Legal

Privacy Policy

Thank you for using EverWorker!

Please read the Privacy Policy carefully before using Our Service.

Effective date: August 1, 2024
Last updated: December 1, 2025

Integrail Corporation is the provider of EverWorker AI software and owns and operates the EverWorker website (https://everworker.ai) (the “Website”). We are committed to your privacy. We have created this Privacy Policy (the "Policy") to inform you about the ways in which the Company collects, stores, and handles your personal information when you visit our Website and when we provide our products and services to you (referred to collectively as the “Services”). This policy applies to Integrail Corporation and to its affiliates that provide the Services (collectively referred to as “we”, “our”, “us” or as the "Company"). Personal information about you, whether referred to as personal information, personal data, or personally identifiable information, as defined by applicable regulations, is referred to in this Policy collectively as “personal data”. References to “you” or to “User(s)” refer to the person using the Services, visiting the Website, or otherwise interacting with us.

Please note that our Website may contain links to other websites that are not operated by us. If a User clicks on a third-party link on our Website, the User will be directed to that third party's website. We strongly recommend that you review the privacy policy of each website that you visit. We have no control over, and assume no responsibility for, the content, privacy policies, or practices, of any third-party websites or services.

  1. This Policy applies to the Services and to related activities such as those described below:
  1. Company may act as either a data processer or a data controller of your personal data.

Under the General Data Protection Regulation (GDPR) and similar data protection laws, we may act either as a data controller or a data processor, depending on the context in which personal data is collected and used.For enterprise customers, our processing as a data processor is governed by a Data Processing Agreement (DPA). For individual users, we act as the controller of your account and related information.

When We Act as Controller

When we collect personal data directly from you—for example, when you create an account, sign up for communications, or use the Services as an individual subscriber—we act as a data controller. This means we determine the purposes and means of processing your personal data, typically relying on contractual necessity, legitimate interests, or consent as our lawful basis (see Section 6 for details).

When We Act as Processor

When we receive personal data from one of our business customers (such as your employer) in order to provide our Services, we act as a data processor and our business customer acts as the controller. In this capacity, we process personal data only on documented instructions from that customer and only for the limited purposes of providing the Services, unless otherwise required by law. The customer, as controller, is responsible for ensuring that a valid lawful basis exists for the underlying processing of your personal data and for providing all required notices to data subjects.

Scope of This Policy

This Privacy Policy applies in both contexts:
• Website visitors and individuals who interact with our marketing, communications, and events — we act as controller; and
• Users of our products and services, including software applications — we may act as processor on behalf of customer controllers. Where we act as processor, processing is governed by this Policy and the customer’s written instructions, unless otherwise required by law.

Scenario

Controller

Processor

Website visitors

Company

N/A

Product end users under a business subscription

Customer organization

Company

Individual users under a personal subscription

Company

N/A

Our Data Processing Commitments

When acting as a processor, Company complies with GDPR Article 28(3) and other applicable data-protection laws. Specifically, we will:

Addendums may be incorporated into this Policy to provide further information about our role as controller or processor with respect to particular Services. These Addendums are listed at the end of this Policy or at the link provided.

Data Processing Addendum (DPA):

Where we act as a data processor on behalf of our enterprise customers, our processing of personal data is governed by our Data Processing Addendum, which forms part of the customer’s agreement with Integrail Corporation. The DPA reflects our commitments under Article 28 of the GDPR and similar laws. The DPA is available to enterprise customers and prospective customers upon request. To request a copy, please contact us at privacy@everworker.ai

  1. Categories of personal data and Information that we collect.

We may collect, store, and use personal data in the following categories:

  1. How we collect personal data.

Personal data is obtained directly from you or your employer. We also may receive personal data from our partners (which include resellers and distributors), third-party marketplaces where our products are offered data brokers (such as Dun & Bradstreet), marketing companies, interactions with our website, referrals from other customers and users, publicly available sources such as company websites and LinkedIn. Company collects certain categories personal data when you visit our website.

  1. How we use and share personal data.

We use and share personal data for the following purposes:

We may share personal data for the purposes listed above with the following:

These uses and disclosures are also subject to our contractual obligations. All service providers, contractors, and subprocessors that may access personal data are bound by written contracts that restrict their use of personal data to specified business purposes, prohibit sale or sharing of personal information, require compliance with applicable privacy laws, and provide audit rights.

  1. What is the legal basis that applies to our use of personal data?

The laws in some jurisdictions require data controllers to tell you about the legal grounds that allow them to use or disclose your personal data. Where those laws apply, our legal grounds are:

  1. What Personal Data rights and choices (including direct marketing opt-out) are available?

We offer the options below for exercising your rights and choices about how we use your personal data. Many of these are subject to important limits or exceptions under applicable laws.

YOUR RIGHTS UNDER CHAPTER III, ARTICLES 15 – 21 OF THE GDPR AND OTHER REGULATORY ACTS:

You have the following rights in connection with the processing of personal data by Us (the exercise of each of the following rights is carried out at the request of the User(s)):

You may contact us with any concerns or complaints regarding our privacy practices, and you also may submit a complaint to the relevant governmental authority. For your protection, we will only implement requests with respect to personal data after we have verified your identity to our satisfaction, taking into consideration the nature of your request.

  1. Does the personal data go to other countries?

We store and process personal data in the United States and the European Union. When we transfer personal data from the EEA, UK, or Switzerland to countries not subject to an adequacy decision, we rely on the European Commission’s 2021 Standard Contractual Clauses together with, where applicable, the UK Addendum and Swiss Addendum. You may request a copy of these safeguards by contacting privacy@everworker.ai. Personal data may, in limited circumstances, be accessed by law-enforcement authorities in accordance with applicable law.

  1. Use of cookies and similar technology.

When accessing the Company website, Company and third-party partners of Company may collect certain information by automated means such as through the use of cookies, web beacons, JavaScript, mobile device functionality and similar computer code. Cookies are files that contain data, such as unique identifiers, that may be transferred to and from your device when you visit a web page. More details about our use of Cookies and how you can opt out and manage cookies is found in the Company Cookie Policy located at: https://everworker.ai/legal/cookie-policy

  1. How long does Company store personal data?

We will retain personal data as long as necessary to fulfill the purposes outlined in this Policy unless the law requires us to keep it for a longer period of time. To provide security and business continuity for the activities described in this Policy, we make backups of certain data, which we may retain for longer than the original data.

We store your personal data in Our internal Customer Relationship Management system (hereinafter - the “CRM”). Retention periods vary by data type and purpose, as detailed in Addendum A. We do not retain personal data longer than necessary for the stated purposes.

Notice: User(s) may request that Company not store personal data by sending Us a request to support@everworker.ai. We will take all reasonable measures to delete all personal data about such User(s). However, with the explicit consent of the User, we may retain a streamlined version of their profile, including their email address, for future purposes, enabling us to keep the User informed about our recruitment campaigns or marketing offers.

  1. How do we provide security for personal data that we handle and store?

We take the security of data seriously and although we cannot guarantee that data that we collect can be protected from all possible threats, we have put in place physical, technical, and administrative safeguards to protect your data.

In accordance with Article 32 of the EU General Data Protection Regulation (GDPR) and similar laws, we maintain a comprehensive set of technical, organizational, and administrative safeguards designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Technical and Organizational Measures. We employ the following categories of security measures, proportionate to the risks presented by our processing activities:

  1. How do we handle information that is not personal data?

Our use and disclosure of non-personal data is not subject to this Policy, however, if you or your employer has entered into a contract or non-disclosure agreement with us, confidential non-personal data will always be protected from disclosure as provided for in the applicable agreements. If applicable law and our contractual obligations allow, we may aggregate or de-identify your personal data so that the information cannot be linked to you.

  1. YOUR RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT AND (“CCPA”) THE CALIFORNIA PRIVACY RIGHTS ACT (“CPRA”).

The CCPA and the CPRA provide additional rights to residents of California regarding personal data collection and use practices.

13.1Categories of personal information collected.

We identify below the categories of personal information that we have collected about our users in the last 12 months, using the categories provided in the CCPA:

For more detail on the information we collect, including the sources we receive information from, please refer to our Information Collection Practices above. We collect and use these categories of personal information for the business purposes described in the Information Collection Practices section above.

13.2Categories of personal information shared with our Partners.

Company does not sell your personal information to any third party for monetary consideration. Under the CCPA, however, the term "sell" could include sharing of personal information with partners where Company may obtain a commercial benefit. This might include sharing of personal information with Company's implementation or reseller partners, for example. We identify below the categories of personal information that we have provided to our partners in the last 12 months, using the categories provided in the CCPA:

13.3Rights of California residents.

California residents are entitled to the following rights under the CCPA. To exercise any of the rights, please submit a request to the email address or call our toll-free number set forth in Section 14. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know.

  1. Right to Know.You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:
    The categories of sources from which the personal information was collected;
    1. The categories of personal information about you we disclosed for a business purpose or sold;
    2. The categories of third parties to whom the personal information was disclosed for a business
    3. purpose or sold;
    4. The categories of personal information we have collected about you;
    5. The business or commercial purpose for collecting or selling the personal information; and
    6. The specific pieces of personal information we have collected about you.

  2. Right to Delete. You have the right to request that we delete the personal information we have collected from you in the last 12 months. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request to delete. If we deny your request, we will explain the reason why in our response.
  3. Right to Correct.You have the right to request correction of inaccurate personal information we maintain about you.
  4. Right to Opt-Out.You have the right to tell us not to sell your information at any time. If you are a California resident and we know you are under 16 years of age, we will not sell your personal information unless (i) you are 13 years of age or more and have provided opt-in consent and confirmed that choice, or (ii) you are under 13 years of age and your parent or guardian has provided affirmative authorization of that sale. We recognize and process Global Privacy Control (“GPC”) and other opt-out preference signals as valid requests to opt out of sharing or targeted advertising.
  5. Right to Limit the Use of Sensitive Personal Information.We do not collect, store, or process, sensitive personal information, although we may process account-authentication data (user credentials) and, where applicable, limited geolocation used for security verification.
  6. Right to Non-discrimination.You have the right not to receive discriminatory treatment by us for exercising any of your rights.
  7. Authorized Agent.You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent's permission to do so and verify your identity directly.

14. Changes to the Privacy Policy.

In the event of changes in the law, our data handling practices, or for other reasons, Company reserves the right to update and change this Policy at any time, by updating and publishing the revised Privacy Policy on the Website. The date at the top of this Policy reflects the last revision. Archived versions are available upon request.

  1. Children’s Privacy

Our Services are not directed to children under the age of 18. We do not knowingly collect personal information from children under this age. If we become aware that we have collected such information, we will delete it promptly. Parents or guardians who believe their child has provided us with information may contact us at support@everworker.ai and we will take appropriate steps to delete this personal data from Company servers.

  1. How to contact us.

If you have any questions or wish to exercise your rights under the GDPR, the CPRA/CCPA, or other applicable privacy laws, you may send notice by email to Company at support@everworker.ai, or if you are in the United States, you may call us at: +1 475 284 4287.

You may also send a written notice to us at the following address:

Integrail Corporation

Attn: Privacy

573 Indian Field Road

Greenwich, CT 06830

Data Protection Officer (DPO): Pavel Dibin, CISO

Contact Email: privacy@everworker.ai

EU and UK Representative:  We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the EU and the UK. For EU residents, you may lodge a complaint with your local supervisory authority or with the Austrian Data Protection Authority (DSB), Prighter’s lead EU authority.

To contact Prighter please visit the following website: https://app.prighter.com/portal/11182571312

ADDENDUM A

DATA INVENTORY SUMMARY

The following table summarizes the types of personal data we process, the purposes for which we process it, the lawful bases under GDPR Article 6, our general retention periods, and the categories of recipients. For enterprise customers, additional details appear in our Data Processing Agreement available upon request.

Data Category

Purpose(s) of Processing

Legal Basis (GDPR)

Retention

Recipients / Sharing

Contact & Account Data (name, email, phone, login credentials, employer)

Account setup, authentication, communications, customer support, billing

Contract (Art. 6(1)(b)), Legitimate Interests (Art. 6(1)(f))

Active account + 3 after closure (for compliance)

Affiliates, cloud hosting, CRM provider, customer support provider

Usage Data (IP, browser/device identifiers, app interactions, logs)

Service functionality, troubleshooting, fraud prevention, analytics

Legitimate Interests (security, analytics), Consent (cookies/SDKs)

12 months

Hosting provider, analytics provider, monitoring services

Payment Data (billing info, transaction history)

Process payments, prevent fraud, financial compliance

Contract, Legal Obligation

5 years or as required per tax/accounting law

Payment processor, financial institution

Marketing & Communications Data(preferences, emails, surveys)

Direct marketing, promotions, events, surveys

Consent (where required), Legitimate Interests

Until opt-out or 2 years after last contact

Marketing automation provider, email service, partners (where consented)

Event & Training Data (registration info, certifications, participation records)

Training administration, certification verification, events management

Contract, Legitimate Interests

2 years after event/certification

Event hosts, training partners, certification verification partners

Employment / Professional Data(title, employer, work email)

B2B marketing, partnerships, sales engagement

Legitimate Interests, Consent (where required)

Until opt-out or 2 years

Sales partners, resellers, distributors

Audio/Visual Data(support calls, training recordings)

Training quality, customer support, documentation

Legitimate Interests, Consent (if required)

2 years

Cloud storage provider, training partners

Cookies & Tracking Data (cookies, device IDs, advertising IDs)

Service functionality, analytics, targeted advertising

Consent (cookies, targeted ads), Legitimate Interests (security, fraud prevention)

Session or up to 12months

Analytics providers, advertising partners (if applicable)