How Evara handles the workspace, client, travel, document, billing, and support data entrusted to the platform.
This Privacy Policy applies to Evara workspace users, agency owners and administrators, advisor and team users, client travelers who access Evara-powered pages, website visitors, people who request access, and people who contact Evara Private for support or business inquiries.
For most client, traveler, proposal, itinerary, vault, invoice, and message data, the agency determines what information is entered, how it is used, who may access it, and how long it should remain in the workspace. In those contexts, Evara generally acts as a service provider or processor on behalf of the agency.
For account administration, billing, security, support, website operations, product reliability, and business communications, Evara may process certain information as an independent controller or business.
We collect account and workspace information, login and authentication details, team-member details, support requests, product settings, and the operational records agencies choose to store in Evara.
That may include client profiles, traveler names and contact details, preferences, notes, proposals, journeys, itinerary events, travel documents, messages and related communication metadata, invoice records, payment status, and activity or audit logs needed to run the platform.
Website and request-access information may include name, email address, company or agency name, role, inquiry details, booking or business context voluntarily provided, device and browser information, pages viewed, approximate referral source, and communications with Evara.
We use this information to respond to requests, operate the website, understand interest in the product, prevent abuse, and improve public pages.
Agencies may store sensitive travel information such as passport metadata, secure identifiers, trusted-traveler details, allergies, medical notes, visas, insurance records, travel documents, payment preferences, billing instructions, payment-related notes, and family or household context.
Evara is designed for travel operations, not as a general medical record system, broad identity-document archive, or payment credential repository outside supported workflows. We encourage agencies to enter only the information reasonably needed to plan, operate, and support travel services.
We use information to provide the service, authenticate users, operate secure client-facing links, send access codes and transactional emails, render proposals and itineraries, manage secure vault workflows for travel documents where supported by the product, support invoices and payment status, route messages, provide customer support, prevent abuse, monitor reliability, maintain audit logs, and comply with legal, tax, security, and operational obligations.
We may use aggregated or de-identified information to understand product usage, improve reliability, and develop the service. We do not use aggregated or de-identified information to identify individual client travelers.
Evara can generate secure public links for proposals, itineraries, intake forms, debriefs, and invoices. These links may require authorized email verification, access codes, or other controls depending on the workflow.
Transactional emails are intended to notify recipients and route them back to secure pages; sensitive travel, payment, and document details should stay inside the protected experience whenever possible.
Recipients should not forward secure links or access codes to unauthorized people.
If Evara offers AI-assisted or automation features, those features may process workspace data to help summarize information, organize client context, draft operational content, or suggest next steps at the direction of the agency.
We do not use client traveler data, vault documents, messages, or sensitive travel information to train public AI models. If that ever changes, we will clearly disclose the change and require permission through the applicable agency agreement.
We do not sell personal data, rent client lists, or build advertising profiles.
We share information only as needed with service providers that help us host the application, store data, authenticate users, deliver transactional email, monitor email delivery, process payments, provide edge security and content delivery, apply rate limits and abuse-prevention safeguards, monitor security, log errors, analyze reliability, and provide support.
We may also disclose information if required by law, to protect the service, or with an agency's direction.
A current list of key subprocessors or service provider categories may be made available upon request or through a separate subprocessor list.
Evara supports invoice records, payment links, payment status, and billing-related snapshots.
Payment providers may collect and process payment information directly, and their privacy notices may apply to that processing. Evara is designed not to store full card numbers or complete bank credentials.
We use essential cookies and similar technologies for authentication, session security, preferences, and abuse prevention.
We do not use advertising cookies or sell cross-site tracking data. If analytics are enabled, we limit them to product reliability, security, performance, and aggregate usage insights rather than advertising profiles.
Analytics, performance, and security tools may process limited technical signals such as device and browser information, page performance, request metadata, and approximate traffic patterns to protect the service and improve reliability.
Security and abuse-prevention logs may include IP address, request timing, route metadata, user-agent information, rate-limit events, authentication events, and similar technical signals. These logs are designed to avoid sensitive travel content where reasonably possible.
Where required, we will provide choices or consent controls for non-essential cookies or analytics.
We use technical and organizational safeguards including encryption in transit, encryption at rest where supported by our infrastructure, workspace isolation, role-based access controls, secure public-link patterns, audit logging for sensitive actions, and least-privilege operational access.
No system can be guaranteed perfectly secure, but Evara is designed around the trust obligations of private travel operations.
If we become aware of a security incident affecting personal information, we will investigate and notify affected agencies, users, or authorities where required by law, contract, or our customer commitments.
Agencies may export, correct, archive, or delete workspace data where the product supports those actions.
If an agency closes its account, we begin deletion of associated workspace data within a reasonable period.
Security logs, audit logs, billing records, support records, fraud-prevention records, and backup copies may be retained for different periods depending on legal, accounting, security, dispute-resolution, and operational needs. Backup deletion may take additional time due to routine backup cycles.
Evara and its service providers may process information in the United States and other locations where our infrastructure or support providers operate.
When information is processed across borders, we rely on appropriate contractual and technical safeguards.
Where required by law, we process personal information based on applicable legal bases such as providing the service, fulfilling contracts, complying with legal obligations, protecting the service, consent, or legitimate business interests.
Evara is a business platform and is not directed to children.
Agencies may store information about children when it is necessary to plan family travel. Agencies are responsible for ensuring they have the authority to provide that information and for keeping child-related details limited to what is needed for the travel service.
Depending on where you live, you may have rights to access, correct, delete, export, restrict, object to, or opt out of certain processing of personal information.
Workspace users may contact Evara directly for requests related to account, billing, support, or website data.
Client travelers should usually contact their travel advisor or agency first because the agency controls most client records in Evara. You can also contact us for privacy questions or help routing a request to the right party.
For agency customers that require a data processing agreement, Evara may provide a DPA or similar data protection terms as part of the customer agreement.
For privacy questions or requests related to personal information, contact [email protected]. For security concerns, contact [email protected].
Client travelers should usually contact their travel advisor or agency first because the agency controls most client travel records in Evara.
We may update this Privacy Policy as the product, legal requirements, or operational practices change.
Material changes will be reflected on this page and, where appropriate, communicated to affected workspace owners or administrators.
Last updated: May 29, 2026. Questions? Contact [email protected].