Last updated: 08 June 2026
Everap is operated by Evolve Capex Ltd, trading as Everap. For data protection purposes, Evolve Capex Ltd is the controller of your personal data.
This Privacy Policy explains how we collect, use, store and delete personal data and documents submitted through Everap.
Questions about privacy should be sent to: hello@everap.co.uk.
When you use Everap, we may process:
We do not ask you to upload sensitive personal data. However, contract documents may contain personal data about you, your client, contractors, consultants or other project participants. You should only upload documents that you are authorised to share with us.
We process your document and contact details to deliver the service you have requested: generating and sending your Contract Risk Snapshot or paid Building Contract Risk Review, and contacting you about that specific submission.
We may also process limited data to:
We do not sell your data.
Your document is used to generate your review. We do not use uploaded contracts to train Everap AI models, and our production AI route will be configured to prevent provider training use.
We process your personal data under the following lawful bases:
Contract: where processing is necessary to provide the service you requested, including generating and sending a Contract Risk Snapshot or Building Contract Risk Review.
Legitimate interests: where processing is necessary for operating, securing, improving and administering Everap, provided those interests are not overridden by your rights.
Legal obligation: where we are required to retain limited information for tax, accounting, compliance, legal or dispute-management purposes.
Our retention policy is explicit and enforced in our system.
Free Contract Risk Snapshots: the uploaded contract and generated snapshot are deleted from active storage 30 days after the snapshot has been sent to you.
Paid Building Contract Risk Reviews: the uploaded contract and generated review are retained for 12 months from the date of payment, so that we can support follow-up questions, and then deleted from active storage.
Earlier deletion: you may ask us to delete your uploaded document and associated personal data earlier by emailing hello@everap.co.uk.
We may retain limited business records where necessary for accounting, tax, legal, fraud prevention or dispute-management purposes.
We may retain minimal, non-identifying analytics indefinitely, such as counts of submissions by contract type. These analytics do not identify you, your client or your project.
Access to uploaded documents is strictly limited to authorised Everap personnel and service providers who need access to operate the service.
Documents are held in private storage that is not publicly accessible.
Any download link we send you is signed, short-lived and expires automatically.
Everap uses AI tools to assist with the initial risk analysis of contract text.
Your document text may be transmitted to our AI provider strictly for the purpose of generating your Contract Risk Snapshot or Building Contract Risk Review.
Under our service configuration, uploaded document text is not used by our AI provider to train its models.
Snapshots are reviewed before release as part of Everap's quality-control process.
Before public launch, Everap will confirm and name the current provider chain accurately. At present, the intended free snapshot workflow uses the Lovable AI Gateway routing to Google Gemini.
AI tools can miss issues, misread clauses or produce incomplete analysis. Everap's outputs are commercial risk reviews only and are not legal advice.
Your uploaded contract is not sent to any public file-scanning or malware-scanning service where it could become discoverable by third parties.
On receipt, we run structural validation on the file, including confirming that it is a valid PDF, within size limits and readable before processing.
Your document is only shared with the processors required to operate the service, such as our hosting, storage, AI and email providers.
We rely on a small set of trusted processors to operate Everap. These may include:
Each processor handles your data only as needed to deliver the service.
We will name our current processors on request.
Some of our providers may process data outside the UK.
Where this happens, we rely on appropriate safeguards where required, such as adequacy regulations, standard contractual clauses, the UK International Data Transfer Agreement or other lawful transfer mechanisms.
Uploaded files are validated on receipt, stored in private storage, and access is gated by authentication and access controls.
Download links are signed and short-lived.
We apply technical and organisational measures appropriate to the sensitivity of the data.
No digital service can guarantee absolute security. You should avoid uploading documents unless you are authorised to share them and comfortable doing so through an online service.
Depending on where you live and the applicable law, you may have rights under UK/EU data protection law to:
To exercise your rights, email hello@everap.co.uk.
If you are in the UK, you also have the right to complain to the Information Commissioner's Office.
We may contact you about the specific submission or review you requested.
We will not add you to a general marketing list unless you have opted in or we have another lawful basis to contact you.
You can opt out of marketing emails at any time.
We may update this Privacy Policy from time to time.
The latest version will be published on the Everap website.
Questions about privacy, deletion or data rights should be sent to:
Everap's Contract Risk Snapshot is not legal advice.