PRIVACY POLICY

Last Updated: 19 February, 2026.
Entity: Evro AI Pty Ltd (ACN: 686025454)

1. Introduction and Scope

Evro AI Pty Ltd (“Evro”, “we”, “us”, or “our”) is an Australian company headquartered in Sydney, New South Wales, Australia. We provide an AI-powered meeting intelligence platform that records, transcribes, and analyses conversations to deliver insights, summaries, and coaching recommendations (the “Service”).

This Privacy Policy (“Policy”) explains what Personal Information we collect, how we use and protect it, and your rights. It applies to all users of the Evro platform, website, and any integrations with third-party services including Google and Microsoft. Any terms not defined here have the meanings given in our Terms of Use.

This Policy is designed to satisfy:

  • Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
  • EU General Data Protection Regulation (GDPR) and UK GDPR
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Nevada Revised Statutes Chapter 603A
  • Standard Contractual Clauses (SCCs) and UK International Data Transfer Agreement (IDTA) for cross-border data transfers
  • Google API Services User Data Policy (including Limited Use requirements)
  • Microsoft Identity Platform and Microsoft 365 App Compliance Program requirements

If you do not agree with this Policy, you must not use any of our Services. If you change your mind in the future, you must stop using the Services and may exercise your rights as set out below.

2. Data Controller and Processor

Evro AI Pty Ltd is the data controller for Personal Information collected through the Service. Where Evro processes Personal Information on behalf of a business customer (“Organisation”) under an enterprise service agreement, that Organisation is the data controller and Evro acts as a data processor, operating only on their instructions. In those circumstances the Organisation’s privacy policy also applies and we encourage you to read it.

If you have used an email address provisioned by an organisation (an “Organisation Email”) to create a personal Evro account, the organisation that provisioned that email may request, and we will disclose to them, the Organisation Email associated with your account. We will not transfer the contents of your account to that organisation without your explicit consent.

Privacy Officer:  hello@evro.ai  (subject line: “Privacy Enquiry”)

Australia:  Evro AI Pty Ltd, Sydney, New South Wales, Australia

UK Representative:  hello@evro.ai  (subject line: “UK Privacy Enquiry”)

3. Information We Collect

For this Policy, “Personal Information” means any information relating to an identified or identifiable individual.

3.1 Information You Provide to Us

  • Registration Information: Your name, email address, password or third-party OAuth token, and optionally a profile picture.
  • Meeting Content: Audio and video recordings, transcripts, and any text, images, or materials you upload or provide in connection with a meeting (“Meeting Content”). Audio recordings are deleted once the transcript is created — we do not retain raw audio. If your Meeting Content contains the Personal Information of third parties, please ensure you have obtained all necessary permissions from those individuals before using the Service.
  • Communication Information: Your email address and any other information you share when you contact us.
  • Referrals and Collaboration: If you invite colleagues or others to Evro, you provide their email addresses and contact details.

3.2 Information Automatically Collected

  • Usage Information: Timestamps, access and activity logs, session data, and interaction records.
  • Device Information: IP address, unique device identifiers, device model, browser type and version, and operating system.
  • Location Information: Approximate location inferred from your IP address.
  • Cookies and Similar Technologies: See Section 5 for full details.

3.3 Information from Third Parties

  • Google Sign-In and Google Calendar: Identity, email, profile, and calendar event metadata as described in Section 3.5.
  • Microsoft Sign-In and Outlook Calendar: Identity, email, profile, and calendar event metadata as described in Section 3.6.
  • Payment Processor (Stripe): Transaction confirmation only. Evro does not receive or store raw payment card data.
  • Analytics Providers: Aggregated usage and engagement data to help us understand how the Service is used.
  • Customer Communication: Identity, email is used to send customer product and marketing communication.

3.4 Sensitive Information

Meeting Content may contain sensitive information as defined under the Privacy Act 1988 (Cth), including health information, biometric identifiers, racial or ethnic origin, political opinions, religious beliefs, trade union membership, or criminal history. We collect and process such information only where reasonably necessary to provide the Service and with the consent of the relevant individual, which may be obtained by the meeting host on our behalf.

3.5 Google Services Data

Evro integrates with Google services to enable sign-in and calendar-aware meeting intelligence. The following sets out exactly what Google data we access, why it is required, and how it is used.

3.5.1 Google Sign-In

  • Google user identifier (openid scope): Used solely to authenticate your identity via the OpenID Connect protocol. Evro does not access Gmail or any other Google service through this scope.
  • Email address (email scope): Used to create and manage your Evro account and allow you to sign back in. Evro does not access, read, scan, or process Gmail messages or any email content.
  • Name and profile photo (profile scope): Used to personalise the Evro interface. This information is not used for advertising and is not shared with third parties for marketing purposes.

3.5.2 Google Calendar Integration

After signing in, you may connect your Google Calendar. Connecting Google Calendar is required to use Evro’s core meeting intelligence features. Evro uses strictly read-only access and retrieves only the following calendar event metadata:

  • Event title
  • Event start and end time
  • Event attendees
  • Event ID

What Evro does NOT access:

  • Gmail messages or any email content
  • Calendar event descriptions beyond what is needed to identify a scheduled meeting
  • Calendar attachments
  • Any other Google account data not listed above

How we use Google Calendar data:

  • To detect scheduled meetings and display them in the Evro dashboard
  • To allow you to initiate meeting recordings from within Evro
  • To associate meeting transcripts and AI insights with the correct calendar event

What Evro does NOT do with Google Calendar data:

  • Evro does not create, modify, or delete Google Calendar events
  • Evro does not use Google Calendar data for advertising, marketing, or profiling
  • Evro does not sell Google Calendar data or share it with third parties, except with sub-processors strictly necessary to operate the Service

Retention and revocation: Google Calendar metadata is retained only as long as needed to associate a transcript or AI insight with the corresponding meeting. Upon disconnection or account deletion, this data is deleted within 30 days. You may revoke access at any time via myaccount.google.com/permissions. Revoking access will disable calendar-based meeting detection in Evro.

3.5.3 Google API Services

Evro’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. See developers.google.com/terms/api-services-user-data-policy.

  • Google user data is used only to provide or improve features visible to the user within the Evro interface.
  • Google user data is not used for serving advertisements.
  • Evro does not permit humans to read your Google data unless you have given explicit permission, it is necessary for security purposes, or it is required by applicable law.
  • Google user data is not used for any purpose unrelated to providing the Evro Service.
  • Google user data is not transferred to third parties except as necessary to operate the Service, with your consent, or as required by law.

3.6 Microsoft Services Data

Evro integrates with Microsoft services to enable sign-in and calendar-aware meeting intelligence for users on Microsoft platforms.

3.6.1 Microsoft Sign-In

  • User identifier: Used solely to authenticate your identity via the Microsoft identity platform. Evro does not access Outlook mail, OneDrive, SharePoint, Teams messages, or any Microsoft service beyond authentication.
  • Email address: Used to create and manage your Evro account. Evro does not access, read, or process Outlook or Exchange email messages.
  • Name and profile photo: Used to personalise the Evro interface.

3.6.2 Microsoft Outlook Calendar Integration

You may optionally connect Microsoft Outlook Calendar. Evro uses strictly read-only access to calendar event metadata only, equivalent in scope to Section 3.5.2. Evro does not create, modify, or delete Microsoft Calendar events. Microsoft Calendar data is used solely to detect scheduled meetings, display them in the Evro dashboard, and associate transcripts and AI insights with the correct meeting event.

What Evro does NOT do with Microsoft data:

  • Evro does not request high-risk permissions such as Files.ReadWrite, Mail.Read, Mail.ReadWrite, or Sites.FullControl
  • Evro does not use Microsoft data for advertising, marketing, or profiling
  • Evro does not sell Microsoft user data or share it with third parties except sub-processors required to operate the Service

You may revoke Evro’s Microsoft permissions at any time via myaccount.microsoft.com/permissions. Revoking access will disable calendar-based meeting detection in Evro.

4. How We Use Your Information

  • Set up and manage your account: Using your registration information and third-party sign-in data.
  • Provide the Service: Recording, transcribing, summarising, and analysing meetings; detecting scheduled meetings via calendar integrations; associating transcripts and insights with the correct calendar event.
  • Improve and monitor the Service: Analysing usage patterns, debugging, and improving our transcription and AI models.
  • Communicate with you: Sending summaries, product updates, billing notices, and support messages.
  • Security and fraud prevention: Detecting, investigating, and responding to security threats, fraud, and abuse.

4.1 AI Training and Model Improvement

We do not allow third parties such as OpenAI or Anthropic to use your Personal Data to train their AI models. We do not use identifiable Meeting Content to train any publicly available foundation model.

We obtain explicit permission before any human review of specific recordings for training refinement purposes (for example, when you rate transcript quality and opt in to sharing that recording for improvement).

You or your Organisation may opt out of having de-identified Meeting Content used for model training at any time by:

  • Emailing hello@evro.ai with the subject line “Training Opt-Out”

4.2 Legal Basis for Processing

Where the GDPR applies, we rely on the following legal bases:

  • Contractual necessity: To provide the Service you have requested.
  • Legitimate interests: To improve and secure the Service, prevent fraud, and develop new features, where our interests are not overridden by your rights.

5. Cookies and Similar Technologies

We and our third-party partners use cookies, pixel tags, web beacons, and similar technologies to operate the Service, remember your preferences, and measure performance. Cookies are small files stored on your browser or device.

We use the following types:

  • Consent: Where required by law, including for AI model training and optional integrations.
  • Legal obligation: To comply with applicable laws and regulatory requirements.
  • Essential Cookies: Required to provide login functionality, user authentication, and security. The Service cannot function without these.
  • Functional Cookies: Used to recognise you when you return to the Service and remember your preferences, such as language or region settings.
  • Performance and Analytical Cookies: Used to understand how users engage with the Service. We use third-party analytics providers including Google Analytics and Amplitude. You may opt out of Google Analytics at tools.google.com/dlpage/gaoptout.
  • You may block or delete cookies via your browser settings. Disabling essential cookies may prevent you from using parts of the Service. For more information about cookies generally, visit allaboutcookies.org or, if you are in the EU, ico.org.uk/for-the-public/online/cookies.

6. Disclosure of Your Information

We do not sell your Personal Information. We do not share Personal Information with third parties for their own advertising or marketing purposes. We disclose data only in the following circumstances:

6.1 Service Providers

We share data with trusted vendors who help us provide the Service. All sub-processors are bound by data processing agreements and may only process data as directed by Evro. Current key sub-processors include:

  • OpenAI: Large language model processing and summarisation.
  • Microsoft Azure: Cloud infrastructure and data hosting (Australia East Region).
  • Post Hog: Product and usage analytics.
  • Loops: Customer communication
  • DeepGram: Automatic Speech Recognition

A complete and current sub-processor list is available on request at hello@evro.ai. We will provide reasonable advance notice of any material changes to our sub-processor list.

6.3 Google and Microsoft

Evro shares data with Google and Microsoft only to the extent required to authenticate users and retrieve calendar event metadata as described in Sections 3.5 and 3.6. Evro does not share Meeting Content, transcripts, or AI insights with Google or Microsoft.

6.4 Legal Requirements

We may disclose Personal Information if required by law, court order, subpoena, or government authority, or where we have a good-faith belief that disclosure is necessary to comply with a legal obligation; enforce our Terms of Use; detect, prevent, or address fraud or security issues; or protect the rights, property, or safety of Evro, our users, or the public.

7. International Data Transfers

7.1 General

Evro AI Pty Ltd is an Australian company. When you use our Service, your personal data is collected and stored on our servers in Australia (Australia East Region). From Australia, we may transmit certain data to our sub-processors located in the United States to provide our Service. 

This means international data transfers occur at two distinct points, each governed by different legal frameworks:

From EEA, UK, or Switzerland to Evro Australia: This transfer is governed by GDPR Article 46. Evro Australia acts as the data importer. The lawful mechanism is the Standard Contractual Clauses (SCCs) described in Section 7.3 below, with Evro AI Pty Ltd named as data importer.

From Evro Australia to our sub-processors: Once your data is lawfully in Australia, onward transfers to our sub-processors are governed by the Australian Privacy Act 1988 (Cth), APP 8. We take reasonable steps to ensure all sub-processors provide protections substantially equivalent to the Australian Privacy Principles, as described in Section 7.2.

7.2 Australian Cross-Border Disclosures

Where we disclose Personal Information to overseas recipients, including our sub-processors, we take reasonable steps under APP 8 of the Privacy Act 1988 (Cth) to ensure those recipients handle the information consistently with the Australian Privacy Principles. We assess each sub-processor’s data protection practices, including their contractual commitments, security certifications, and published privacy policies, and document those assessments in our internal sub-processor register. A list of our current sub-processors is available on request by contacting hello@evro.ai.

7.3 EU-U.S. Data Privacy Framework

Evro is an Australian company. Australia is not currently recognised by the European Commission as providing an adequate level of data protection. Accordingly, for the transfer of your personal data from the EEA, UK, or Switzerland to Evro AI Pty Ltd in Australia, we rely on the following lawful transfer mechanisms, with Evro AI Pty Ltd acting as data importer in each case:

  • EEA — Standard Contractual Clauses (SCCs): For transfers of EEA personal data to Evro Australia, we rely on the Standard Contractual Clauses adopted by the European Commission on 4 June 2021 (Commission Implementing Decision 2021/914), Module 2 (Controller-to-Processor). These clauses are available on request by contacting hello@evro.ai.
  • United Kingdom — UK IDTA or UK Addendum: For transfers of UK personal data, we rely on the UK International Data Transfer Agreement (IDTA) issued by the UK Information Commissioner’s Office, or the UK Addendum to the EU SCCs (as approved by the ICO), as applicable. These instruments govern the transfer of UK personal data to Evro Australia.
  • Switzerland — Swiss-Adapted SCCs: For transfers of Swiss personal data, we rely on the EU SCCs (2021) with the adaptations required under the Swiss Federal Act on Data Protection (nFADP, in force 1 September 2023). These adaptations include: references to ‘EEA’ and ‘Member State’ are read to include Switzerland; the Swiss Federal Data Protection and Information Commissioner (FDPIC) acts as the competent supervisory authority for Swiss data subjects; and Swiss law governs the clauses in relation to Swiss personal data. Should the FDPIC approve an alternative or updated transfer mechanism, we will adopt it accordingly.

You may request a copy of the relevant SCCs or transfer agreements applicable to your jurisdiction by contacting hello@evro.ai with the subject line “Transfer Mechanism Request”. Should Evro establish a U.S. legal entity in the future, we may seek certification under the EU-U.S. Data Privacy Framework and will update this Policy accordingly.

7.4 Enterprise Data Residency

Enterprise Tier customers may request that Meeting Content be stored and processed exclusively on servers located within Australia (East Region) to assist with local data sovereignty requirements. Contact hello@evro.ai for more information.

  • Security: Implementing reasonable and appropriate safeguards as described in Section 8.
  • Access and Choice: Providing you with the ability to access, correct, or delete your data and opt out of certain uses, as described in Section 9.
  • Recourse and Enforcement: Complaints not resolved through our internal process may be referred to JAMS (jamsadr.com/DPF-Dispute-Resolution) at no cost to you. Evro is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

8. Data Security and Retention

8.1 Security Measures

We store your Personal Data in Microsoft Azure servers located in the Australia.

We maintain physical, administrative, and technical safeguards including:

  • AES-256 encryption for all data at rest
  • TLS 1.2 or higher for all data in transit
  • Firewalls, virtual private cloud (VPC) setups, and anti-virus and anti-malware protection
  • Multi-factor authentication (MFA) for administrative access
  • Role-based access controls based on the principle of least privilege
  • Regular penetration testing and independent security audits
  • Vulnerability management and patch processes

No method of transmission over the internet or method of electronic storage is completely secure. You transmit Personal Information at your own risk. For information on our security posture and any disclosed incidents, see evro.ai/security.

8.2 Data Retention

We retain Personal Information for as long as necessary to provide the Service or to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law. Specific examples:

  • Audio recordings are deleted once your transcript is created. We do not retain raw audio.
  • Transcripts, AI summaries, and account data are retained for the duration of your active account.
  • Google and Microsoft calendar metadata is deleted within 30 days of disconnection or account deletion.
  • Payment data is retained as long as needed to process your subscription or comply with financial regulations.
  • Upon account termination, all Meeting Content is permanently deleted within 30 days. Encrypted backups may be retained for up to 90 additional days before permanent deletion.

You may request deletion of specific recordings, transcripts, or your entire account at any time. See Section 9 for how to do this in-app or by contacting us.

8.3 Data Breach Notification

In the event of a data breach likely to result in serious harm, we will notify affected individuals and relevant supervisory authorities in accordance with:

  • The Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth) — notification to the OAIC as soon as practicable and within 30 days of becoming aware
  • GDPR Article 33 — notification to the relevant supervisory authority within 72 hours where feasible
  • Any other applicable state, federal, or international breach notification requirements

9. Your Rights

Depending on your location, you have the following rights in relation to your Personal Information. To exercise any of them, email hello@evro.ai with the subject line “GDPR Request: [nature of request]” or “Privacy Request: [nature of request]” as applicable. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

  • Access: Request a copy of the Personal Information we hold about you and an explanation of how we use it.
  • Rectification: Request correction of inaccurate or incomplete information. Note that raw meeting transcripts cannot be modified after creation; however, you can edit AI-generated speaker ID within the Evro app.
  • Erasure: Request deletion of your Personal Information, subject to legal retention obligations. See in-app steps below.
  • Restriction: Request that we restrict processing of your data in certain circumstances (EEA and UK users).
  • Portability: Receive your data in a structured, commonly used, machine-readable format (EEA and UK users).
  • Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent: Withdraw consent for AI training or optional integrations at any time without affecting the lawfulness of prior processing.
  • Opt out of sale or sharing: Evro does not sell Personal Information. California users may contact us to confirm this at any time.

9.1 In-App Deletion

You can delete your data directly within the Evro app without contacting us:

  • Delete your account: Open Evro → Settings → Profile → Delete Account at the bottom of the page.
  • Delete a meeting: Go to your meeting list → select the meeting → click the options menu → Delete Meeting.
  • Delete other account information: Open Evro → Settings → Profile and update or remove your details.

For any other deletion requests, email hello@evro.ai. We aim to complete all deletion requests within 30 days.

9.2 Revoking Third-Party Integrations

  • Google: myaccount.google.com/permissions
  • Microsoft: myaccount.microsoft.com/permissions

Revoking access for either integration will disable calendar-based meeting detection in Evro.

10. Regional Disclosures

10.1 Australian Users

This Policy is intended to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.

10.2 EEA and UK Users

If you are located in the European Union, United Kingdom, Liechtenstein, Norway, or Iceland, you have additional rights under the GDPR or UK GDPR. Evro acts as data controller or data processor as described in Section 2. If we act as a data processor on behalf of an enterprise customer, please contact that customer in the first instance to address your rights.

International transfers are protected by Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) as described in Section 7.3. If you are not satisfied with our response to a privacy request, you have the right to lodge a complaint with your local supervisory authority:

  • Ireland: Data Protection Commission — dataprotection.ie  |  +353 578 684 800
  • United Kingdom: ICO — ico.org.uk  |  +44 303 123 1113
  • Other EEA Member States: Your national data protection authority — edpb.europa.eu/about-edpb/board/members_en

10.3 California Users (CCPA / CPRA)

Evro does not sell or share Personal Information for cross-contextual behavioural advertising. California residents have the right to know, delete, correct, and opt out under the CCPA and CPRA. To exercise these rights, email hello@evro.ai. We do not discriminate against users who exercise their privacy rights. For additional information, see our Privacy Notice for California Residents available at evro.ai/ccpa.

10.4 Nevada Users

If you are a resident of Nevada, you have the right to opt out of the sale of certain Personal Information to third parties. Evro does not currently sell your Personal Information as defined under Nevada Revised Statutes Chapter 603A. To submit an opt-out request regardless, contact hello@evro.ai.

10.5 Swiss Users

For transfers of personal data from Switzerland, Evro relies on Standard Contractual Clauses as recognised under Swiss data protection law, or such other transfer mechanism as approved by the Swiss Federal Data Protection and Information Commissioner (FDPIC). Swiss users may contact hello@evro.ai to exercise their rights or submit a complaint.

11. Meeting Consent

As a user of Evro, you are the “Host” or “Controller” of the Meeting Content recorded through the Service.

Your responsibility: You are responsible for ensuring all meeting participants have been informed of and have consented to being recorded and transcribed, in compliance with applicable laws in your jurisdiction.

Legal notice: In many jurisdictions — including various Australian States under applicable Surveillance Devices Acts, multiple U.S. states including all-party consent states, and countries across Europe — it is a legal requirement to obtain the express or implied consent of all parties before recording a conversation.

Compliance tools: Evro provides features including Recording Notifications and a configurable bot name (e.g., “Evro AI Notetaker”) to help notify participants. We recommend announcing at the start of every meeting that an AI assistant is present for note-taking purposes.

12. Children’s Privacy

The Service is not directed at children under the age of 16 (or under 13 in the United States under COPPA). We do not knowingly collect Personal Information from children. If you are a parent or guardian and believe your child has provided us with Personal Information, please contact hello@evro.ai and we will delete it promptly.

13. Changes to This Policy

We may update this Policy from time to time. We will alert you of material changes by placing a notice on the Evro website, sending you an email, or by other reasonable means, at least 30 days before changes take effect (or as required by applicable law). The effective date at the top of this Policy will be updated accordingly. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy. The most current version is always available at evro.ai/privacy.

14. Vulnerability Disclosure

If you discover a security vulnerability in the Evro platform, please report it responsibly to hello@evro.ai with the subject line “Vulnerability Disclosure”. We are committed to investigating all reports promptly. Details of any disclosed security incidents are published at evro.ai/security.

15. Contact Us

For all privacy-related enquiries, requests, or complaints:

  • Email: hello@evro.ai  (subject: “Privacy Enquiry”)
  • GDPR matters: hello@evro.ai  (subject: “GDPR Enquiry”)
  • DPF matters: hello@evro.ai  (subject: “DPF Enquiry”)

We will acknowledge your enquiry within 5 business days and aim to resolve it within 30 days.

Your AI Meeting Notetaker, But Better.

Products

Join Beta

Login

Pricing

resources

Blog

Support

Help Centre

company

Contact

Company

Privacy

Terms

© Evro AI Pty Ltd 2026
Trust Centre

01

Let’s start a conversation!

We appreciate you contacting us. We will get back in touch with you soon.

Oops! Something went wrong while submitting the form.
close