Thank you for using EverWorker!

Please read the Privacy Policy carefully before using Our Service.

Effective date: August 1, 2024
Last updated: December 1, 2025 

Integrail Corporation is the provider of EverWorker AI software and owns and operates the EverWorker website (https://everworker.ai) (the “Website”). We  are committed to your privacy.  We have created this Privacy Policy (the "Policy") to inform you about the ways in which the Company collects, stores, and handles your personal information when you visit our Website and when we provide our products and services to you (referred to collectively as the “Services”).  This policy applies to Integrail Corporation and to its affiliates that provide the Services (collectively referred to as “we”, “our”, “us” or as the "Company").  Personal information about you, whether referred to as personal information, personal data, or personally identifiable information, as defined by applicable regulations, is  referred to in this Policy collectively as “personal data”.  References to “you” or to “User(s)” refer to the person using the Services, visiting the Website, or otherwise interacting with us. 

Please note that our Website may contain links to other websites that are not operated by us. If a User clicks on a third-party link on our Website, the User will be directed to that third party's website. We strongly recommend that you review the privacy policy of each website that you visit.  We have no control over, and assume no responsibility for, the content, privacy policies, or practices, of any third-party websites or services. 

1. This Policy applies to the Services and to related activities such as those described below:

• Managing your account and relationship we have with you as our customer or as a User
• Direct sales, advertising, and marketing activities that we may provide to you
• Sales and marketing activities from our authorized partners, including resellers, platform partners, distributors, and third-party marketplaces
• Your participation in our training or certification programs
• Your attendance or participation in our partner events
• Your use of our services and software application products
• Your visits to and use of our Website

2. Company may act as either a data processer or a data controller of your personal data.

Under the General Data Protection Regulation (GDPR) and similar data protection laws, we may act either as a data controller or a data processor, depending on the context in which personal data is collected and used. For enterprise customers, our processing as a data processor is governed by a Data Processing Agreement (DPA). For individual users, we act as the controller of your account and related information. 

When We Act as Controller 

When we collect personal data directly from you—for example, when you create an account, sign up for communications, or use the Services as an individual subscriber—we act as a data controller. This means we determine the purposes and means of processing your personal data, typically relying on contractual necessity, legitimate interests, or consent as our lawful basis (see Section 6 for details). 

When We Act as Processor 

When we receive personal data from one of our business customers (such as your employer) in order to provide our Services, we act as a data processor and  our business customer acts as the controller.   In this capacity, we process personal data only on documented instructions from that customer and only for the limited purposes of providing the Services, unless otherwise required by law. The customer, as controller, is responsible for ensuring that a valid lawful basis exists for the underlying processing of your personal data and for providing all required notices to data subjects. 

Scope of This Policy 

Our Data Processing Commitments 

When acting as a processor, Company complies with GDPR Article 28(3) and other applicable data-protection laws. Specifically, we will: 

• Process personal data only on documented instructions from the customer (controller);
• Ensure confidentiality and implement appropriate technical and organizational security measures;
• Assist controllers in fulfilling their obligations regarding data-subject rights and security incidents, including prompt notification of any personal-data breach;
• Engage subprocessors only under written contracts imposing equivalent data-protection obligations;
• Upon termination of the Services, delete or return personal data, at the controller’s choice, unless retention is required by law; and
• Make available information necessary to demonstrate compliance with these obligations. 

Addendums may be incorporated into this Policy to provide further information about our role as controller or processor with respect to particular Services. These Addendums are listed at the end of this Policy or at the link provided. 

Data Processing Addendum (DPA): 

Where we act as a data processor on behalf of our enterprise customers, our processing of personal data is governed by our Data Processing Addendum, which forms part of the customer’s agreement with Integrail Corporation. The DPA reflects our commitments under Article 28 of the GDPR and similar laws.  The DPA is available to enterprise customers and prospective customers upon request. To request a copy, please contact us at privacy@everworker.ai 

3. Categories of personal data and Information that we collect.

We may collect, store, and use personal data in the following categories:

• Contact information such as your name, email address, phone number, title, professional details, and employer's name.
• Information about our users' experiences with products, services, events, webinars, and online forums and communities.
• Contact information derived from your interactions with us, such as with our customer support team.
• Contact Information about prospective customers collected from our events, trade shows, and partners.
• Payment information for purchases with Company.
• Audio and visual information, such recordings of some calls, meetings and events.
• Additional details customers, candidates, and participants at events sponsored by us including:
  • Identity documents and other personal data collected solely to authenticate the candidate's identity and for security purposes such as photographs.
  • Personal data submitted for accommodations (such as information about health or language concerns). 
• Other personal data may be collected in connection with our Services, as described in a relevant Service-specific Addendum.
• Usage information related to the use of Company products and services, including information about users of the products and services, such as unique browser identifiers, IP address, browser and operating system information, device identifiers, and other user device information.
• We do not collect, process or store Sensitive Personal Information (“SPI”) including biometric and health scan data. 

4. How we collect personal data.

Personal data is obtained directly from you or your employer. We also may receive personal data from our partners (which include resellers and distributors), third-party marketplaces where our products are offered data brokers (such as Dun & Bradstreet), marketing companies, interactions with our website, referrals from other customers and users, publicly available sources such as company websites and LinkedIn. Company collects certain categories personal data when you visit our website.   

5. How we use and share personal data.

We use and share personal data for the following purposes: 

• To analyze, improve, and develop Company products and Services
• To interact with our subprocessors that support data collection, analysis, and reporting features and functionality
• To provide our products, Services, events, websites, communities, training, and other business offerings
• To process payments and manage accounts
• To manage our relationships with customers, partners, resellers, distributors, event attendees, investors, and others (which may involve sharing personal data with them)
• For marketing, advertising, and other communications (including customizing those communications for specific recipients)
• To provide a third party (such as an employer) with confirmation or denial of an individual's claimed certification status
• For surveys and other market research
• For security, IT management, and related research
• To enforce the legal terms that govern our business and commercial relationships (for example, we may share personal information with the opposing party, judge or arbitrator in a dispute when required by law)
• To provide security and business continuity
• To follow the law, or in other cases where we believe that using or disclosing the data is appropriate to protect the rights, safety, and property of Company or others (for example, when required to make disclosures in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements)
• For an actual or contemplated business sale, merger, consolidation, change in control, transfer of substantial assets, or reorganization, or due diligence in anticipation of such an event (for example, if a company were to acquire Company, it may also acquire the personal data we hold)
• For other purposes requested or permitted by our customers or users

 We may share personal data for the purposes listed above with the following:

• our affiliates
• our customers
• third parties that assist us, such as our partners, event providers, payment processors, marketing providers, testing providers, analytics providers, providers of technical services (e.g., providers of data storage, data backup, and CRM systems), and other subcontractors;
• joint marketing partners
• security researchers
• employers and others who seek verification of an individual’s claimed certification status
• entities involved in dispute resolution (such as an arbitrator or an opposing party)
• entities involved in potential or actual significant corporate transactions or events (such as those described in the second-to-last item in the list of uses and disclosures above)
• governmental entities

These uses and disclosures are also subject to our contractual obligations.  All service providers, contractors, and subprocessors that may access personal data are bound by written contracts that restrict their use of personal data to specified business purposes, prohibit sale or sharing of personal information, require compliance with applicable privacy laws, and provide audit rights. 

6. What is the legal basis that applies to our use of personal data?

The laws in some jurisdictions require data controllers to tell you about the legal grounds that allow them to use or disclose your personal data. Where those laws apply, our legal grounds are:

• Legitimate Business Interests: We handle personal data because it furthers the legitimate business interests of Company (or of our customers, business partners, or suppliers) in the activities we engage in to run our business and provide you with Services, including those listed below, and because that handling of data does not unduly impact your interests, rights, and freedoms:
  • Providing cybersecurity and managing information technology assets;
  • Protecting business activities, individuals, and property;
  • Providing customer service;
  • Marketing and advertising (including sending certain direct marketing);
  • Analyzing and improving business activities;
  • Managing risks and legal issues. 
• To perform contractual commitments: Some of our handling of personal data is necessary to meet our contractual obligations to individuals, or to take steps at the person's request because we are planning to enter into a contract with that person or their company. For example, when we process an individual’s payment data for a training program, we are relying on this basis.
• Consent:
  • If the law requires consent, and in some other cases, we handle personal data on the basis of consent. For example, we conduct some of our direct marketing on the basis of consent.
  • If the law requires explicit consent, we use personal data on that basis.
  • If the law allows, we may be able to infer consent from the circumstances. 
• Legal compliance: We sometimes need to use and disclose personal data to comply with our legal obligations.
• Legal claims: Sometimes we use or disclose personal data because it is necessary to establish, exercise, or defend legal claims.
• See the Data Inventory Summary (Addendum A) for additional information.

7. What Personal Data rights and choices (including direct marketing opt-out) are available?

We offer the options below for exercising your rights and choices about how we use your personal data. Many of these are subject to important limits or exceptions under applicable laws.  

• You may review and update certain information by logging into the relevant Company websites or online services.
• Our marketing email messages, and certain other communications include instructions about how to unsubscribe, which you can use to limit or stop those communications. Opt-out processes may take some time to complete, but we will work to meet your request as quickly as possible. You cannot opt out of certain communications (such as account related or billing- related communications.)
• You can exercise opt-out rights, object, or withdraw consent in relation to our use of certain cookies and certain similar technologies as described below.
• The law of your jurisdiction (for example, within certain States such as California, or international locations such as the United Kingdom and European Economic Area) may give you additional rights to request access to, correction of, or deletion of certain personal data we store. In some cases, you may be entitled to receive a copy of the personal data you provided to us in portable form or to request that we share it with a third party. The law may also give you the right to request restrictions on the use of your personal data, to object to our use of your personal data, or to withdraw your consent to use your personal data (which will not affect the legality of any processing that happened before your request takes effect). Section 14 below explains how to contact us to make these requests.
  • For example, people who live in the United Kingdom or European Economic Area (and certain other people) have the right to opt out of our use of personal data for direct marketing. They can exercise their rights to opt out, or to object to other processing, by contacting us as described below. 

• For more information about Californians’ privacy rights under California law, please see Section 11 below.

YOUR RIGHTS UNDER CHAPTER III, ARTICLES 15 – 21 OF THE GDPR AND OTHER REGULATORY ACTS: 

You have the following rights in connection with the processing of personal data by Us (the exercise of each of the following rights is carried out at the request of the User(s)): 

• Submit a request to Us for access to the personal data of the User(s) (generally known as a “data subject access request”). This will allow the User(s) to obtain a copy of the personal data We hold about such User(s) and to verify that We are processing it lawfully.
• Request correction of the personal data We store about the User(s). This will allow the User(s) to correct any incomplete or inaccurate information that We store about the User(s).
• Request for deletion of personal information of the User(s). This allows the User(s) to ask Us to delete personal information if there are no compelling reasons for its further processing. The User(s) also have the right to ask Us to delete personal information if the User(s) have exercised their right to object to processing.
• Object to the processing of the User(s) personal data when We rely on a legitimate interest (or the interest of a third party) and there is something specific to the situation that makes the User(s) object to the processing on this basis. The User(s) also have the right to object if We process personal data for direct marketing purposes, for example, in our recruitment campaigns.
• Request to restrict the processing of personal data of the User(s). This allows the User(s) to request Us to pause the processing of personal data, for example, if the User(s) wants Us to check its accuracy or the reason for processing.

You may contact us with any concerns or complaints regarding our privacy practices, and you also may submit a complaint to the relevant governmental authority.  For your protection, we will only implement requests with respect to personal data after we have verified your identity to our satisfaction, taking into consideration the nature of your request. 

8. Does the personal data go to other countries?

We store and process personal data in the United States and the European Union. When we transfer personal data from the EEA, UK, or Switzerland to countries not subject to an adequacy decision, we rely on the European Commission’s 2021 Standard Contractual Clauses together with, where applicable, the UK Addendum and Swiss Addendum. You may request a copy of these safeguards by contacting privacy@everworker.ai. Personal data may, in limited circumstances, be accessed by law-enforcement authorities in accordance with applicable law. 

9. Use of cookies and similar technology.

When accessing the Company website, Company and third-party partners of Company may collect certain information by automated means such as through the use of cookies, web beacons, JavaScript, mobile device functionality and similar computer code. Cookies are files that contain data, such as unique identifiers, that may be transferred to and from your device when you visit a web page. More details about our use of Cookies and how you can opt out and manage cookies is found in the Company Cookie Policy located at:   https://everworker.ai/legal/cookie-policy 

10. How long does Company store personal data?

We will retain personal data as long as necessary to fulfill the purposes outlined in this Policy unless the law requires us to keep it for a longer period of time. To provide security and business continuity for the activities described in this Policy, we make backups of certain data, which we may retain for longer than the original data. 

We store your personal data in Our internal Customer Relationship Management system (hereinafter - the “CRM”).  Retention periods vary by data type and purpose, as detailed in Addendum A. We do not retain personal data longer than necessary for the stated purposes.  

Notice: User(s) may request that Company not store personal data by sending Us a request to support@everworker.ai.  We will take all reasonable measures to delete all personal data about such User(s). However, with the explicit consent of the User, we may retain a streamlined version of their profile, including their email address, for future purposes, enabling us to keep the User informed about our recruitment campaigns or marketing offers. 

11. How do we provide security for personal data that we handle and store?

We take the security of data seriously and although we cannot guarantee that data that we collect can be protected from all possible threats, we have put in place physical, technical, and administrative safeguards to protect your data. 

In accordance with Article 32 of the EU General Data Protection Regulation (GDPR) and similar laws, we maintain a comprehensive set of technical, organizational, and administrative safeguards designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. 

Technical and Organizational Measures.  We employ the following categories of security measures, proportionate to the risks presented by our processing activities: 

• Encryption: All personal data transmitted over public networks is encrypted using modern Transport Layer Security (TLS 1.2 or higher). Personal data stored in our databases and cloud environments is encrypted at rest using industry-standard encryption algorithms (AES-256 or equivalent).
• Access Controls: Access to personal data is limited to authorized personnel based on the principle of least privilege. All staff and contractors with access to personal data are bound by confidentiality obligations. Multifactor authentication (MFA) and strong password controls are required for system access.
• System and Network Security: Our systems are protected by firewalls, intrusion detection and prevention systems, and continuous monitoring. We apply regular software patching and vulnerability management to mitigate known threats. 
• Data Resilience and Continuity: We maintain redundant systems and encrypted backups to ensure that data can be restored in the event of accidental loss, hardware failure, or other incidents. Backups are tested periodically for integrity and restoration capability.
• Incident Detection and Response: We maintain an Incident Response Plan that includes procedures for identifying, investigating, and mitigating security incidents. If a personal data breach occurs, we will notify affected customers or supervisory authorities without undue delay, as required by law.
• Subprocessor and Vendor Oversight: All subprocessors are contractually required to implement equivalent security controls and undergo periodic security and privacy assessments.
• Employee Awareness and Training: All employees receive mandatory security and privacy training at onboarding and periodically thereafter, covering secure data handling, phishing awareness, and incident reporting.

• Testing and Review: We regularly assess the effectiveness of our security measures through internal audits, vulnerability scans, and third-party penetration testing. Findings are tracked and remediated in accordance with our internal security governance process.
• Continuous Improvement. While no system can guarantee absolute security, Integrail’s information security program is designed to maintain ongoing confidentiality, integrity, availability, and resilience of processing systems and services. Security controls are reviewed at least annually, and updates are implemented as technology and regulatory expectations evolve.

12. How do we handle information that is not personal data?

Our use and disclosure of non-personal data is not subject to this Policy, however, if you or your employer has entered into a contract or non-disclosure agreement with us, confidential non-personal data will always be protected from disclosure as provided for in the applicable agreements. If applicable law and our contractual obligations allow, we may aggregate or de-identify your personal data so that the information cannot be linked to you.   

13. YOUR RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT AND (“CCPA”) THE CALIFORNIA PRIVACY RIGHTS ACT (“CPRA”).

The CCPA and the CPRA provide additional rights to residents of California regarding personal data collection and use practices. 

13.1 Categories of personal information collected. 

We identify below the categories of personal information that we have collected about our users in the last 12 months, using the categories provided in the CCPA:  

• Identifiers
• Customer Records Information
• Commercial Information
• Internet or Other Electronic Network Activity Information
• Geolocation Data
• Professional or Employment-related Information

For more detail on the information we collect, including the sources we receive information from, please refer to our Information Collection Practices above. We collect and use these categories of personal information for the business purposes described in the Information Collection Practices section above. 

13.2 Categories of personal information shared with our Partners. 

Company does not sell your personal information to any third party for monetary consideration. Under the CCPA, however, the term "sell" could include sharing of personal information with partners where Company may obtain a commercial benefit. This might include sharing of personal information with Company's implementation or reseller partners, for example. We identify below the categories of personal information that we have provided to our partners in the last 12 months, using the categories provided in the CCPA: 

• Identifiers
• Customer Records Information
• Commercial Information
• Internet or Other Electronic Network Activity Information
• Geolocation Data
• Professional or Employment-related Information 

13.3 Rights of California residents. 

California residents are entitled to the following rights under the CCPA. To exercise any of the rights, please submit a request to the email address or call our toll-free number set forth in Section 14. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know.

1. Right to Know. You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:
   The categories of sources from which the personal information was collected;
   1. The categories of personal information about you we disclosed for a business purpose or sold;
   2. The categories of third parties to whom the personal information was disclosed for a business
      
   3. purpose or sold;
   4. The categories of personal information we have collected about you; 
   5. The business or commercial purpose for collecting or selling the personal information; and
   6. The specific pieces of personal information we have collected about you.
      
   
   
2. Right to Delete. You have the right to request that we delete the personal information we have collected from you in the last 12 months. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request to delete. If we deny your request, we will explain the reason why in our response.
   
3. Right to Correct. You have the right to request correction of inaccurate personal information we maintain about you.
   
4. Right to Opt-Out. You have the right to tell us not to sell your information at any time. If you are a California resident and we know you are under 16 years of age, we will not sell your personal information unless (i) you are 13 years of age or more and have provided opt-in consent and confirmed that choice, or (ii) you are under 13 years of age and your parent or guardian has provided affirmative authorization of that sale. We recognize and process Global Privacy Control (“GPC”) and other opt-out preference signals as valid requests to opt out of sharing or targeted advertising. 
   
5. Right to Limit the Use of Sensitive Personal Information. We do not collect, store, or process, sensitive personal information, although we may process account-authentication data (user credentials) and, where applicable, limited geolocation used for security verification.   
6. Right to Non-discrimination. You have the right not to receive discriminatory treatment by us for exercising any of your rights.
   
7. Authorized Agent. You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent's permission to do so and verify your identity directly.

   14. Changes to the Privacy Policy.

In the event of changes in the law, our data handling practices, or for other reasons, Company reserves the right to update and change this Policy at any time, by updating and publishing the revised Privacy Policy on the Website.  The date at the top of this Policy reflects the last revision.  Archived versions are available upon request. 

15. Children’s Privacy

Our Services are not directed to children under the age of 18. We do not knowingly collect personal information from children under this age. If we become aware that we have collected such information, we will delete it promptly. Parents or guardians who believe their child has provided us with information may contact us at  support@everworker.ai and we will take appropriate steps to delete this personal data from Company servers. 

16. How to contact us.

If you have any questions or wish to exercise your rights under the GDPR, the CPRA/CCPA, or other applicable privacy laws, you may send notice by email to Company at support@everworker.ai, or if you are in the United States, you may call us at: +1 475 284 4287.

You may also send a written notice to us at the following address:  

Integrail Corporation 

Attn:  Privacy 

573 Indian Field Road 

Greenwich, CT 06830  

Data Protection Officer (DPO): Pavel Dibin, CISO

Contact Email:  privacy@everworker.ai 

EU and UK Representative:   We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the EU and the UK. For EU residents, you may lodge a complaint with your local supervisory authority or with the Austrian Data Protection Authority (DSB), Prighter’s lead EU authority. 

To contact Prighter please visit the following website: https://app.prighter.com/portal/11182571312 

ADDENDUM A 

DATA INVENTORY SUMMARY  

The following table summarizes the types of personal data we process, the purposes for which we process it, the lawful bases under GDPR Article 6, our general retention periods, and the categories of recipients.  For enterprise customers, additional details appear in our Data Processing Agreement available upon request.