GDPR Compliant · Based in Sweden

Privacy Policy

Everia is a product of Zealtouch AB, a company registered in Sweden. We are fully compliant with the General Data Protection Regulation (GDPR) and Nordic data protection laws, and committed to being transparent about how we handle your data.

GDPR Compliant
Swedish Data Protection Law
No Data Selling
No AI Training on Your Data

Last updated: May 30, 2026

Our commitment to your privacy

Zealtouch AB ("we", "us") operates the Everia platform. Protecting your privacy is fundamental to how we build our product. This Privacy Policy applies to our web application (app.everia.io), our marketing website (everia.io), all communications we send, and any related services. We process data strictly as described below and never sell personal data or use your content to train AI models.

1. Data Controller

The registered legal entity and data controller responsible for processing your personal data under GDPR is:

Legal Entity

Zealtouch AB

Trading As

Everia

Registered Address

Baldergatan 10, 195 51 Märsta, Stockholm, Sweden

Privacy Contact

support@everia.io

Zealtouch AB is a Swedish limited company (aktiebolag) and operates the Everia platform. It is subject to Swedish law (Dataskyddslagen, SFS 2018:218), which implements GDPR, and is supervised by the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

2. Information We Collect

We collect data in three ways: what you provide, what we collect automatically, and what we receive from third parties.

2.1 Information You Provide

Account & Profile

  • Full name
  • Email address
  • Password (hashed, never stored in plaintext)
  • Profile picture
  • Job title
  • Company name
  • Team role

Billing Information

  • Company name
  • Billing address
  • VAT / tax identification number

Workspace Content

  • Project documentation
  • Tasks, tickets, and comments
  • Attachments and file uploads
  • Time tracking entries
  • Test cases and test runs
  • Internal notes and KnowHub pages
Payments are processed by Stripe. Everia never stores credit card details.

2.2 Data Collected Automatically

Usage & Device Data

  • IP address
  • Browser type and version
  • Operating system
  • Device type
  • Pages visited and time spent
  • Referring URL

Log Data

  • Login timestamps
  • Feature usage events
  • Error reports
  • Security and audit logs

Cookies & Tracking

  • Authentication cookies (strictly necessary)
  • Security tokens

2.3 Data From Third Parties

External Sources

  • Authentication providers (Google, Microsoft) — only profile basics
  • Payment metadata from Stripe (no card details)
  • Integrations you explicitly enable (Slack, GitHub, GitLab, Jira, Telegram, WhatsApp)
We only access data you explicitly authorize via OAuth scopes or integration settings.

3. How We Use Your Data

PurposeLegal Basis (GDPR Art. 6)
Provide and operate the platformContract (Art. 6.1.b)
Improve product features and performanceLegitimate interests (Art. 6.1.f)
Security, fraud prevention, and auditLegitimate interests (Art. 6.1.f)
Billing and payment processingContract (Art. 6.1.b)
Customer support and communicationContract (Art. 6.1.b)
Marketing emails and newslettersConsent (Art. 6.1.a) — opt-in only
Legal and regulatory complianceLegal obligation (Art. 6.1.c)
Two firm commitments: Everia does not sell personal data to any third party. Everia does not use your workspace content to train AI or machine-learning models.

4. Your Rights Under GDPR

As a data subject under GDPR (Regulation EU 2016/679), you have the following rights. These rights also apply to residents of the UK (UK GDPR), Switzerland, and the EEA.

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct any inaccurate or incomplete information.

Right to Erasure

Request deletion of your data ("right to be forgotten").

Right to Restrict

Limit how we process your personal data.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or direct marketing.

Right to Withdraw

Withdraw consent at any time without affecting prior processing.

Right to Complain

Lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

To exercise any of these rights, contact us at support@everia.io. We will respond within one calendar month as required by GDPR Article 12. If your request is complex, we may extend by a further two months and will notify you accordingly.

You also have the right to lodge a complaint with Integritetsskyddsmyndigheten (IMY), Sweden's national supervisory authority: www.imy.se

5. Data Protection Contact

Zealtouch AB (operating as Everia) has designated an internal data protection contact responsible for overseeing GDPR compliance, handling data subject requests, and liaising with the supervisory authority.

Privacy inquiries: support@everia.io

6. International Data Transfers

Some of our third-party sub-processors are based outside the European Economic Area (EEA), primarily in the United States. Whenever personal data is transferred internationally, we apply appropriate GDPR safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with all sub-processors
  • Adequacy decisions where applicable

Where possible, we prefer EU-based infrastructure to minimise cross-border transfers.

7. Data Retention

Data CategoryRetention Period
Account & profile informationUntil account deletion
Workspace contentWhile the account is active
Security & audit logsUp to 12 months
Standard usage analytics30 days
Billing & tax records6–10 years (Swedish law)
Marketing consent recordsUntil consent is withdrawn

Billing records are retained for 6–10 years to comply with the Swedish Bookkeeping Act (Bokföringslagen). All other data is deleted promptly once the retention period expires.

8. Security

Everia implements industry-standard technical and organisational measures (TOMs) to protect your data against unauthorised access, loss, or disclosure:

TLS 1.3 encryption in transit
AES-256 encryption at rest
Role-based access controls (RBAC)
Regular penetration testing
Vulnerability scanning
24/7 security monitoring & incident response
SOC-2-aligned practices

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR Article 33 and 34.

9. Third-Party Sub-Processors

ProcessorRoleData Region
Supabase / AWSDatabase & InfrastructureEU / USA (SCCs)
HetznerAdditional InfrastructureEU
StripePayment ProcessingUSA (SCCs)
Brevo / ResendTransactional EmailEU / USA (SCCs)
OpenAIAI Features (opt-in)USA (SCCs)

All sub-processors are bound by Data Processing Agreements ensuring GDPR-compliant handling of personal data. SCCs = Standard Contractual Clauses.

10. Children's Privacy

Everia is a professional project management platform not intended for use by persons under the age of 16 (the digital consent age in Sweden under GDPR). We do not knowingly collect personal data from minors. If you believe a minor has provided us with data, contact us immediately at support@everia.io and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. If we make material changes, we will notify you by email and/or a prominent in-app announcement at least 30 days before the changes take effect. The "Last updated" date at the top of this page always reflects the most recent revision. Continued use of Everia after a material change constitutes acceptance of the updated policy.

12. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email

support@everia.io

Postal Address

Baldergatan 10, 195 51 Märsta, Stockholm, Sweden

We aim to respond within 7 business days and will always meet the GDPR one-month deadline.

Privacy-first project management

Your data is safe with Everia

Built in Sweden, compliant with GDPR and Nordic data protection standards. Start for free — no credit card required.

Start Everia for FreeSee Pricing

Free plan forever. No credit card. GDPR compliant from day one.