Privacy Policy

The evnno platform (the "Service") is operated by LOZRIAN L.L.C-FZ, a Limited Liability Company registered in the Meydan Free Zone, Dubai, United Arab Emirates under licence number 2306528.01.

Registered office: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates. For any privacy enquiry — access, correction, deletion, complaint, or general question — write to support@evnno.com and include the email address on your account so we can find your records.

For the purposes of the EU/UK GDPR, LOZRIAN L.L.C-FZ is the data controllerfor personal data processed by the Service. For California residents, references to "personal data" in this policy include "personal information" under the CCPA/CPRA.

2.1 Account data

When you sign up we store your email address, a hashed password (bcrypt; we never see your plaintext password), an optional display name and profile image, the date your email was verified, and your account role (seller, client, or admin). If you sign in with Google we additionally store the Google account id used to link the OAuth account.

2.2 Project content

When you create a project we store everything you provide so we can generate, edit, and sell the resulting landing page: the business name, the Google Maps link you paste, any free-form context you write, brand colors, category, an optional logo (stored as base64), an optional social link, up to five reference images (also base64), the chosen content language (English or Arabic), and the AI-generated HTML content together with its revision history (snapshots).

2.3 Commercial data

For purchases and payouts we store the deal record(site amount, optional domain amount and chosen domain name, refund-window timestamp, deploy URL), the buyer's email address, the Stripe PaymentIntent identifier needed to issue refunds, your subscription plan (Plus and Pro, or Free) and billing period (stored in user_billing), Stripe customer and subscription ids for recurring seller plans, and entries in our internal money ledger (earnings, bonuses, withdrawals). A legacy credit ledger may still exist for historical records from the old credit-pack system. Sellers receive their share via Stripe Connect Express or PayPal Payouts; the corresponding connected account id or payout reference is stored against the ledger row.

2.4 Abuse-prevention data

To limit fraudulent or excessive seller sign-ups from the same network we record the IP address of new seller accounts at signup time and a per-IP signup count. This is the only place evnno stores IP addresses persistently. Server logs may briefly contain IPs and request metadata for routine operational purposes (rate-limiting, error diagnosis) and are rotated.

2.5 Communications

Verification emails are sent through Resend. If an admin sends or receives messages about a deal, those notes can be stored in an internal admin-client noteslog (visible only to admins and tied to the client's email address) so support history is not lost when staff change.

2.6 Cookies and similar technologies

evnno uses only essential cookies:

• An authentication session cookie issued by Auth.js (next-auth) so you stay signed in. It is an HTTP-only JWT and is not used for tracking.
• Short-lived signup-intent cookies (gg_client_signup, gg_client_checkout, gg_seller_signup) that remember which flow you started so the OAuth round-trip lands you back in the right place. They are deleted after the round-trip.

evnno does not run analytics, advertising, or fingerprinting trackers. If that ever changes we will update this policy and ask for your consent before placing non-essential cookies in your browser.

We process personal data for the following purposes:

• Operating the Service — creating your account, generating and storing your landing pages, deploying preview and live sites, processing payments, issuing refunds, paying sellers. (Legal basis: performance of a contract.)
• Security and abuse prevention — verifying your email, capping seller sign-ups per IP, rate-limiting AI endpoints, fraud screening on payments and subscriptions. (Legal basis: legitimate interests; legal obligation where applicable.)
• Customer support — answering refund, account, and bug enquiries you send to support. (Legal basis: contract / legitimate interests.)
• Legal compliance — tax, accounting, and anti-money-laundering record-keeping; responding to lawful requests. (Legal basis: legal obligation.)

evnno does not sell personal data. We share data only with the named sub-processors below, and only to the extent each one needs to perform its function. Each link points to that sub-processor's own privacy policy.

We may also share data when required by law (court orders, regulators, lawful government requests) or as part of a corporate transaction (merger, acquisition, sale of assets), in which case we will tell you before your data becomes subject to a new controller.

evnno is operated from the United Arab Emirates, and our sub-processors are based primarily in the United States and the European Union. By using the Service you understand that your personal data is transferred outside your country of residence and stored on infrastructure operated by these providers.

Where transfers from the EEA, the UK, or Switzerland are involved, our sub-processors rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards published in their own privacy notices. We do not apply additional safeguards beyond what each processor publishes.

• Account: kept while your account is active. If you ask us to delete the account we erase the auth and profile records and unlink (or anonymise) transactional records that we're required to retain for accounting (see below).
• Project content: kept while the project exists. Unsold draft listings are auto-removed after a configurable window (currently 60 days) per the dashboard notice; sold projects are kept while the deal is active and for a period after for support. Buyer refund requests are handled within 14 days of payment per the Refund Policy.
• Snapshots: each AI revision creates a snapshot of the project HTML. Snapshots are deleted with the project.
• Ledgers, billing, and deals: subscription billing records, money ledger, legacy credit ledger (deal bonuses), and deal records are retained for tax and accounting purposes for as long as required by UAE law, typically a minimum of five years.
• Signup IP counts: kept indefinitely as a hashed-style integer counter per IP. They are operational anti-abuse data, not advertising data.
• Server logs: rotated by the hosting provider on its standard schedule (typically days, not months).

Depending on where you live, you may have one or more of the rights below. evnno honours all of them regardless of jurisdiction; the labels just differ.

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to fix data that is wrong or incomplete.
• Deletion ("right to be forgotten") — ask us to delete your account and content. We may retain ledger records as required by tax/accounting law, in pseudonymised form where possible.
• Portability — receive your project content and account data in a structured, machine-readable format.
• Objection / restriction — object to processing based on legitimate interests, or ask us to restrict it while a complaint is being resolved.
• Withdraw consent — where processing is based on consent (it rarely is here, since most processing is contractual), you can withdraw at any time.
• Complain — to your local data-protection authority (e.g. an EU/UK supervisory authority, or the UAE Data Office for residents of the UAE under Federal Decree-Law No. 45 of 2021).

To exercise any of these, email support@evnno.com. We respond within 30 days; complex requests may be extended by a further 60 days, in which case we will tell you why.

California residents (CCPA / CPRA)

evnno does not sell or share personal information for cross-context behavioural advertising, as those terms are defined under the CCPA/CPRA. California residents have the right to know, delete, correct, and limit the use of sensitive personal information; to exercise these rights, email the address above and identify yourself as a California resident. We will not discriminate against you for exercising any privacy right.

We use industry-standard measures to protect your data: TLS in transit, hashed passwords (bcrypt), database access restricted to the application backend, OAuth secrets and API keys held in server-only environment variables, and per-route rate limits on AI and authentication endpoints. No system is perfectly secure; if we ever become aware of a breach affecting your personal data we will notify you and the relevant supervisory authorities within the time-frames required by applicable law.

When you generate or revise a landing page, the project context you provide (business name, Maps link, free-form info, brand colors, reference images) is sent to Google Gemini via the @google/genaiSDK. Google's Generative Language API processes that prompt and returns HTML which we store on the project. Per Google's API terms, prompts and responses for paid Gemini API usage are notused to train Google's models.

We do not feed your private project content into any other AI model and we do not re-use one customer's content for another customer's landing page.

The Service is for adults. You must be at least 18 years old to create an account or buy through the platform. If you believe a minor has signed up, email us and we will remove the account.

As the platform evolves we will update this policy. The effective version is the one visible on this page; the "Last updated" date at the top reflects material changes. For changes that significantly affect your rights we will email account holders and post a notice in the dashboard before the change takes effect.

For privacy questions or to exercise your rights, write to support@evnno.com or by post to LOZRIAN L.L.C-FZ, Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates. See also the Refund Policy and the Terms of Service.