Privacy Policy
Last updated: July 9, 2026
This policy describes how Evidence processes personal data, in compliance with Brazil's General Data Protection Law (LGPD — Law 13,709/2018) and, where applicable, the GDPR. It covers the website and the platform.
1. Data we collect
- Account data: email, name, and professional field, provided at sign-up (directly or via Google Sign-In).
- Professional content: questions sent to the chat, conversations, attachments, and settings.
- Patient data entered by the professional: identification, demographics, clinical notes, measurements, and appointments you record. For this data, you are the controller and Evidence acts as processor, handling it only under your instructions and to provide the service.
- Technical data: access logs (IP, timestamp), device type, and essential session cookies.
2. How we use it
- Providing the service: generating answers, keeping history, records, and schedule;
- Authentication, security, abuse prevention, and legal compliance;
- Operational communications (e.g., email access codes);
- Product improvement with aggregated, anonymized data.
We do not sell personal data and we do not use patient data for advertising.
3. Artificial intelligence and subprocessors
To generate answers, consult content (including linked clinical context) is processed by language-model and cloud-infrastructure providers engaged by Evidence, contractually limited to processing necessary to provide the service. Main subprocessors: AI model providers (e.g., DeepSeek, Anthropic, OpenAI, Google), hosting and database (Vercel, Neon), and transactional email. Some processing may occur outside Brazil, with adequate international-transfer safeguards.
4. Legal bases
We process data based on: contract performance, legal obligation, legitimate interest (security and improvement, with minimized data) and, where applicable to patients' health data, healthcare protection in procedures carried out by a health professional, under the responsibility of the professional controller.
5. Cookies
We use essential cookies only: authenticated session (httpOnly) and login CSRF protection. No third-party tracking cookies. If analytics or advertising tools are adopted later, this policy will be updated and consent requested where required.
6. Retention and deletion
We keep data while the account is active. You can delete patients and conversations anytime in the platform, and request full account deletion via the contact email — fulfilled within 15 days, subject to legal retention duties.
7. Security
We use encryption in transit (TLS), session-based access control, per-user data isolation, and providers with market certifications. No system is risk-free; relevant incidents will be reported as required by law.
8. Your rights
You may request confirmation of processing, access, correction, anonymization, portability, deletion, and consent withdrawal at ajuda@evidence.clinic. We respond within the legal deadline. DPO: same email.
9. Children and adolescents
The Platform is intended for professionals over 18. Data of minor patients entered by the professional is processed under the professional's own responsibility and legal basis.
10. Changes
Updates to this policy will be published on this page with a new date. Material changes will be flagged in the platform.