1. Introduction
Evals.sh ("we", "us", or "our") operates the Evals.sh platform, which provides AI-powered code reviews, frontend audits, and project evaluation services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.2. Information We Collect
We collect the following categories of information:
- Account information: Name, email address, and password (hashed) when you register.
- OAuth data: If you sign in with Google, we receive your name, email, and profile picture from Google.
- Submitted content: Code, URLs, files, and text you submit for evaluation or review.
- Usage data: Page views, API calls, task counts, and interaction logs to improve our Service.
- Technical data: IP address, browser type, and device information collected automatically.
3. How We Use Your Information
- To provide, operate, and maintain the Service.
- To process your submissions through our AI pipeline.
- To manage your account, subscription, and usage quota.
- To send transactional communications (e.g., account alerts).
- To improve the accuracy and performance of our AI models using aggregated, anonymized data.
- To comply with legal obligations.
4. Data Sharing and Disclosure
We do not sell your personal data. We may share data with:
- AI providers: Your submitted content is sent to third-party AI providers (e.g., OpenRouter, Anthropic, Google) solely to generate evaluation results.
- Infrastructure providers: Cloud storage and database services used to operate the platform.
- Legal authorities: When required by law, court order, or to protect our rights.
5. Data Retention
We retain your account data for as long as your account is active. Submitted content and evaluation results are retained for 90 days after creation and then automatically deleted. You may request deletion of your account and associated data at any time by contacting us.
6. Cookies and Tracking
We use HTTP-only cookies exclusively for authentication session management (refresh tokens). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
7. Security
We implement industry-standard security measures including bcrypt password hashing, JWT-based authentication, HTTPS encryption in transit, and Redis-backed session management. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data.
- Object to or restrict processing of your data.
- Data portability.
To exercise these rights, contact us at [email protected].
9. Children's Privacy
Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance.