Privacy policy and data handling practices at Evro AI.
Evro AI Pty Ltd (“Evro”, “we”, “us”, or “our”) is an Australian company headquartered in Sydney, New South Wales, Australia. We provide an AI-powered meeting intelligence platform that records, transcribes, and analyses conversations to deliver insights, summaries, and coaching recommendations (the “Service”).
This Privacy Policy (“Policy”) explains what Personal Information we collect, how we use and protect it, and your rights. It applies to all users of the Evro platform, website, and any integrations with third-party services including Google and Microsoft. Any terms not defined here have the meanings given in our Terms of Use.
This Policy is designed to satisfy:
If you do not agree with this Policy, you must not use any of our Services. If you change your mind in the future, you must stop using the Services and may exercise your rights as set out below.
Evro AI Pty Ltd is the data controller for Personal Information collected through the Service. Where Evro processes Personal Information on behalf of a business customer (“Organisation”) under an enterprise service agreement, that Organisation is the data controller and Evro acts as a data processor, operating only on their instructions. In those circumstances the Organisation’s privacy policy also applies and we encourage you to read it.
If you have used an email address provisioned by an organisation (an “Organisation Email”) to create a personal Evro account, the organisation that provisioned that email may request, and we will disclose to them, the Organisation Email associated with your account. We will not transfer the contents of your account to that organisation without your explicit consent.
Privacy Officer: hello@evro.ai (subject line: “Privacy Enquiry”)
Australia: Evro AI Pty Ltd, Sydney, New South Wales, Australia
UK Representative: hello@evro.ai (subject line: “UK Privacy Enquiry”)
For this Policy, “Personal Information” means any information relating to an identified or identifiable individual.
Meeting Content may contain sensitive information as defined under the Privacy Act 1988 (Cth), including health information, biometric identifiers, racial or ethnic origin, political opinions, religious beliefs, trade union membership, or criminal history. We collect and process such information only where reasonably necessary to provide the Service and with the consent of the relevant individual, which may be obtained by the meeting host on our behalf.
Evro integrates with Google services to enable sign-in and calendar-aware meeting intelligence. The following sets out exactly what Google data we access, why it is required, and how it is used.
After signing in, you may connect your Google Calendar. Connecting Google Calendar is required to use Evro’s core meeting intelligence features. Evro uses strictly read-only access and retrieves only the following calendar event metadata: Event title, Event start and end time, Event attendees, Event ID.
What Evro does NOT access: Gmail messages or any email content, Calendar event descriptions beyond what is needed to identify a scheduled meeting, Calendar attachments, Any other Google account data not listed above.
How we use Google Calendar data: To detect scheduled meetings and display them in the Evro dashboard, To allow you to initiate meeting recordings from within Evro, To associate meeting transcripts and AI insights with the correct calendar event.
What Evro does NOT do with Google Calendar data:
Retention and revocation: Google Calendar metadata is retained only as long as needed to associate a transcript or AI insight with the corresponding meeting. Upon disconnection or account deletion, this data is deleted within 30 days. You may revoke access at any time via myaccount.google.com/permissions. Revoking access will disable calendar-based meeting detection in Evro.
Evro’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. See developers.google.com/terms/api-services-user-data-policy.
Evro integrates with Microsoft services to enable sign-in and calendar-aware meeting intelligence for users on Microsoft platforms.
You may optionally connect Microsoft Outlook Calendar. Evro uses strictly read-only access to calendar event metadata only, equivalent in scope to Section 3.5.2. Evro does not create, modify, or delete Microsoft Calendar events. Microsoft Calendar data is used solely to detect scheduled meetings, display them in the Evro dashboard, and associate transcripts and AI insights with the correct meeting event.
What Evro does NOT do with Microsoft data:
You may revoke Evro’s Microsoft permissions at any time via myaccount.microsoft.com/permissions. Revoking access will disable calendar-based meeting detection in Evro.
We do not allow third parties such as OpenAI or Anthropic to use your Personal Data to train their AI models. We do not use identifiable Meeting Content to train any publicly available foundation model.
We obtain explicit permission before any human review of specific recordings for training refinement purposes (for example, when you rate transcript quality and opt in to sharing that recording for improvement).
You or your Organisation may opt out of having de-identified Meeting Content used for model training at any time by Emailing hello@evro.ai with the subject line “Training Opt-Out”.
Where the GDPR applies, we rely on the following legal bases:
We do not sell your Personal Information. We do not share Personal Information with third parties for their own advertising or marketing purposes. We disclose data only in the following circumstances:
We share data with trusted vendors who help us provide the Service. All sub-processors are bound by data processing agreements and may only process data as directed by Evro. Current key sub-processors include:
A complete and current sub-processor list is available on request at hello@evro.ai. We will provide reasonable advance notice of any material changes to our sub-processor list.
Evro shares data with Google and Microsoft only to the extent required to authenticate users and retrieve calendar event metadata as described in Sections 3.5 and 3.6. Evro does not share Meeting Content, transcripts, or AI insights with Google or Microsoft.
We may disclose Personal Information if required by law, court order, subpoena, or government authority, or where we have a good-faith belief that disclosure is necessary to comply with a legal obligation; enforce our Terms of Use; detect, prevent, or address fraud or security issues; or protect the rights, property, or safety of Evro, our users, or the public.
Evro AI Pty Ltd is an Australian company. When you use our Service, your personal data is collected and stored on our servers in Australia (Australia East Region). From Australia, we may transmit certain data to our sub-processors located in the United States to provide our Service.
This means international data transfers occur at two distinct points, each governed by different legal frameworks:
Where we disclose Personal Information to overseas recipients, including our sub-processors, we take reasonable steps under APP 8 of the Privacy Act 1988 (Cth) to ensure those recipients handle the information consistently with the Australian Privacy Principles. We assess each sub-processor’s data protection practices, including their contractual commitments, security certifications, and published privacy policies, and document those assessments in our internal sub-processor register. A list of our current sub-processors is available on request by contacting hello@evro.ai.
Evro is an Australian company. Australia is not currently recognised by the European Commission as providing an adequate level of data protection. Accordingly, for the transfer of your personal data from the EEA, UK, or Switzerland to Evro AI Pty Ltd in Australia, we rely on the following lawful transfer mechanisms, with Evro AI Pty Ltd acting as data importer in each case:
You may request a copy of the relevant SCCs or transfer agreements applicable to your jurisdiction by contacting hello@evro.ai with the subject line “Transfer Mechanism Request”. Should Evro establish a U.S. legal entity in the future, we may seek certification under the EU-U.S. Data Privacy Framework and will update this Policy accordingly.
Enterprise Tier customers may request that Meeting Content be stored and processed exclusively on servers located within Australia (East Region) to assist with local data sovereignty requirements. Contact hello@evro.ai for more information.
We store your Personal Data in Microsoft Azure servers located in the Australia. We maintain physical, administrative, and technical safeguards including:
No method of transmission over the internet or method of electronic storage is completely secure. You transmit Personal Information at your own risk. For information on our security posture and any disclosed incidents, see evro.ai/security.
We retain Personal Information for as long as necessary to provide the Service or to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law. Specific examples:
You may request deletion of specific recordings, transcripts, or your entire account at any time. See Section 9 for how to do this in-app or by contacting us.
In the event of a data breach likely to result in serious harm, we will notify affected individuals and relevant supervisory authorities in accordance with:
Depending on your location, you have the following rights in relation to your Personal Information. To exercise any of them, email hello@evro.ai with the subject line “GDPR Request: [nature of request]” or “Privacy Request: [nature of request]” as applicable. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.
You can delete your data directly within the Evro app without contacting us:
For any other deletion requests, email hello@evro.ai. We aim to complete all deletion requests within 30 days.
Revoking access for either integration will disable calendar-based meeting detection in Evro.
This Policy is intended to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.
If you are located in the European Union, United Kingdom, Liechtenstein, Norway, or Iceland, you have additional rights under the GDPR or UK GDPR. Evro acts as data controller or data processor as described in Section 2. If we act as a data processor on behalf of an enterprise customer, please contact that customer in the first instance to address your rights.
International transfers are protected by Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) as described in Section 7.3. If you are not satisfied with our response to a privacy request, you have the right to lodge a complaint with your local supervisory authority:
Evro does not sell or share Personal Information for cross-contextual behavioural advertising. California residents have the right to know, delete, correct, and opt out under the CCPA and CPRA. To exercise these rights, email hello@evro.ai. We do not discriminate against users who exercise their privacy rights. For additional information, see our Privacy Notice for California Residents available at evro.ai/ccpa.
If you are a resident of Nevada, you have the right to opt out of the sale of certain Personal Information to third parties. Evro does not currently sell your Personal Information as defined under Nevada Revised Statutes Chapter 603A. To submit an opt-out request regardless, contact hello@evro.ai.
For transfers of personal data from Switzerland, Evro relies on Standard Contractual Clauses as recognised under Swiss data protection law, or such other transfer mechanism as approved by the Swiss Federal Data Protection and Information Commissioner (FDPIC). Swiss users may contact hello@evro.ai to exercise their rights or submit a complaint.
As a user of Evro, you are the “Host” or “Controller” of the Meeting Content recorded through the Service.
The Service is not directed at children under the age of 16 (or under 13 in the United States under COPPA). We do not knowingly collect Personal Information from children. If you are a parent or guardian and believe your child has provided us with Personal Information, please contact hello@evro.ai and we will delete it promptly.
We may update this Policy from time to time. We will alert you of material changes by placing a notice on the Evro website, sending you an email, or by other reasonable means, at least 30 days before changes take effect (or as required by applicable law). The effective date at the top of this Policy will be updated accordingly. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy. The most current version is always available at evro.ai/privacy.
If you discover a security vulnerability in the Evro platform, please report it responsibly to hello@evro.ai with the subject line “Vulnerability Disclosure”. We are committed to investigating all reports promptly. Details of any disclosed security incidents are published at evro.ai/security.
For all privacy-related enquiries, requests, or complaints:
We will acknowledge your enquiry within 5 business days and aim to resolve it within 30 days.