everfind ist eine KI-gestützte Enterprise-Search-Plattform, die verstreute Informationen aus Google Drive, E-Mails, Chat-Nachrichten und weiteren Tools automatisch zusammenführt. Die Software hilft Unternehmen, relevante Informationen schnell zu finden und effektiv zu nutzen.

Wie funktioniert everfind?

everfind verbindet sich mit Tools wie Google Drive, E-Mail-Postfächern und Kollaborationsplattformen wie Slack oder Microsoft Teams. Die Software analysiert Inhalte, extrahiert Metadaten und erstellt eine intelligente Wissensdatenbank, die über natürliche Sprache durchsucht werden kann – ideal für produktives Arbeiten im digitalen Unternehmensalltag.

Für welche Unternehmen ist everfind geeignet?

everfind ist ideal für Unternehmen jeder Größe, die Informationen aus mehreren Quellen bündeln und effizient verwalten möchten. Besonders hilfreich ist die Lösung für Teams, die mit Tools wie Google Workspace, Outlook, Slack oder Microsoft Teams arbeiten.

Unterstützt everfind auch geteilte Laufwerke, E-Mail-Postfächer und Chat-Archive?

Ja, everfind unterstützt sowohl private als auch geteilte Laufwerke, vernetzt sich mit geschäftlichen E-Mail-Postfächern (z. B. Gmail, Outlook) und analysiert Chatverläufe in Slack oder Microsoft Teams. So entsteht ein zentraler Wissenshub für das gesamte Unternehmen.

Ist everfind DSGVO-konform?

Ja, everfind ist vollständig DSGVO-konform. Alle Daten werden verschlüsselt übertragen und ausschließlich auf europäischen Servern verarbeitet. Unternehmen behalten jederzeit die volle Kontrolle über ihre Daten und Zugriffsrechte.

everfind is an AI-powered enterprise search platform that connects information from Google Drive, emails, chat platforms, and other tools. It helps companies quickly access relevant knowledge and use it more effectively.

How does everfind work?

everfind integrates with tools like Google Drive, email inboxes, and communication platforms such as Slack or Microsoft Teams. It analyzes documents and messages, extracts metadata, and builds a smart knowledge base that can be searched using natural language – perfect for efficient work across teams.

everfind is designed for companies of all sizes that want to centralize and manage information from various sources. It's especially helpful for organizations using tools like Google Workspace, Outlook, Slack, or Microsoft Teams.

Does everfind support shared drives, email inboxes, and chat archives?

Yes, everfind supports both private and shared drives, connects with business email accounts (e.g., Gmail, Outlook), and indexes chat history from tools like Slack and Microsoft Teams – creating a unified knowledge hub across your organization.

Is everfind GDPR compliant?

Yes, everfind is fully GDPR compliant. All data is securely transmitted and processed exclusively on European servers. Companies maintain full control over their data access and permissions at all times.

Our Privacy Policy

Last updated: April 25, 2025

Snackbit UG (haftungsbeschränkt) (“Snackbit”, “we”, “us”, or “our”) is the company behind Everfind (the “Service”). Everfind comprises our website (everfind.ai) and our application that allows users to upload documents or connect third-party accounts to find information using AI. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the CPRA, and other applicable laws. This Privacy Policy explains what personal data we collect, how we use and share it, and your rights regarding that data.

By using the Everfind website or application, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use Everfind.

1. Who We Are and How to Contact Us

Everfind is a product of Snackbit UG (haftungsbeschränkt), a company incorporated in Germany. Our registered address is:

Snackbit UG (haftungsbeschränkt)

Bahnweg 26, 51588 Nümbrecht, Germany

If you have any questions or concerns about this Privacy Policy or your personal data, you can contact our team (Attn: Julian Dik) at legal@everfind.ai. We will be happy to assist you, and you can also use this contact to exercise any of your privacy rights described below.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data processed by Everfind in relation to:

• Visitors of our website everfind.ai (including any subdomains).

• Users of the Everfind application (web or any other platform) who register an account or use our services.

• Any other individuals who interact with us (for example, through customer support or email inquiries).

It covers what data we collect, why we collect it, how we use it, how it’s stored and protected, when it might be shared, and the rights you have regarding your data. This policy covers both the website and the application, including any integrations you choose to connect to Everfind. Please note that our website and app may contain links to third-party websites or services; if you navigate to those, their own privacy policies will apply.

3. Personal Data We Collect

We collect personal data that you provide to us directly, data that is collected automatically about your use of Everfind, and data from third-party services you connect. The types of personal data we process include:

• Account Information: When you register or use Everfind, we collect information to identify you, such as your first name, last name, and email address. If you sign up using third-party authentication (e.g., Google Sign-In or Microsoft Account), we receive basic profile information from those providers (like your name, email, and any profile ID or token needed for authentication). We do not receive or store your passwords for those services; authentication is handled via secure OAuth tokens.

• Uploaded Files and Documents: Everfind allows you to upload documents or files. When you upload files to the Service, we will store those files and the content within them in order to index and analyze them. This may include text, images, or other data contained in the documents. We treat all content you upload as confidential and use it only as described in this policy (for providing search results to you, and related features).

• Data from Connected Integrations: If you choose to connect third-party accounts or integrations to Everfind (for example, Jira, Gmail, or Google Drive), we will, with your permission, access certain data from those services:

• Jira: If you integrate Atlassian Jira, Everfind will use the OAuth scopes you grant (Jira-webhook, Jira-user, Jira-work). This allows us read access to your Jira data such as issues, project information, tickets (including titles, descriptions, comments, and attachments), and basic profile info necessary to connect. We use this data to index and search your Jira issues and related content to answer your queries. We do not write or make changes to your Jira data.

• Gmail: If you connect your Gmail account, we will request read-only access to your emails (through Google’s API). This would allow Everfind to read email subject lines and bodies, and possibly attachments, for the purpose of indexing them and enabling you to search or ask questions about your email content. We do not send emails on your behalf or delete any messages.

• Google Drive: If you connect Google Drive, we use the drive.readonly scope. This gives Everfind the ability to list and read files from your Google Drive (including file titles, text content, and metadata) so that we can index them and allow you to search them via Everfind. We do not alter or delete any files in your Drive.

• Other Integrations: If we introduce additional integrations (e.g., other email providers or project management tools), we will similarly request only the minimum necessary permissions and will explicitly inform you of what data will be accessed. We will handle any such data under this Privacy Policy.

You have control over connecting or disconnecting these integrations at any time. If you disconnect an integration, we will stop any ongoing data import from that source, and you can request us to delete any data imported from that source (see Data Deletion below).

• User Queries and Interaction Data: When you use Everfind’s core functionality – for example, asking a question or searching your documents – we process the query you enter and any relevant context from your data to generate a response. We may save your query and the AI-generated answer, along with references to which documents were used, to provide you with a history and to improve the service (such as refining search relevance or troubleshooting issues). Interaction data also includes your clicks, feature usage, and preferences within the app.

• Analytics and Usage Data: We automatically collect certain information about how you access and use our website and app:

• Device and Technical Information: such as your IP address, browser type, device type, operating system, and device identifiers.

• Usage Information: such as pages or screens you view, the features you use (e.g., performing a search, connecting an integration), the time and date of your visits, and the amount of time spent on our site or app.

• Interactions & Mouse Movements: We may use analytics tools that record how you interact with our site/app (including clicks, scrolling, mouse movements, and keystrokes entered in non-sensitive fields). Heatmaps and Session Recordings may be used to help us understand user behavior and improve the user experience. (These recordings typically do not include sensitive personal data like passwords or the content of your documents; for example, we configure these tools to avoid recording input in password fields or the content of your uploaded documents).

• Cookies and Similar Technologies: We and our third-party providers use cookies, web beacons, and similar tracking technologies to provide and optimize the Service. For instance, cookies help keep you logged in, remember preferences, and gather analytics data. You can control cookies through your browser settings and other tools; however, note that disabling certain cookies may affect functionality (such as staying logged in or loading preferences).

• Communication Data: If you join a waitlist, subscribe to a newsletter, or otherwise communicate with us (for example, emailing support or filling out a contact form), we will collect your name, email, and the content of your communication. If we send you emails (such as product updates or newsletters), we may track engagement (e.g., whether you opened the email or clicked a link) to help us understand interest and improve our communications.

Special Categories of Data: Everfind is not intended to collect or process any special categories of personal data (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification, health information, or information about sex life or sexual orientation). We do not ask for or intentionally collect this kind of information. We ask that you do not upload or share sensitive personal data through Everfind. If you do so inadvertently (for example, a document you upload contains health information), we will treat it with the same care as other data, but such data will not be specifically processed differently as special category data, and by providing it, you affirm that you have the right to do so.

Children’s Data: Everfind is a service intended for adults. We do not knowingly collect personal data from anyone under 18 years of age. If you are under 18, you are not permitted to use Everfind. If we learn that we have inadvertently collected personal information from a child under 18, we will delete that information without delay. Parents or guardians who believe we might have information about a minor can contact us at legal@everfind.ai to request deletion.

4. How We Use Personal Data

We use your personal data only for the following purposes, in accordance with applicable laws:

• Providing and Improving the Service: We process your account information, uploaded documents, and integration data to deliver Everfind’s core functionality. For example, we use your data to:

• Index and categorize your uploaded files and connected account data using artificial intelligence, making it searchable and organized for you.

• Allow you to query your data and retrieve relevant answers. This includes processing your queries and employing AI models (like ChatGPT or Gemini) to generate answers based on your data.

• Maintain your account and preferences (such as language, settings, connected integrations).

• Provide customer support and respond to your inquiries or requests.

• Understand how users interact with our Service (through analytics) so we can improve features, user experience, and performance. For instance, analyzing which features are most used or where users encounter issues helps us refine Everfind.

• AI Processing of Your Data (How Queries Are Answered): When you ask Everfind a question, our system may use large language models to formulate an answer:

• Document Analysis: Everfind will search your indexed data (uploaded files, emails, Jira tickets, etc.) for information relevant to your question.

• Query to AI Models: We may send parts of your query and relevant excerpts of your data to third-party AI services such as OpenAI’s ChatGPT and Google’s Gemini to help generate a natural language answer. For example, if you ask “What did my team discuss about Project X last week?”, Everfind might extract key points from your Jira and emails about Project X and send those snippets, along with your question, to ChatGPT or Gemini to compose a summary answer.

• The AI’s response is then returned to you through our app, often with references or links to the source documents in your data.

• Important Privacy Note: Data shared with these AI services is only used to produce the requested answer. We do not allow our AI providers to use your content for training their general models. OpenAI’s API processing, for instance, does not use submitted data to improve or train models (per OpenAI’s policies as of 2025, API data is not used for training unless you opt in). We will only use AI providers under terms that commit to not using your data for their own purposes beyond providing the service to us. We also try to choose geographically appropriate processing (we utilize OpenAI servers in the EU when available). However, with Gemini or other models where the processing location is unclear, your data might be processed outside of the country you reside in solely for answering your query (see Data Sharing & International Transfers below for more on safeguards).

• Communications: We use your contact information to communicate with you about the Service:

• Account and Service Communications: We may send you administrative emails (for example, to verify your account, notify you of important changes or security issues, confirm when you connect a new integration, or provide customer support responses).

• Product Updates and Marketing: If you joined our waitlist or subscribed to updates, we may send newsletters or product announcements about Everfind. We will only send you marketing emails with your consent (e.g., you explicitly signed up to receive updates or it’s within the scope of what you would expect when joining a waitlist). You can opt out of marketing emails at any time by clicking the unsubscribe link in those emails or contacting us. Transactional or necessary service emails (like password resets or critical notices) will continue even if you opt out of marketing.

• Feedback and Surveys: We might invite you to provide feedback or participate in surveys to improve Everfind. Responding is optional.

• Analytics and Improvement: We use analytics data (including cookies and similar technologies) to:

• Measure and understand the usage of our website and app (e.g., how many users we have, which pages are visited, how long is spent on each feature).

• Test and improve user interface and fix technical issues (e.g., tracking errors or debugging information when something goes wrong for a user).

• Evaluate the success of our marketing or informational campaigns (e.g., whether a blog post or a referral led you to sign up).

• Security and Abuse Prevention: To maintain the security of Everfind and protect your data, we may process certain data to detect and prevent fraud, abuse, or other harmful activities:

• For example, we might log and analyze IP addresses or attempts to log in, in order to detect suspicious activity.

• We might use automated systems to flag accounts or activities that appear to violate our Terms of Use (e.g., bots scraping data or someone uploading malware).

• We also use your data to enforce our Terms of Use and other policies.

• Legal Compliance: Where necessary, we will use your data to comply with applicable laws or regulations, or to respond to valid legal requests from authorities. For instance, we may retain some data or share information if we are legally compelled by a court order, or use data to fulfill obligations under consumer protection laws. We will strive to notify you if we are required to provide your data to third parties as part of a legal process, unless we are legally prohibited from doing so.

We will not use your personal data for purposes that are not compatible with the above, unless we obtain your consent or as required or permitted by law. In particular, we do not sell your personal data or use it for advertising targeting (see Section 7 for more on sharing). We also do not use your personal data to train our own machine learning models beyond the direct, on-the-fly analysis required to provide the Everfind service to you. Any machine learning or AI model training that Everfind performs on data will either use non-personal data, aggregated/anonymized data, or test data; your individual personal documents and queries are not used to improve our algorithms without your permission.

5. Legal Bases for Processing (GDPR Compliance)

If you are in the European Economic Area (EEA) or United Kingdom, we must have a valid legal basis to process your personal data under the GDPR/UK GDPR. We rely on the following legal bases:

• Performance of a Contract: When you register for and use Everfind, you enter into an agreement (Terms of Use) with us, and much of our data processing is to fulfill our obligations under that contract. This includes:

• Providing the service’s core functions (indexing your data, enabling searches, generating answers).

• Maintaining your account and profile.

• Handling customer support and inquiries.

• Processing data from integrations you connect at your request.

In other words, we process your personal data to provide the services you explicitly sign up for. Without this data, we cannot perform the contract with you.

• Consent: In certain cases, we rely on your consent:

• If you subscribe to marketing communications (e.g., newsletters, waitlist updates), we send those emails based on your consent. You can withdraw consent at any time (by unsubscribing or contacting us).

• For certain cookies or analytics tools on our website, we may ask for consent via a cookie banner, as required by law (particularly for non-essential cookies in jurisdictions that require consent). For example, using Google Analytics or Contentsquare might require consent for processing cookies in the EU.

• If we ever want to process your data for a new purpose not covered by this Privacy Policy, we would seek your consent.

Note: If we rely on consent and you decline or withdraw it, we will not process your data for that purpose. Withdrawing consent does not affect the lawfulness of processing already carried out.

• Legitimate Interests: We process certain data as necessary for our legitimate interests, and only after assessing that these interests do not override your data protection rights. These legitimate interests include:

• Improving and developing Everfind: understanding how users use our service (through analytics, feedback, etc.) so we can make it better, troubleshoot, and innovate.

• Security and fraud prevention: keeping our service safe, preventing misuse, and protecting our rights, property, and users.

• Personalizing user experience: for example, using cookies to remember preferences or using past queries to suggest relevant results, as long as this is done in a privacy-friendly way.

• Business operations: such as analyzing our user base and financial performance, or engaging in a corporate transaction (e.g., if we were to merge or be acquired, though in such case we’d provide notice as described below).

When relying on legitimate interests, we ensure to implement appropriate safeguards to protect your privacy. You have the right to object to processing based on our legitimate interests in certain circumstances (see Your Rights section below).

• Legal Obligation: In some cases, we may need to process data to comply with a legal obligation:

• For example, maintaining records for tax purposes, or responding to lawful requests by public authorities.

• If under law we are required to retain certain data (such as payment records if any financial transactions occur in the future) or to report certain information, we will do so as required.

• Vital Interests/Public Interest: These bases are unlikely to apply to Everfind’s typical operations. We do not process personal data for public interest tasks, and we would only process personal data to protect someone’s vital interests (life or safety) in extreme situations (which we do not anticipate).

We will clarify the legal basis whenever required. If you have questions about the specific basis for a particular processing activity, please contact us at legal@everfind.ai.

6. How We Share Personal Data

We understand that your data is important, and we only share personal data with third parties in a few specific situations. We do not sell your personal information to third parties. We also do not share it for cross-context behavioral advertising. When we do need to share data, we ensure it’s protected through contracts and only as needed to provide our services or comply with the law. The key instances in which we share your data are:

• Service Providers (Processors): We use trusted third-party companies to operate or enhance Everfind. These providers process data on our behalf and are bound by contracts to only use your data under our instructions and to protect it. Our main service providers include:

• Hosting and Infrastructure: We host Everfind on Hetzner servers in Germany. All your data (account info, uploaded documents, databases) is stored on servers located in Germany. Hetzner acts as a data processor providing secure Infrastructure-as-a-Service. Data stored on our servers is subject to German/EU data protection standards.

• Artificial Intelligence Providers:

• OpenAI (ChatGPT): We send portions of your data (queries and relevant document snippets) to OpenAI’s ChatGPT model to generate answers. We use OpenAI’s European servers when available to process this data within the EU. OpenAI is contractually bound to not use our provided data for any purpose other than generating the answer (they do not use it to train their general models or for any advertising).

• Google Cloud / Google AI (Gemini): We also use Google’s AI services, including the Gemini language model, to assist in answer generation. The exact processing location for Gemini is currently unclear (it may be in the United States or other regions where Google operates). We only send data to Google that is necessary for the query. Google, as a service provider, is expected to handle that data under the terms of Google Cloud’s data processing addendum. We have agreements in place with Google to protect any personal data processed by their services, and if data is transferred outside of the EU (e.g., to a U.S. datacenter), we rely on legal mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs) to safeguard the data (see International Data Transfers below).

• Both OpenAI and Google are under strict instructions not to store or use the content of your documents for anything other than answering your query.

• Analytics and Usage Tracking: We use third-party analytics tools to understand how our site and app are used. These third parties may set cookies or use similar tracking tech on our site/app:

• Mixpanel: Mixpanel is a product analytics service that tracks user interactions within the Everfind app (e.g., which buttons are clicked, frequency of feature use). This helps us analyze user engagement and improve the product. Mixpanel will receive user identifiers (which may include things like an internal user ID, and possibly your email as an identifier if we configure it so for internal analysis), and usage events. Mixpanel’s servers may be located in the US or EU; we have configured data residency options to best protect user privacy when available. Mixpanel acts as our processor under a Data Processing Agreement (DPA).

• Google Analytics: On our marketing website, we use Google Analytics to collect web visitor statistics. Google Analytics uses cookies and similar identifiers to record information like your IP address (with IP anonymization enabled where possible), browser, and on-site behavior. This information helps us understand website traffic and improve site content. Google Analytics data is generally processed by Google in various countries (including the U.S.). We treat Google as a service provider, and we’ve accepted the relevant DPA with standard contractual clauses for EU data export (if you are an EU user, your data may be transferred to the U.S., see International Data Transfers). You can opt out of Google Analytics by using a browser plugin or through our cookie consent tools (if applicable).

• Contentsquare: Contentsquare is a user experience analytics platform that provides heatmaps and session recordings. It tracks how users navigate our site/app (clicks, scrolls, mouse movements, and UI interactions) to help us identify UI/UX issues. Contentsquare may collect data like page content (with sensitive details masked), usage patterns, device information, etc. This data is stored on Contentsquare servers (the company is headquartered in France, with global infrastructure). We ensure that no personally identifying text (like your name, or document content you view) is directly exposed in these recordings by enabling privacy masking for sensitive fields. Contentsquare is under a DPA with us and is used only to improve the user experience.

• We ensure that these analytics providers cannot use the data for their own purposes. Where required, we will obtain your consent before these analytics run.

• Communication and Marketing Tools: We rely on a few specialized services to communicate with users and manage user relationships:

• Framer: Our website may be built or hosted using Framer (a web design/hosting platform). If so, Framer as a host will process the content of our site and may incidentally log visitor data (like IP addresses or requests) for hosting and delivery purposes. Framer may also use content delivery networks (CDNs) which carry data globally. We ensure Framer handles any data in compliance with privacy standards.

• Loops (Loops.so): We use Loops.so for email marketing and automated messaging to our users. Loops helps us design and send emails such as onboarding sequences or product announcements. If you are on our email list, your name and email address, and possibly tags or metadata (like whether you are a beta user, or which features you’ve used), are stored in Loops. Loops will track email delivery and engagement (opens/clicks) to provide us metrics. Loops acts as a processor, only using your data to send emails on our behalf.

• ConvertKit: We also use ConvertKit as an email newsletter and mailing list service (for example, if you subscribed to our newsletter or signed up through a waitlist form powered by ConvertKit). Similar to Loops, your contact info and email preferences are stored in ConvertKit, and it sends emails (like updates or newsletters) that you signed up for. ConvertKit is a U.S.-based service; we have a DPA with them to protect EU user data (including SCCs for any international transfer).

• Attio CRM: Attio is a customer relationship management tool. We may store your contact information, communication history, company/organization (if you provided that), and notes about our interactions in Attio to help us manage user relationships and provide support. This helps ensure we remember context like prior support requests or onboarding status. Attio will host this data on their servers (Attio is based in the UK, with cloud infrastructure). They process data under our instructions via a DPA.

• Utilities and Others:

• Google Fonts: Our website uses Google Fonts for consistent and attractive typography. When you visit our site, your browser may download fonts from Google’s servers. This means Google receives your IP address and browser info in the process of serving the font. We include Google Fonts as a service provider here to disclose this. We do not send any personal info to Google in this process beyond what your browser automatically transmits. If you prefer not to use Google Fonts, you can set your browser to block them (though the site’s appearance may differ).

• Other Service Providers: We may use additional third parties for things like error tracking (e.g., Sentry), scheduling meetings (e.g., Calendly), or other support tools. If any of those services process your personal data, we will update our Privacy Policy to include them or otherwise inform you and ensure they are bound by privacy obligations.

• Integration Partners (Third-Party APIs): If you connect a third-party account (like Google or Atlassian) to Everfind, some data flows between Everfind and that third party:

• For authentication: we redirect you to the third party (e.g., Google OAuth or Atlassian’s OAuth) to log in, and they send us an access token. We may share basic info like our app ID with them to facilitate this.

• For data retrieval: using the granted access token, our servers will pull data from the third party (as described in Section 3) for your use. We do not send your personal data to those services beyond what is necessary for requests (for example, a query to Google Drive’s API includes the file ID we want to fetch, or a request to Jira’s API includes your Jira project ID to get issues). These requests are secure and authorized by you. The third-party services are themselves data controllers of their own services, but when they provide data to us, we handle it as described in this policy. If you have concerns about how those third parties handle your data (like how Google handles data in your Gmail), please review their privacy policies as well.

• Important: We do not share your Everfind data with these integration partners beyond what is needed. For example, we don’t send your Everfind search history to Google or Atlassian. The data flow is mainly one-way (from the integration to Everfind), under your control.

• Business Transfers: If Snackbit UG is involved in a merger, acquisition, investment, reorganization, or sale of assets, or in the unlikely event of bankruptcy or insolvency, your personal data may be transferred to or acquired by a third party as part of that transaction. If such a transfer happens, we will ensure that the new owner respects your personal data in accordance with this Privacy Policy, or we will provide notice and possibly request your consent where required by law. We will notify you (for example, via email or a prominent notice on our site) of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data as a result of the transfer.

• Legal Compliance and Protection: We may disclose personal data to third parties (such as courts, law enforcement or government agencies, and our advisors like lawyers) if we determine that such disclosure is:

• Required by law or legal process: to comply with any applicable law, regulation, governmental request, or legal process (such as a court order or subpoena).

• To protect rights and safety: to enforce our Terms of Use or other agreements or policies, and to investigate or protect against harm to the rights, property, safety of Snackbit (Everfind), our users, or the public as required or permitted by law. For example, we might share information with law enforcement if we believe someone is misusing Everfind for illegal activities or to commit cyber attacks.

We will only share the minimum amount of information necessary for the purpose (for instance, if responding to a specific request, we will provide only the data relevant to that request). Unless prohibited, we will attempt to notify you if we have to disclose your data as part of legal process.

• With Your Consent: In cases where we want to share your information in ways not covered by the above, we will ask for your explicit consent. For example, if we ever wanted to feature your success story or logo on our website, we would only do so with permission.

No Selling of Personal Data: We want to reiterate that Everfind does not sell your personal data. We also do not share your personal data for third-party marketing or advertising purposes. All third parties who receive data (as listed above) are service providers or processors working on our behalf, or other entities involved only in the context of providing the service to you or fulfilling legal obligations.

7. International Data Transfers

Everfind is globally available, and while we primarily store data in Germany (within the European Union), some of the services we use may involve transferring your personal data across national borders:

• Data Storage in the EU: If you are a user located outside of Europe, be aware that the personal data you provide will be stored on servers in Germany. This means your data is transferred from your country to the European Union. We consider this a safe location given the strong data protection laws in the EU, but it is a cross-border transfer from the perspective of your local law. By using Everfind, you understand and consent to your data being stored in Germany.

• Third-Party Processors Outside the EU: Many of our third-party service providers are located or have servers in countries outside the European Economic Area (EEA). Specifically:

• OpenAI and some Google services might process data in the United States (though OpenAI has EU options and Google has global data centers, including in the US).

• Mixpanel and ConvertKit are U.S.-based companies (though they may offer EU data hosting – we use EU data residency options where available, but some data might still flow to the U.S.).

• Contentsquare is EU-based (France) but might have infrastructure in other regions depending on their setup.

• Loops.so and Attio may process data in the US or UK respectively.

• In any case where your data is transferred out of the EU/EEA (for example, to the U.S.), we will ensure appropriate safeguards are in place to protect your data:

• We sign contracts with recipients of the data that include the European Commission’s Standard Contractual Clauses (SCCs), which legally commit the recipients to protect your data to EU standards.

• Where possible, we also rely on additional measures like encryption in transit and at rest, and carefully vetting the security practices of our partners.

• Some providers might also be certified under programs like the EU-U.S. Data Privacy Framework (if applicable and up-to-date), but our primary safeguard remains the SCCs and DPAs in place.

• Your Rights with International Transfers: If you are an EU user and would like more information about these safeguards or to obtain a copy of the contractual agreements, you can contact us at legal@everfind.ai. We understand the importance of your data’s security when it travels abroad, and we are committed to ensuring it remains protected to the standards required by GDPR, regardless of where it is processed.

Please note that non-EU countries may have different data protection laws that are not as stringent as those in your home jurisdiction. However, our handling of your personal data will always be governed by this Privacy Policy and by applicable data protection laws as described, not by the laws of the third-party providers’ jurisdictions (we impose contractual obligations on them to comply with key privacy standards).

8. Data Retention and Deletion

We will retain your personal data only for as long as it is needed to fulfill the purposes for which it was collected, or as required by applicable law. How long we keep different types of data can vary:

• Account Data: We keep your account information (like name, email, authentication tokens) as long as your account is active. If you decide to close your account or request deletion, we will delete this information promptly (see below on deletion requests).

• Uploaded Documents and Integration Data: We store the files you upload and data imported from your connected accounts for you to use the service. We retain this data until you delete the file/data from Everfind or disconnect the integration, or until you delete your account. You are in control of your content:

• You can delete individual documents or items from Everfind at any time through the interface. This will remove the content from our systems (active databases and storage) shortly after.

Please note: Cached results or index entries derived from that document will also be purged.

• If you disconnect an integration (like Google Drive or Jira), we will stop collecting new data from that source. You may also request us to delete data previously fetched from that source, and we will comply.

• Query History and Logs: We may keep records of your queries and the resulting answers for a certain period to provide you with a history and to improve our algorithms. If you delete your account, these will be deleted as well. If you want a specific query removed, you can contact support. Typically, usage logs (like sign-in history, error logs) are kept for a shorter period (e.g., a few months) for security and debugging, and then either deleted or anonymized.

• Analytics Data: Data collected via analytics tools (Mixpanel, Google Analytics, etc.) may be retained by those providers in aggregated form. We generally have access to analytics data in identifiable form for the life of your account or until it’s no longer needed. For example, Mixpanel events tied to a user may be retained while the user account exists unless we purge it. We periodically review our retention of analytics and will anonymize or delete data that we no longer need.

• Communications: If you contact us or we have correspondence (e.g., support emails), we may retain those communications for a period of time to ensure we have a history of your issue (so we can assist you better in the future) and for training/support improvement. We will not keep support emails longer than necessary, generally not more than a couple of years, unless required for legal reasons.

• Backups: Our servers may maintain backup copies of data for disaster recovery. These backups are kept securely and are typically retained for a limited time (often a rolling period like 30-60 days). If you delete data or request deletion, we will remove it from active systems immediately (within a very short time frame) and from backups as soon as those backups cycle out. During that interim, your data would exist only in encrypted backup storage with no active use, and if we needed to restore from backup for any reason, we would re-delete that data as part of the restoration process.

• Legal Requirements: In certain cases, we might need to retain some data to comply with legal obligations or to resolve disputes. For example, if you made a purchase (in the future, if Everfind offers paid plans), we might retain transaction records as required by financial regulations or tax laws (often 7-10 years in some jurisdictions). Or if we are handling a legal dispute or receive a legal hold, we would retain relevant data until it is resolved. We always minimize the data retained for these purposes and keep it only as long as necessary.

Account Deletion / Your Right to Delete: You have the right to request deletion of your personal data. Everfind respects this right fully:

• If you choose to delete your account (via a provided feature in the app or by contacting us at legal@everfind.ai), we will promptly delete all personal data associated with your account. “Immediately” means as soon as feasibly possible, using our automated processes and administrative measures. In practice, upon confirming your deletion request, your data will be expunged from our live databases and storage typically within a few minutes to a few hours. As noted, residual data may remain in encrypted backups for a short period, but this is securely held and eventually deleted automatically. We do not delay deletion for convenience – once you request it, your data will no longer be accessible in the app and will be cleaned from our systems.

• If you had any third-party integrations connected, those tokens will be revoked/deleted so we no longer have access to your third-party data.

• We will also ensure data held by our processors is deleted – our contracts require them to delete data upon our instruction when no longer needed. For instance, we will remove your info from Mixpanel, not send you more emails via Loops/ConvertKit, etc.

• After deletion, we retain only minimal information necessary to document that a deletion occurred (for example, we might keep a record that “User X’s account was deleted on Y date” to maintain an audit trail, or to remember not to contact you, etc.). But that record would not contain anything beyond perhaps your email or an identifier and the fact it was deleted.

• If you simply uninstall our app or stop using the service, we will retain your data as described above until you actively delete or we decide to purge inactive accounts. We may in the future implement an automatic deletion for long-inactive accounts, and if we do, we will update this policy or notify affected users in advance.

9. Your Rights and Choices

You have various rights regarding your personal data. These rights may vary depending on your location and applicable privacy laws, but we strive to extend most core rights globally. Below we outline rights under GDPR (for EU/EEA/UK users) and CCPA (for California users), and generally how you can exercise them:

9.1 Your Rights Under GDPR (for Users in the EU/EEA, UK, and similar jurisdictions)

If you are in the European Union, EEA, UK, or a jurisdiction with similar data protection laws, you have the following rights regarding your personal data:

• Right to Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it. This includes the categories of data, the purposes of processing, the recipients (or categories of recipients) with whom we share data, and, where possible, the envisaged retention period.

• Right to Rectification: If any of your personal data that we have is incorrect or incomplete, you have the right to request that we correct or update it. For example, if you change your name or email, we’ll update our records; many basic profile fields you can also edit directly in your account settings.

• Right to Erasure (Right to be Forgotten): You can ask us to delete your personal data. As described in the Data Retention and Deletion section, we will honor such requests, subject to any legal obligations to retain data. Once deleted, your data (aside from minimal record-keeping as noted) will be removed from our systems and cannot be recovered.

• Right to Restrict Processing: You can request that we limit processing of your data in certain circumstances. For example, if you contest the accuracy of data, you can ask us to restrict processing while we verify; or if you object to our legitimate interest processing, we may pause processing until we consider if our interests override yours.

• Right to Data Portability: You have the right to receive your personal data that you provided to us in a structured, commonly used, machine-readable format, and to request that we transmit it directly to another data controller where technically feasible. In practice, this would cover data like documents you uploaded or content you provided. We can, for instance, export your stored documents or your query history in a standard format upon request.

• Right to Object: You have the right to object to our processing of your personal data when that processing is based on legitimate interests. If you lodge an objection, we will evaluate whether we have compelling legitimate grounds to continue processing; otherwise, we will cease the processing in question. You also have an unconditional right to object to processing for direct marketing purposes. For example, if you receive a newsletter from us and object, we will stop sending you marketing emails (and you can always use the unsubscribe links to achieve the same).

• Right to Withdraw Consent: If we rely on your consent for any processing, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. For example, you can withdraw consent for marketing emails by unsubscribing, or withdraw consent for optional analytics by adjusting your cookie preferences.

• Right not to be subject to Automated Decision-Making: You have rights related to automated decision-making and profiling. Everfind’s processing of your data involves automated analysis (especially by AI), but no decisions with legal or similarly significant effects on you are made purely by automated means in our processes. We do not profile you in a way that would result in significant actions (like credit decisions or hiring decisions) without human involvement. Our AI simply retrieves information from your data to answer your questions as a tool for you. Therefore, this right may not be directly applicable, but we mention it for completeness.

To exercise any of these rights, you can contact us at legal@everfind.ai with your request. We may need to verify your identity before fulfilling certain requests (to ensure that we do not disclose data to the wrong person or delete the wrong account). We will respond to your request within one month, as required by GDPR, unless the request is complex or numerous, in which case we may extend the period by an additional two months (but we will inform you of this extension within the first month). There is generally no fee for exercising your rights, but if a request is manifestly unfounded or excessive (for example, repetitive), we may charge a reasonable fee or refuse the request (we would provide an explanation in such case).

Additionally, if you believe we have infringed your data protection rights, you have the right to lodge a complaint with a supervisory authority in the EU. Our lead supervisory authority is likely in Germany (since we are based in Germany). You may contact the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW) or your local EU data protection authority.

9.2 Your Rights Under CCPA (for California Residents)

If you are a resident of California, the California Consumer Privacy Act (as amended by the California Privacy Rights Act, collectively referred here as CCPA) provides you specific rights regarding your personal information. These include:

• Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell or share (Everfind does not sell or share data for advertising, but we will explain the categories we handle). You can request:

• The categories of personal information we have collected about you.

• The categories of sources from which the personal information was collected.

• The business or commercial purpose for collecting (or, if ever applicable, selling/sharing) personal information.

• The categories of third parties with whom we disclose personal information.

• The specific pieces of personal information we have collected about you (a data portability request).

• Right to Delete: You have the right to request deletion of personal information that we have collected from you and retained, subject to certain exceptions (CCPA allows exceptions, e.g., if the data is needed to complete a transaction, for security, legal compliance, etc.). As described earlier, we will delete upon request and there are only minimal exceptions (like if required to keep something for legal reasons).

• Right to Correct: You have the right to request that we correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of processing. We honor correction requests, as noted in the GDPR section as well.

• Right to Opt-Out of Sale or Sharing: CCPA gives consumers the right to opt-out of the sale of personal information or the sharing of personal information for cross-context behavioral advertising. However, Everfind does not sell personal information for monetary value or otherwise, and we do not share personal information for targeted advertising purposes. In the last 12 months, we have not sold any personal information, and we have not shared personal information for behavioral advertising. Because we do not engage in these practices, we do not present a “Do Not Sell or Share My Personal Information” link by default. If our practices change, we will update this policy and provide a mechanism for opt-out. Nonetheless, if you still send us an opt-out request, we will record it and ensure that in case of any future consideration of data sale/sharing, your data would be excluded.

• Right to Limit Use of Sensitive Personal Information: Under CPRA, California residents can request businesses to limit the use of “sensitive personal information” if it’s used for certain secondary purposes. Everfind does not use sensitive personal information for purposes outside of providing the service. We actually avoid collecting sensitive information as noted (unless you input it into documents). We do not use any sensitive data we might have (e.g., contents of communications) for inferring characteristics about you or for any purpose other than serving you. Therefore, we do not currently require a “Limit Use of Sensitive Info” link. If you have concerns or special requests regarding any potentially sensitive data, you can contact us.

• Right of No Retaliation/Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means if you exercise your rights to know, delete, or opt-out, we will not deny you our service, charge you different prices, or provide a different level or quality of service just because you exercised your rights. (Do note that deleting data necessary for the service will naturally mean we can’t provide the service, but that’s a consequence of your request, not a retaliatory action. We will inform you if any requested deletion might impede your ability to continue using Everfind).

Submitting CCPA Requests: To exercise your California privacy rights, you or your authorized agent can contact us in the following ways:

• Email: Send an email to legal@everfind.ai with the subject line “CCPA Request” and let us know what you would like to do (e.g., know, delete, correct). Please include sufficient information for us to verify you (at minimum, name and the email associated with your Everfind account, plus maybe a recent interaction or piece of data so we can be sure it’s you).

• Postal Mail: You may mail us at the address provided above (Attn: Privacy) with your request. Since postal requests are slower, please include contact information so we can reach back out to verify identity.

For authorized agents making requests on behalf of someone else, we may require proof of the agent’s registration with the California Secretary of State (if applicable) or a valid power of attorney, plus we will ask the consumer to verify their identity directly with us (or verify directly with the agent in some cases).

Response Time: We aim to respond to verifiable consumer requests under CCPA within 45 days. If needed, we can extend an additional 45 days (total 90 days), but if so, we will let you know the reason for delay.

Categories of Personal Information Collected (CPRA Notice at Collection): For transparency, here are the categories of personal information as defined by CCPA that Everfind has collected in the past 12 months, the sources, purposes, and disclosures:

• Identifiers (e.g., real name, email address, online identifier) – Source: provided by you (account signup, communications), and generated by your use (user ID, etc.). Purpose: to create and manage your account, communicate with you, provide the service. Disclosed to: service providers like hosting, email services. Not sold or shared.

• Personal information categories listed in Cal. Civ. Code §1798.80(e) (e.g., contact information) – This category overlaps with Identifiers (name, email). We do not collect much more from that list (we do not collect Social Security number, driver’s license, financial info, etc. unless maybe you later provide billing info for paid plans, in which case that would be processed by a payment processor, not by us directly). Source & Purpose: same as Identifiers. Disclosed to: service providers as needed (e.g., if we had billing, to a payment processor). Not sold or shared.

• Characteristics of protected classifications (like race, gender, etc.) – Source: Not collected by us. We do not ask for this, and our service is not intended to collect it. If it appears in content you upload, it’s incidental and not something we separately process or use. Not applicable by intent.

• Commercial information (like transaction records, products or services purchased) – At this time, Everfind is a free or trial service (assuming as of this date). We have no payment or purchase records yet. If you signed up for a paid subscription in the future, we’d collect subscription level and transaction dates. Source: you (when subscribing). Purpose: to fulfill the transaction and provide service. Disclosed to: payment processors, and possibly accounting systems. Not sold or shared.

• Internet or other electronic network activity information (browsing history, usage data, interactions) – Source: collected automatically through your interactions (website analytics, app usage logs). Purpose: analytics, improving service, security. Disclosed to: analytics service providers (as detailed above), infrastructure providers. Not sold; not shared for behavioral ads.

• Geolocation data – We do not actively collect precise GPS location. We may infer general location (city/region, country) from your IP address for security and analytics (e.g., to see where our users are generally located or ensure account security). Source: automatic via IP lookup. Purpose: security (e.g., alert you or block if an IP from a far-away location tries to access your account unexpectedly), analytics (user distribution). Disclosed to: analytics/security providers. Not sold or shared.

• Sensory data – Not applicable (we don’t collect voice recordings, etc., aside from textual data you provide).

• Professional or employment-related information – We do not ask for your employer or professional background. If you use Everfind with work accounts like Jira, some work-related info may be processed (like the content of a work ticket or emails). That is not used outside providing the service to you. We don’t profile your professional info. Not sold/shared.

• Education information (per the federal student records definition) – Not collected by us.

• Inferences drawn from other personal information – We do not profile you to derive characteristics like preferences or behavior for marketing. We might automatically categorize documents by topic as part of service functionality, but that’s acting on your content for your benefit, not creating a user profile of you. No inferences for marketing or unrelated purposes.

If anything in the above changes, we will update the categories and inform you as needed. For now, this covers what we collect and how it falls into CCPA categories.

9.3 Opt-Out of Cookies and Tracking

As mentioned, you can control cookies through your browser. Many browsers allow you to refuse new cookies, delete existing cookies, or notify you when new cookies are set. You can also often disable or delete similar data used by browser add-ons, like Flash cookies, by changing the add-on’s settings or visiting the website of its manufacturer.

If you want to opt out of Google Analytics specifically, Google provides an opt-out mechanism: the Google Analytics Opt-out Browser Add-on. For other analytics like Mixpanel, you can use their opt-out if available (Mixpanel offers an opt-out cookie via their site).

For interest-based advertising (which we currently do not implement on Everfind), you could use industry opt-out sites like the DAA’s YourAdChoices or the NAI’s opt-out page to opt out of many ad networks. However, as noted, Everfind does not serve third-party ads or engage in cross-site tracking for ads.

10. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, or disclosure. These include, for example:

• Encryption: All data transfers to and from Everfind are protected by encryption in transit (HTTPS with TLS). We also encrypt sensitive data at rest. Documents you upload, for instance, are stored encrypted on our servers. Access tokens for integrations are encrypted and/or stored in secure vaults.

• Access Controls: Internally, access to production databases and systems is limited to authorized personnel who need it to operate and develop the service. We employ authentication, access logging, and, where possible, multi-factor authentication for our internal administrative access.

• Monitoring: We monitor for potential vulnerabilities and attacks. Our infrastructure is kept up-to-date with security patches, and we periodically review our code and systems for security improvements. We may also run third-party security audits or penetration tests.

• Isolation: Your content data is logically separated from other users’ data. Appropriate isolation in our multi-tenant architecture ensures one user cannot access another’s data without authorization.

• Training and Policies: Our team is trained on data protection best practices. We have internal policies in place to handle data securely and to respond quickly in the event of any security issue.

Despite all these efforts, no system can be 100% secure. The internet itself is not entirely secure, and we cannot guarantee absolute security of data transmitted to our site; any transmission is at your own risk. However, once we receive your data, we will use strict procedures and security features to try to prevent unauthorized access. If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect your account has been compromised), please contact us immediately.

In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by law. We have a breach response plan to handle such situations promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we update the policy, we will revise the “Last updated” date at the top. If the changes are significant, we will provide a more prominent notice (such as an email notification of Privacy Policy changes or a notice on our website/app).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continued use of Everfind after any update to this Policy will be deemed acceptance of the changes, to the extent permitted by law. If you do not agree with any changes, you should stop using Everfind and may request deletion of your data.

For any material changes that retroactively affect personal data we collected from you under a previous version of the policy, we will seek your consent if required by law.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you can contact us at:

Snackbit UG (haftungsbeschränkt) (Everfind)

Attn: Data Privacy Officer/Legal - Julian Dik

Bahnweg 26, 51588 Nümbrecht, Germany

Email: legal@everfind.ai

We will do our best to address your inquiry promptly and comprehensively. Your privacy is important to us, and we welcome your feedback.

Thank you for trusting Everfind with your information. We are dedicated to maintaining that trust by safeguarding your data and being transparent about our practices.

Be the first to test everfind.

Don’t miss out and get notified as soon as we launch everfind.

Join our beta

Need to contact us for anything else? Send inquiry

Be the first to test everfind.

Don’t miss out and get notified as soon as we launch everfind.

Join our beta

Need to contact us for anything else? Send inquiry

Be the first to test everfind.

Don’t miss out and get notified as soon as we launch everfind.

Join our beta

Need to contact us for anything else? Send inquiry