Privacy Policy

At Everhand, operated by Aava, Inc., we take privacy seriously — both yours and your candidates'. This Privacy Policy explains how we handle personal data when your firm uses Everhand to ingest, classify, and sync candidate records into your CRM.

Everhand processes two distinct categories of personal data:

Customer data — information about you and your firm:

• Account and contact information (name, work email, firm name, role)
• Billing details (processed by our payment provider)
• Workflow configuration (your taxonomy, CRM integrations, custom classification fields)
• Usage analytics and performance metrics

Candidate data — personal data your firm directs us to process:

• Identifiers from public LinkedIn profiles (name, current role, location)
• Work history, education, skills, and other professional details
• Classification fields generated by Everhand (industry, seniority, function, etc.)
• Internal notes and tags your team adds in the CRM

Your firm is the data controller for candidate data. Everhand acts as your data processor — meaning we process candidate data only on your instruction and only to deliver the service.

We use information about you and your firm to:

• Operate, maintain, and improve the Everhand service
• Train Everhand to your firm's taxonomy and classification rules
• Send service updates and important notifications
• Process billing
• Provide customer support

Candidate data is processed strictly to perform the intake and classification your firm has configured:

• We retrieve profile information from LinkedIn URLs your team provides
• Our AI reads and classifies each profile against your firm's taxonomy
• Structured records are written to your connected CRM
• We do not sell candidate data
• We do not use your candidate data to train public AI models, or to improve models for any other customer
• Candidate records remain yours; we retain them only while your firm has an active engagement, and we can delete them on request

• All data is encrypted in transit and at rest
• Cloud infrastructure with enterprise-grade security and audited access controls
• Integration credentials and API keys are stored encrypted and scoped per firm
• Limited internal access on a need-to-know basis
• Regular security reviews and dependency updates

We use vetted sub-processors to operate the service — cloud hosting, AI model providers, payment processing, and analytics. We share information with them only as needed to deliver Everhand. A current list of sub-processors is available on request.

We do not sell personal data to anyone. We share data with legal authorities only when required by law.

As our customer, you can:

• Access, correct, or export your firm's data
• Request deletion of your account and customer data
• Opt out of marketing communications
• Pause or stop processing at any time

Candidates whose data we process on your behalf:

Because your firm is the data controller, candidate data subject requests (access, deletion, correction, or objection under GDPR, CCPA, PIPEDA, or similar laws) should be directed to your firm. We support you in fulfilling them — contact us and we'll help action requests inside your account.

Aava, Inc. is based in Canada. We operate cloud infrastructure in the United States and Canada. By using Everhand, you acknowledge that data may be transferred to and processed in those jurisdictions under appropriate safeguards (including Standard Contractual Clauses where required).

We may update this Privacy Policy from time to time. Material changes will be communicated by email and reflected in the "Last updated" date at the top of this page.