Built with security in mind from day one.
EVE handles CRM data — contact information, behavioral signals, and communication history. We take that responsibility seriously and have designed our infrastructure accordingly.
Data Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. CRM credentials are stored using industry-standard secret management and are never in plaintext at any layer.
Access Controls
Role-based access control (RBAC) is built into the platform. Enterprise customers get SSO (SAML 2.0) and SCIM provisioning. Every access event is logged with a full audit trail.
SOC 2 Controls in Progress
We have implemented the technical and organizational controls designed to meet SOC 2 Type II requirements. Our formal audit is currently underway. We are not yet certified — we will not claim otherwise.
What data EVE accesses
| Data Category | What EVE Reads | Retention | Deletion |
|---|---|---|---|
| Contact records | Name, company, email, lifecycle stage, last activity date. Not SSN, payment info, or health data. | Duration of subscription + 30 days | Immediate on request |
| Email engagement | Open/click events from your connected email provider. Not email body content. | Duration of subscription + 30 days | Immediate on request |
| Website behavior | Page views and session duration for known contacts (via JavaScript snippet). IP-level anonymization applied. | 90 days rolling | Immediate on request |
| CRM activity log | Call/meeting/note timestamps. Not content of calls or meeting recordings. | Duration of subscription + 30 days | Immediate on request |
| Sequence responses | Reply detection (yes/no), not email body content. | Duration of subscription | Immediate on request |
Designed with compliance in mind
Security questions?
For security inquiries, vulnerability disclosures, or data handling questions, reach our team directly.
[email protected]