Legal

Privacy Policy

February 2025

Privacy Policy

Everflow Technologies Inc. (“Everflow”, “we”, “us”, “our”) provides web-based advertising network, affiliate tracking, targeting, reporting and analytics services (“Platform Services”), that are facilitated by Everflow’s cloud platform (“Platform”), to our customers (“Everflow Customers”). Everflow also operates its corporate website https://www.everflow.io (“Website”). This Privacy Policy explains how Everflow processes (i) data from Everflow Customers’ end users (“End Users”) on behalf of Everflow Customers; and (2) Website Visitor Information (as defined herein).

Everflow is a “data processor” or “service provider” that collects and processes End User data at the instruction of Everflow Customers (“data controllers”). Everflow Customers determine the data that they provide to and collect through Everflow; their use, collection, exportation, or any other use of End User data is subject to their respective privacy policies and applicable laws, and regulations.

Throughout this Privacy Policy, when we use the words “you”, “your”, or “user”, we mean an individual End User of an Everflow Customer viewing ads displayed using the Platform Services. Everflow Website visitors are referred to as “Visitors.”

By using the Platform Services or visiting the Website, you accept and agree to the practices this Privacy Policy describes.  If you do not agree to any of the terms in this Privacy Policy, you should not use the Services.

Scope

This Privacy Policy does not address the practices or policies of Everflow Customers, nor of any website, mobile app, or other property on which ads are displayed using the Platform Services. Everflow is solely a technology and tools provider and does not engage in brokering, displaying or executing any ad campaign. Everflow Customers use the Platform Services and collect and process End User personal information and data, including Collected Information (as defined herein), for the purpose of marketing to individuals (“Personal Data”). For clarification, Personal Data includes Collected Information and Visitor Information (as defined herein).

Everflow Customers own the Personal Data that they provide to and collect through the Platform Services. The collection, retention, processing and other uses of data by Everflow Customers, whether or not in connection with the Platform Services, is governed by their own privacy policies and applicable laws, rules, or regulations. Everflow does not control those Everflow Customer activities.

Data Protection Laws

Each Everflow Customer is the data controller with respect to Personal Data. Under the applicable laws of various countries, you may have certain rights concerning your Personal Data, such as under EU law, the right to access to, rectification or erasure of, and/or restriction of processing or objection to processing of your Personal Data. If you believe that an Everflow Customer has collected or processed your Personal Data, and you have any questions or want to exercise any of your rights with respect to your Personal Data, you should contact them directly.  

If you are a resident in the European Union, you also have the right to a complaint with EU data protection authorities, at no cost. This right may also exist in other countries. If you have questions please ask the relevant Everflow Customer or the data protection authority in your country.

Everflow operates as a “data processor” under the General Data Protection Regulation (“GDPR”) and as a “service provider” under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CCPA). Everflow adheres to these data protection laws. Accordingly, we generally do not have the authority to provide access to or deletion of your Personal Data; you will have to contact the relevant Everflow Customer.  See below for more information. 

What Information Do We Collect?

Platform 

The Everflow Platform Services allow Everflow Customers to collect various kinds of information about their End Users (“Collected Information”).

Everflow Customers can use the Platform Services to create “cookies” (small text files that are saved by your browser) and “pixel tags” or “web beacons” (one-pixel graphic files which are delivered from the Platform Services web server) that can be placed in advertisements or on websites or other apps to collect information about user interaction with the advertisements or websites. Everflow also supports server-to-server measurement for some Everflow Customers. With any of the mentioned methods, when an End User views or clicks on an advertisement, goes to a specific web page, or takes any other action that an Everflow Customer chooses to monitor, the Everflow Platform Services collect information from the End User’s computer or device, as described below.

Log Data. The Platform Services automatically record certain information (“Log Data”) when an advertisement is displayed to an End User through the Platform Services, or when an End User views a web page with a cookie or pixel tag created with the Platform Services. Log Data may include information such as an End User’s Internet Protocol (IP) address and network status, mobile device identifier, application identifier, browser type, operating system, the pages or page features which an End User browsed and the time spent on those pages or features, frequency with which the Platform Services encounter the same End User, search terms, the links or advertisements on which an End User clicked, and other statistics.

Advertising Identifiers. As part of the Log Data, the Platform Services may collect advertising identifiers, which are resettable identifiers unique to your mobile device, and which are used in connection with advertising delivered to your mobile device. Examples of advertising identifiers include IDFA (developed by Apple for the iPhone) and Google Ad ID (developed by Google for Android). If you don’t want advertising identifiers to be used to provide targeted advertising to you, see the section below titled “Opting Out of Targeted Advertising”

Location Information. The Platform Services may collect and store information about where you are located, both by collecting precise geolocation information from your mobile device if and as permitted by you, and by converting your IP address into a rough geolocation and utilizing your mobile phone number to approximate rough geolocation information (based on area code).

Everflow Customers may also share account information for their End Users and their Platform partners on the Platform, including company and employee information necessary to maintain the Platform Services and contact information, including: name, mailing and/or billing address, email address, company name, website url, user name, password, and phone number. Everflow Customers that manage payouts to their Platform partners may share related banking information.

Everflow Customers can also manage information provided by other third-party sources in the Platform, including advertisers, publishers, marketing partners, and other advertising networks and analytics partners. Marketing partners may sign up with advertisers through the Platform.

Everflow requires personnel contact details to set up an Everflow Customer account – including mailing and/or billing address, email address, company name, and website URL. Everflow Customers also need to provide a username and password. All of this information is handled according to the service agreement between Everflow and the Everflow Customer.

Website 

When a Visitor visits the Website, Everflow collects information about his/her device and use of the Website to improve the Website (“Visitor Information”). Everflow also collects any Visitor Information a Visitor voluntarily provides when he/she visits the Website. The type of Visitor Information Everflow collects from a Visitor will depend on his/her request or interaction with the Website. Types of Visitor Information Everflow collects from a Visitor may include specific times of day he/she accesses the Website, the IP address of the device a Visitor used to access the Website, the pages on the Website that a Visitor viewed, the pages a Visitor visited before navigating to the Website, and information about the device a Visitor uses to access the Website, including hardware model, operating system and version, and browser.

Everflow uses Visitor Information collected on the Website for various purposes, including:

  • Ensuring our Website remains relevant to Everflow Customer and End User needs and is easy to use by providing analytics and other data regarding use of our Website;
  • Sending marketing and promotional communications in compliance with applicable laws;
  • Enhancing, improving, or modifying its Website and services, enhancing security, or combating spam or malware or other security risks;
  • Providing confirmations, invoices, technical notices, updates, security alerts, and other support and administrative messages; 
  • Providing targeted advertising; and 
  • For any other purpose with your consent. 

Everflow uses cookies to store Visitors’ individual user preferences in order to make their user experience more enjoyable in the future. A cookie is a piece of information stored by device browsers used to access the Website. Most browsers are initially set up to accept cookies by default. A cookie is generated by a web page server, which is basically the computer that operates a web site. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site.

There is a simple procedure in most Internet browsers to disable cookies. More information about how to reject cookies using internet browser settings can be found in the “Help” section of Internet browsers; alternatively visit https://www.cookiesandyou.com/. However, note that cookies may be required to use certain features of the Website, as well as other sites in general.  

The Website may include links to other websites (“Third Party Websites”) with their own governing privacy practices and policies. We encourage Visitors to carefully read the privacy policy of any Third Party Websites they visit.

What Information Does Everflow Share With Third Parties?

Service Providers. We may engage third party service providers to work with us to administer and provide the Platform Services and the Website. These third-party service providers have access to Personal Data only for the purpose of performing services on our behalf.

Third Parties. We may share aggregated, non-identifying information with third parties for industry analysis, demographic profiling and other similar purposes.

In Connection with Business Transactions. Personal Data is considered to be a business asset. As a result, if we go out of business or enter bankruptcy or if we are acquired as a result of a transaction such as a merger, acquisition or asset sale, Personal Data may be disclosed or transferred to the third-party acquirer in connection with the transaction.

For Our Protection and the Protection of Others. It is our policy to protect you and Visitors from privacy violations from abuse of the legal systems, whether by individuals, entities or government, and to contest claims that we believe to be invalid under applicable law. However, it is also our policy to cooperate with government and law enforcement officials and private parties. Accordingly, we reserve the right to disclose any information about you or Visitors to government or law enforcement officials or private parties in order to: (a) satisfy or comply with any applicable law, regulation or legal process or to respond to lawful requests, including subpoenas, warrants or court orders; (b) enforce our agreements with you or third parties, to protect our property, rights and safety and the rights, property and safety of third parties or the public in general; and (c) prevent or stop activity we consider to be illegal or unethical.

Choices

Opting Out of Targeted Advertising

Everflow Customers may use the Platform Services to provide ads that are likely to be interesting and relevant to End Users (“Targeted Advertising”). One way Everflow Customers may do this is by gathering Collected Information related to End Users, which may include elements like mobile websites you have visited or mobile apps that you use, preferences that you may have provided to your app provider or to the Everflow Customer, information collected by third parties or Everflow and shared with the Everflow Customers, advertising identifiers, or location information (e.g., GPS or Wi-Fi data if you have enabled those services). Everflow Customers may also link an identifier to additional information from other partners to provide the Everflow Customer with information about users’ likely interests.

If you or a Visitor wishes to "opt out" of Targeted Advertising based on the types of techniques described above, your options include the following:

  • Visit www.networkadvertising.org/choices or www.aboutads.info/choices/.
  • Reset your mobile device’s advertising identifier or set it to opt out of targeted advertising.
  • Android: You can reset your advertising ID at any time, right from the Ads section of the Google Settings app on your device. From the same app, you can also opt-out of targeted advertising based on the advertising ID by setting the appropriate ad tracking preference.
  • iOS: You can opt out of targeted advertising by accessing the following link on your device: http://oo.apple.com. Alternatively, if you are using the iOS 6 or above operating system on your device, you may opt-out by electing Limit Ad Tracking in your device’s settings menu (as of the date of this Privacy Policy, located at Settings > Privacy > Advertising).

You should be aware that if you or a Visitor “opts out” it does not mean that you or Visitor will no longer receive advertising. It just means that the advertising you or Visitor sees displayed will not be customized and may be less relevant.

Tracking Technologies and Advertising

Most browsers accept cookies automatically. You may be able to set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. For instructions, check your browser’s technical information. If you disable or refuse cookies, please note that some parts of this App may then be inaccessible or not function properly.  Please note that cookie-based opt outs must be performed on each device and browser that you wish to have opted out.

“Do Not Track” Requests 

Our Platform and our Website currently do not respond to “do not track” or similar signals.

Retention

Each Everflow Customer sets the Personal Data retention period. If you have questions or want more details, please contact the relevant Everflow Customer. Everflow retains Personal Data that it processes on behalf of each Everflow Customer for as long as needed to provide Platform Services as directed by that Everflow Customer. Everflow will also retain Personal Data collected on the Platform Services or the Website for as long as necessary or legal purposes (for example, to comply with its legal obligations, resolve disputes, and enforce its agreements).

Information Security

We take commercially reasonable measures to protect Personal Data from unauthorized access, use or disclosure. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information. Your transmission of your information to our Platform and/or the Website thus is done entirely at your own risk.

International Transfer

Your Personal Data (including personally identifiable information) may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. See our Data Processing Addendum for international data transfer information. Currently, we use servers located in data centers within the United States.

Everflow complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Everflow has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Everflow has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. Everflow is subject to the investigatory and enforcement powers of the Federal Trade Commission.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Everflow commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact our Data Protection Officer, Emma Rogers, at dpo@everflow.io.

Everflow has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, [INSERT ORGANIZATION]. 

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf  

California Visitors

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Platform and/or our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. 

European Union Visitors

For our End Users and Visitors residing in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (“GDPR”) may be applicable.  The GDPR provides a framework for organizations to ensure protection of the personal information of European citizens and gives European citizens certain rights.

Legal Basis for Processing 

If you are an individual located in the EEA, United Kingdom, or Switzerland, our legal basis for processing your personal information will depend on the personal information concerned and the specific context in which it is collected.  However, we will normally collect or process personal information from you only where:

  • We have your consent to do so; or
  • We need the personal information to perform a contract with you (e.g. to deliver services).

In some cases, we may also have a legal obligation to process personal information from you or may need the personal information to protect your vital interest or those of another person.  If we rely on your consent to process the personal information, you have the right to withdraw or decline your consent at any time in writing or as otherwise permitted.  Please note that this does not affect the lawfulness of the processing based on consent before withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Rights to Access and Control Your Personal Data

Individuals residing in the European Economic Area, United Kingdom, and Switzerland have certain rights to access and control their personal data.  These rights include:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • rights in relation to automated decision making and profiling.

Please see our General Data Protection Regulation (GDPR) policy for additional information. For questions or requests, see our contact information below.

Our Policy Toward Children

We instruct Everflow Customers not to use the Platform Services to direct advertising to children under 13 (16 in the EU) and we do not knowingly collect personally identifiable information from children under 13 (16 in the EU). If we learn that we have collected personally identifiable information of a child under 13 (16 in the EU) we will take steps to delete such information from our files as soon as possible.

Changes to Privacy Policy

Everflow may change this Privacy Policy from time to time (“Revision”). We may inform you of any such changes by posting the revised version to our website at the same URL as the original version.

Contact Information

Please contact us at privacy@everflow.io if you have any requests or questions about our Privacy Policy.

Data Protection Officer

Everflow’s designated Data Protection officer is David Steckbeck  who may be contacted at dpo@everflow.io.