← Back to site
Legal

Privacy Policy

Last updated: July 14, 2026

The short version: your CRM and lead data stay in your browser. The personal data we hold is limited to what's needed to run your account — your email, your subscription status, and a device identifier used to enforce seats. This page explains all of it, in plain language, with the detail behind each claim.

At a glance

1. Who we are

Ervona ("we", "us") provides Ervona SDR, a Chrome extension that automates outbound outreach inside your CRM, and the ervona.ai website. This policy covers both. For anything privacy-related (or general help), email privacy@ervona.ai.

2. Data you give us

3. Data the extension creates

4. Data we deliberately do not collect

Ervona SDR operates your CRM locally in your browser. Lead and customer records, email content, phone numbers, notes, message templates, and your outreach history are processed on your device and are not transmitted to our servers. We have no ability to read your CRM. This is an architectural choice, not just a policy promise: the extension has no code path that uploads CRM content.

5. Data collected automatically

Our website and authentication endpoints log basic technical information (such as IP address, browser type, and timestamps) for security, rate-limiting, and keeping the service running. We keep this to a minimum, do not use it to build advertising profiles, and do not enrich it with third-party data. See our Cookie Policy for the (short) list of cookies and local storage we use.

6. How we use data

We do not use your data to train AI models, and we do not sell or rent personal data to anyone.

7. Legal bases (GDPR)

Where the GDPR applies, we process personal data on these bases:

8. Service providers (subprocessors)

We share the limited data above only with providers that help us run the service:

These providers process data on our behalf under their own security and privacy commitments. If we add a subprocessor that touches personal data, we'll update this list before it goes live.

9. International transfers

Our providers may process data in the United States and other countries. Where required, transfers are protected by recognized safeguards such as Standard Contractual Clauses implemented by our providers.

10. Data retention

11. Your rights

Depending on where you live (including under the GDPR and the CCPA/CPRA), you may have the right to:

To exercise any of these, email privacy@ervona.ai from your account email — that's how we verify it's you. We respond within the time required by law (30 days for GDPR requests, 45 for CCPA). California residents: we do not "sell" or "share" personal information as defined by the CCPA/CPRA, so there is nothing to opt out of — see Your privacy choices.

12. Security

No system is perfectly secure, but keeping CRM data on your device rather than our servers removes the biggest risk class entirely: we can't leak what we never had. If we ever become aware of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.

13. Children

Ervona is a business tool and is not directed to anyone under 16. We do not knowingly collect data from children; if you believe a child has provided us data, email privacy@ervona.ai and we'll delete it.

14. Changes to this policy

We may update this policy as the product evolves. Material changes will be reflected by the "Last updated" date above and, where the change meaningfully affects your rights, communicated to you by email before it takes effect.

15. Contact

✉ privacy@ervona.ai