (for example, OpenAI’s API processing does not use submitted data to train models unless explicitly opted-in).
We will only use AI providers under terms that commit to not using your data for their own purposes beyond providing services to us.
Some AI providers may process data inside or outside the EU (for example, in the United States or other regions). Where personal data is transferred outside the EU/EEA, we use appropriate safeguards such as Standard Contractual Clauses as described in Section 7.

We may review aggregate or pseudonymized information about how queries perform (for example, whether answers were helpful) to improve search quality and relevance. We do not use your personal documents or full query contents to train independent machine learning models without your permission.

Communications

We use your contact information to communicate with you about the Service:

Account and Service Communications: We may send you administrative emails (for example, to verify your account, notify you of important changes or security issues, confirm when you connect a new integration, or provide customer support responses).
Product Updates and Marketing: If you joined our waitlist or subscribed to updates, we may send newsletters or product announcements about Everfind. We will only send you marketing emails with your consent (e.g., you explicitly signed up to receive updates or it’s within the scope of what you would expect when joining a waitlist). You can opt out of marketing emails at any time by clicking the unsubscribe link in those emails or contacting us. We may still need to send transactional or necessary service emails (like password resets or critical notices) even if you opt out of marketing.
Feedback and Surveys: We might invite you to provide feedback or participate in surveys to improve Everfind. Responding is optional.

Analytics and Improvement

We use analytics data (including cookies and similar technologies) to:

Measure and understand the usage of our website and app.
Test and improve user interface and fix technical issues.
Evaluate the success of our marketing or informational campaigns.

Where required by law (for example, in the EU for non-essential cookies), we only use analytics tools based on your consent, managed via our cookie banner and preference settings. You can withdraw your consent at any time.

Security and Abuse Prevention

To maintain the security of Everfind and protect your data, we may process certain data to detect and prevent fraud, abuse, or other harmful activities:

For example, we might log and analyze IP addresses or attempts to log in, in order to detect suspicious activity.
We might use automated systems to flag accounts or activities that appear to violate our Terms of Use (e.g., bots scraping data or someone uploading malware).
We also use your data to enforce our Terms of Use and other policies.

Legal Compliance

Where necessary, we will use your data to comply with applicable laws or regulations, or to respond to valid legal requests from authorities. For instance, we may retain some data or share information if we are legally compelled by a court order, or use data to fulfill obligations under consumer protection or tax laws. We will strive to notify you if we are required to provide your data to third parties as part of a legal process, unless we are legally prohibited from doing so.

We will not use your personal data for purposes that are not compatible with the above, unless we obtain your consent or as required or permitted by law. In particular:

We do not sell your personal data.
We do not use your personal data for third-party advertising targeting.
We do not use your personal data to train our own general-purpose machine learning models beyond the direct, on-the-fly analysis required to provide the Everfind service to you. Any model training or benchmarking that Everfind performs uses non-personal, aggregated/anonymized, or synthetic/test data unless you explicitly opt in otherwise.

5. Legal Bases for Processing (GDPR Compliance)

If you are in the European Economic Area (EEA) or United Kingdom, we must have a valid legal basis to process your personal data under the GDPR/UK GDPR. We rely on the following legal bases:

Performance of a Contract

When you register for and use Everfind, you enter into an agreement (Terms of Use) with us, and much of our data processing is to fulfill our obligations under that contract. This includes:

Providing the service’s core functions (indexing your data, enabling searches, generating answers).
Maintaining your account and profile.
Handling customer support and inquiries.
Processing data from integrations you connect at your request.

Without this data, we cannot perform the contract with you.

Consent

In certain cases, we rely on your consent:

If you subscribe to marketing communications (e.g., newsletters, waitlist updates), we send those emails based on your consent. You can withdraw consent at any time (by unsubscribing or contacting us).
For certain cookies or analytics tools on our website, we may ask for consent via a cookie banner, as required by law (particularly for non-essential cookies in jurisdictions that require consent).
If we ever want to process your data for a new purpose not covered by this Privacy Policy, we would seek your consent.

If we rely on consent and you decline or withdraw it, we will not process your data for that purpose. Withdrawing consent does not affect the lawfulness of processing already carried out.

Legitimate Interests

We process certain data as necessary for our legitimate interests, and only after assessing that these interests do not override your data protection rights. These legitimate interests include:

Improving and developing Everfind (for example, understanding how users use our service through analytics and feedback so we can make it better, troubleshoot, and innovate).
Security and fraud prevention (keeping our service safe, preventing misuse, and protecting our rights, property, and users).
Personalizing user experience in a privacy-friendly way (for example, remembering your preferences and showing relevant features).
Running and planning our business operations.

When relying on legitimate interests, we implement appropriate safeguards to protect your privacy. You have the right to object to processing based on our legitimate interests in certain circumstances (see Your Rights below).

Legal Obligation

In some cases, we may need to process data to comply with a legal obligation:

For example, maintaining records for tax purposes or responding to lawful requests by public authorities.
If under law we are required to retain certain data (such as payment records if any financial transactions occur in the future) or to report certain information, we will do so as required.

Vital Interests / Public Interest

These bases are unlikely to apply to Everfind’s typical operations. We do not process personal data for public interest tasks, and we would only process personal data to protect someone’s vital interests (life or safety) in extreme situations.

6. How We Share Personal Data

We understand that your data is important, and we only share personal data with third parties in a few specific situations. We do not sell your personal information to third parties. We also do not share it for cross-context behavioral advertising. When we do need to share data, we ensure it’s protected through contracts and only as needed to provide our services or comply with the law.

Service Providers (Processors)

We use trusted third-party companies to operate or enhance Everfind. These providers process data on our behalf and are bound by contracts to only use your data under our instructions and to protect it. Our main service providers include:

Hosting and Infrastructure:
We host Everfind on Hetzner servers in Germany. All your data (account info, uploaded documents, databases) is stored on servers located in Germany. Hetzner acts as a data processor providing secure Infrastructure-as-a-Service. Data stored on our servers is subject to German/EU data protection standards.
Artificial Intelligence Providers:
We use third-party AI services to help generate answers from your data:
- OpenAI via Azure OpenAI Service: We send portions of your data (queries and relevant document snippets) to OpenAI models that are hosted by Microsoft Azure in data centers located in Germany and Sweden. This means processing of that data takes place within the European Union. We configure the service so that OpenAI and Microsoft process data under their API and data protection terms and do not use our submitted data to train their general models. Data is encrypted in transit and at rest, and processing is subject to appropriate contractual safeguards as described in Section 7.
OpenAI via Azure is under strict contractual instructions not to use the content we send them for their own training or advertising purposes, and only to provide AI outputs back to us.
Analytics and Usage Tracking:
- Mixpanel: A product analytics service that tracks user interactions within the Everfind app (e.g., which buttons are clicked, frequency of feature use). This helps us analyze user engagement and improve the product. Mixpanel receives user identifiers (such as an internal user ID and, in some cases, your email address as an identifier if configured) and usage events. Mixpanel may process data in the EU or US. We have a DPA in place with Mixpanel that includes appropriate safeguards.
- Google Analytics: On our marketing website, we use Google Analytics to collect web visitor statistics. Google Analytics uses cookies and similar identifiers to record information like your IP address (with IP anonymization enabled where possible), browser, and on-site behavior. This information helps us understand website traffic and improve site content. Google processes this data under its controller/processor roles; for EU visitors we rely on consent and use appropriate safeguards for any transfers.
- Session Recording / UX Tools (e.g., Contentsquare-type tools): We may use UX analytics platforms that provide heatmaps and session recordings. These tools track how users navigate our site/app (clicks, scrolls, mouse movements, and UI interactions) to help us identify UI/UX issues. We configure them to heavily mask or exclude sensitive content, including the content of your documents and email messages. They may process data in the EU and other regions under a DPA and appropriate safeguards.
For analytics and UX tools, we obtain consent where required (e.g., via a cookie banner for EU visitors). You can revoke your consent at any time via our cookie preferences.
Communication and Marketing Tools:
- Framer: Our website may be built or hosted using Framer. Framer processes website content and may log visitor data (like IP addresses and requests) for hosting and delivery purposes.
- Loops (Loops.so): We use Loops.so for email marketing and automated messaging (e.g., onboarding messages, product updates). Loops stores contact data (such as your name, email, and subscription preferences) and tracks email delivery and engagement on our behalf.
- Attio CRM: Attio is a customer relationship management tool. We may store your contact information, communication history, and notes about our interactions in Attio to manage customer relationships and provide better support. Attio is based in the UK and operates under a DPA.
Utilities and Others:
- Google Fonts: Our website uses Google Fonts for typography. When you visit our site, your browser may download fonts from Google’s servers, and Google receives your IP address and browser info as part of this process.
- Other Service Providers: We may use additional third parties for things like error tracking (e.g., Sentry), scheduling meetings (e.g., Calendly), or other support tools. If these services process your personal data, we will ensure they are bound by privacy obligations and update this Policy or our published sub-processor list as appropriate.

Integration Partners (Third-Party APIs)

If you connect a third-party account (like Google or Atlassian) to Everfind:

For authentication, we redirect you to the third party (e.g., Google OAuth or Atlassian’s OAuth) to log in, and they send us an access token.
For data retrieval, our servers use the granted access token to fetch data from the third party (as described in Section 3). Data flow is mainly from the third-party service into Everfind, under your control.

We do not send your Everfind search history or broader usage data back to these integration partners for their own purposes. If you have concerns about how those third parties handle your data, please review their privacy policies.

Business Transfers

If Snackbit UG is involved in a merger, acquisition, investment, reorganization, or sale of assets, or in the unlikely event of bankruptcy or insolvency, your personal data may be transferred to or acquired by a third party as part of that transaction. If such a transfer happens, we will ensure that the new owner respects your personal data in accordance with this Privacy Policy, or we will provide notice and, where required, seek your consent.

Legal Compliance and Protection

We may disclose personal data to third parties (such as courts, law enforcement or government agencies, and our professional advisers) if we determine that such disclosure is:

Required by law or legal process; or
Necessary to enforce our Terms of Use or other policies, or to protect the rights, property, or safety of Snackbit, our users, or the public.

We will share only the minimum amount of information necessary for these purposes and, unless prohibited, we will attempt to notify you if we have to disclose your data as part of a legal process.

With Your Consent

In cases where we want to share your information in ways not covered by the above, we will ask for your explicit consent. For example, if we wanted to feature your success story or logo on our website, we would request your permission.

No Selling of Personal Data: Everfind does not sell your personal data, and we do not share it for third-party marketing or cross-context behavioral advertising.

7. International Data Transfers

Everfind is globally available, and while we primarily store data in Germany (within the European Union), some of the services we use may involve transferring your personal data across national borders.

Data Storage in the EU

If you are a user located outside of Europe, be aware that the personal data you provide will be stored on servers in Germany. This means your data is transferred from your country to the European Union. By using Everfind, you understand and consent to your data being stored in Germany, where it is protected by EU data protection standards.

Third-Party Processors Outside the EU/EEA

Many of our third-party service providers are located or have servers in countries outside the European Economic Area (EEA), such as the United States. This includes some of our AI providers, analytics tools, email tools, and other infrastructure providers.

Where personal data is transferred outside the EU/EEA (for example, to the US), we ensure appropriate safeguards are in place to protect your data, including:

Standard Contractual Clauses (SCCs): We sign contracts with recipients of the data that include the European Commission’s SCCs, which legally commit the recipients to protect your data to EU standards.
Data Processing Agreements: We maintain DPAs with our processors that impose clear obligations regarding security, confidentiality, and deletion of data.
Technical Measures: We use encryption in transit and at rest, and we carefully vet the security practices of our partners.

If you are an EU/EEA user and would like more information about these safeguards or to obtain a copy of the relevant contractual clauses, you can contact us at legal@everfind.ai.

8. Data Retention and Deletion

We retain your personal data only for as long as needed to fulfill the purposes for which it was collected, or as required by applicable law. How long we keep different types of data can vary:

Account Data: We keep your account information (like name, email, authentication tokens) as long as your account is active. If you close your account or request deletion, we will delete this information promptly from our active systems.
Uploaded Documents and Integration Data: We store the files you upload and data imported from your connected accounts for you to use the service. We retain this data until:
- You delete the file or item from Everfind;
- You disconnect the integration and request deletion of imported data; or
- You delete your account.
When you delete a document or item in Everfind, the content is removed from our active storage and from our indexes in a short time window.
Query History and Logs: We may keep records of your queries and resulting answers for a certain period to provide you with a history and to improve the service (e.g., troubleshoot issues, understand feature usage). If you delete your account, we delete or appropriately anonymize your associated query history and logs.
Analytics Data: Analytics tools may retain data as configured by us. We periodically review analytics retention and either delete or aggregate/anonymize data when it is no longer needed.
Communications: Support emails and other correspondence are typically retained for a reasonable period (e.g., up to a few years) to maintain a history of issues and for training/support improvement, unless we are required to keep them longer.
Backups: Our servers may maintain backup copies of data for disaster recovery. These backups are kept securely and are retained only for limited periods (for example, a rolling 30–60 days). If you delete data or request deletion, it will be removed from active systems promptly and will disappear from backups after the backup retention period.

Account Deletion / Your Right to Delete

You have the right to request deletion of your personal data:

If you delete your account (via a feature in the app, if available, or by contacting legal@everfind.ai), we will delete personal data associated with your account from our active systems in a short time frame.
Any tokens for third-party integrations will be revoked or deleted so that we no longer have access to those accounts.
We will also instruct our processors to delete your data in accordance with our contracts with them.
After deletion, we may retain minimal information necessary to document that deletion occurred (for example, an internal log entry mentioning that a particular account was deleted on a given date).

If you simply stop using Everfind without deleting your account, we may retain your data until you either return or we implement an automatic deletion of long-inactive accounts. If we introduce automatic deletion for inactive accounts, we will update this policy or provide prior notice.

9. Your Rights and Choices

You have various rights regarding your personal data. These rights may vary depending on your location and applicable privacy laws, but we aim to provide core privacy rights to all users.

9.1 Your Rights Under GDPR (EU/EEA, UK and Similar Jurisdictions)

If you are in the EU/EEA, UK, or a similar jurisdiction, you have the following rights:

Right of Access: You can request a copy of the personal data we hold about you and information about how we process it.
Right to Rectification: You can ask us to correct inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten): You can request deletion of your personal data, subject to legal obligations that may require retention of certain information.
Right to Restrict Processing: You can request restriction of processing under certain circumstances (for example, while we verify the accuracy of data).
Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, machine-readable format and ask us to transmit it to another controller where technically feasible.
Right to Object: You can object to processing based on our legitimate interests, and we will assess whether we have compelling legitimate grounds to continue processing. You can also object at any time to processing for direct marketing.
Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, contact us at legal@everfind.ai. We may ask you to verify your identity before fulfilling certain requests. We aim to respond within one month, with possible extensions for complex or numerous requests, as allowed by law.

If you believe we have infringed your data protection rights, you have the right to lodge a complaint with your local supervisory authority. Our primary authority is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Germany.

9.2 Your Rights Under CCPA/CPRA (California Residents)

If you are a resident of California, the California Consumer Privacy Act (as amended by the CPRA) provides specific rights, including:

Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, the purposes for which we collected it, and the categories of third parties with whom we share it.
Right to Delete: You can request deletion of personal information we collected from you, subject to certain exceptions (for example, if needed to complete a transaction or comply with law).
Right to Correct: You can request correction of inaccurate personal information that we maintain about you.
Right to Opt-Out of Sale or Sharing: You can direct us not to sell or share your personal information. Everfind does not sell personal information and does not share personal information for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, you or your authorized agent can contact us at legal@everfind.ai with the subject “CCPA Request”. We will verify your identity as required by CCPA and respond within the applicable legal deadline.

Even if CCPA does not formally apply to us (for example, because we are below certain thresholds), we aim to honor these rights for California residents as a matter of good practice where feasible.

9.3 Opt-Out of Cookies and Tracking

You can control cookies and similar technologies in several ways:

Use your browser settings to block or delete cookies.
Use our website’s cookie banner / preference center to accept or reject different categories of cookies (e.g., analytics or marketing cookies).
Use opt-out tools provided by analytics providers (for example, the Google Analytics Opt-out Browser Add-on for Google Analytics).

Please note that disabling certain cookies may affect the functionality of our website or app.

10. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, loss, alteration, or disclosure. These include, among others:

Encryption: All data transfers to and from Everfind are protected by encryption in transit (HTTPS with TLS). We also encrypt sensitive data at rest (for example, documents and access tokens).
Access Controls: Access to production systems and databases is restricted to authorized personnel who need it to operate and improve the service. We use authentication, access logging, and multi-factor authentication where possible.
Monitoring and Maintenance: We monitor our systems for vulnerabilities and attacks, keep our infrastructure patched and up to date, and periodically review our security posture.
Isolation: Our architecture is designed so that each user’s content is logically separated from other users’ content.
Policies and Training: We maintain internal policies on data handling and provide training to our team on privacy and security best practices. We also maintain an incident response plan.

No system can be completely secure. If you have reason to believe that your account or interaction with us is no longer secure (for example, you suspect someone has accessed your account), please contact us immediately at legal@everfind.ai.

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities in accordance with applicable laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other reasons. When we update the policy, we will revise the “Last updated” date at the top. If the changes are significant, we will provide a more prominent notice (such as an email notification or an in-app banner).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continued use of Everfind after any update to this Policy will be deemed acceptance of the changes, to the extent permitted by law. If you do not agree with any changes, you should stop using Everfind and may request deletion of your data.

Where required by law, we will seek your consent to material changes that affect how we process personal data already collected from you.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you can contact us at:

Snackbit UG (haftungsbeschränkt) (Everfind)
Attn: Data Privacy Officer / Legal – Julian Dik
Bahnweg 26, 51588 Nümbrecht, Germany
Email: legal@everfind.ai

We will do our best to address your inquiry promptly and comprehensively. Your privacy is important to us, and we welcome your feedback.

Thank you for trusting Everfind with your information. We are dedicated to maintaining that trust by safeguarding your data and being transparent about our practices.