Privacy Policy

Overview

Evvl is available as both a web application (app.evvl.ai) and a downloadable desktop application. This privacy policy covers both versions.

Data We Collect

Web Application

When using the web application:

• API Keys: Due to browser CORS restrictions, OpenAI and Anthropic API calls are proxied through our servers. Google and OpenRouter calls go directly from your browser. Keys are automatically redacted from all server logs and are never stored. Learn more
• Prompts and Responses: For proxied calls (OpenAI, Anthropic), your prompts pass through our servers but are never logged or stored. Google and OpenRouter calls never touch our servers.
• Event Tracking: We track successful and error events to monitor system health and fix issues (e.g., detecting when a model slug is no longer supported by an API). We only capture event metadata like provider name, model name, and error types—never your prompts, responses, or any underlying data.
• Local Storage: All your evaluation data, history, ratings, and preferences are stored only in your browser's localStorage on your device.

Desktop Application

When using the desktop application:

• Direct API Calls: All API requests go directly from your computer to AI providers. No data passes through our servers.
• Local Storage: All data including API keys, prompts, responses, and evaluations are stored only on your device.
• No Telemetry: The desktop application does not send any usage data, analytics, or telemetry to us.

Third-Party AI Services

Evvl connects to third-party AI services including OpenAI, Anthropic, Google, and OpenRouter. When you use these services through Evvl, your data is subject to those providers' respective privacy policies:

• OpenAI Privacy Policy
• Anthropic Privacy Policy
• Google Privacy Policy
• OpenRouter Privacy Policy

Analytics (Web App Only)

The web application uses privacy-focused analytics to understand basic usage patterns:

• Plausible Analytics: Privacy-friendly analytics that doesn't use cookies or collect personal data. Only anonymous page views. Learn more
• Vercel Analytics: Basic performance and usage metrics. Learn more
• Vercel Speed Insights: Page load performance monitoring. Learn more

Desktop Application: The desktop app has zero analytics—no tracking of any kind.

Data Security

• All communications use HTTPS encryption
• API keys are redacted from logs automatically
• No user accounts or authentication data is collected
• No cookies are used for tracking

Your Rights

Since we don't store your personal data on our servers, there is no data to request, modify, or delete. Your locally stored data can be cleared by clearing your browser's localStorage or uninstalling the desktop application.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.

Contact

For questions about this privacy policy, please open an issue on our GitHub repository.