Evlt.ai

Privacy Policy.

Last updated: 27 April 2026 (revised)

1. Controller Identity

The data controller for personal data processed through this website and the Evlt.ai platform is:

Habitmon Digital SRL

Registered in Romania, Cluj-Napoca

Email: contact@evlt.ai

This Privacy Policy applies to all personal data collected through evlt.ai and any related services provided by Habitmon Digital SRL.

2. Personal Data We Collect

We collect personal data in the following circumstances:

  • Meeting booking: name, professional email address, company name, and job title — provided when you schedule a consultation via our booking system.
  • Website interaction: behavioural usage data collected through three analytics tools: (a) Microsoft Clarity — pages visited, time on page, mouse movements, clicks, scroll behaviour, heatmaps, and session recordings; (b) PostHog — a unique pseudonymous browser identifier (distinct_id), event names (e.g. section viewed, CTA clicked), event properties (e.g. scroll depth percentage, which section was viewed, which call-to-action was clicked), and page views; (c) Apollo.io — visitor signals from our site (e.g. pages viewed, technical data). Clarity, PostHog, and Apollo may use cookies and similar technologies to recognise browsers or sessions.
  • Communications: any information you include in emails or messages sent to contact@evlt.ai.
  • Calculator inputs: numerical values you enter into our revenue audit calculator (such as team size, close rates, and average deal value). These values may be captured by Microsoft Clarity as part of session recordings and by PostHog as custom event properties.

We do not collect special categories of personal data (Art. 9 GDPR) and we do not engage in automated decision-making or profiling.

3. Legal Basis for Processing

Each processing activity rests on one of the following legal bases under Article 6 GDPR:

  • Consent (Art. 6(1)(a)): when you voluntarily book a meeting or contact us, you consent to us processing the data you provide for that purpose.
  • Legitimate interests (Art. 6(1)(f)): website behavioural analytics (session recordings, heatmaps, scroll and click data) used to understand how visitors use our site and improve it. You may object at any time by contacting us. For analytics involving cookies, we rely on your consent where required by the ePrivacy Directive.
  • Pre-contractual measures (Art. 6(1)(b)): processing necessary to respond to inquiries and prepare a service proposal at your request.

4. How We Use Your Data

  • To schedule and conduct strategy meetings.
  • To respond to your inquiries and provide information about our services.
  • To understand how our website is used and improve it, using pseudonymised individual-level event data linked to a unique browser identifier. This data is not linked to your name or email address unless you have separately provided those.
  • To comply with applicable legal obligations.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

5. Data Processors and Third Parties

We use a limited number of trusted service providers acting as data processors under written agreements (Art. 28 GDPR):

  • Google Calendar / Google Meet: for scheduling meetings. Governed by Google's data processing terms. Data may be processed outside the EEA under Standard Contractual Clauses.
  • Microsoft Clarity (Microsoft Corporation, USA): we use Microsoft Clarity to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve our services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of content and online activity. Microsoft collects this data on our behalf and does not use it for its own advertising purposes. Data may be transferred outside the EEA under Standard Contractual Clauses. For more information, see the Microsoft Privacy Statement.
  • PostHog, Inc. (USA — EU data residency): we use PostHog to capture structured behavioural event data including page views, clicks, scroll depth, section visibility, and calculator interactions. PostHog stores data on EU-based infrastructure (eu.i.posthog.com), which means your data is not transferred outside the EEA by default. PostHog acts as a data processor under a Data Processing Agreement compliant with Art. 28 GDPR. For more information, see posthog.com/privacy.

    PostHog AI sub-processing: we have enabled PostHog's AI-assisted data analysis features. When these features are used, PostHog may transmit pseudonymised behavioural data (such as event sequences and properties) to third-party AI service providers for the purpose of generating analytical insights. PostHog confirms that this data is not used to train AI models. These AI providers act as sub-processors of PostHog under Art. 28(4) GDPR and are bound by equivalent data protection obligations. Transfers outside the EEA, if any, are covered by Standard Contractual Clauses. You may opt out of this processing by contacting us at contact@evlt.ai.
  • Apollo.io, Inc. (USA): website visitor tracking (script loaded on our pages). Details: apollo.io/privacy-policy.
  • Cloudflare, Inc. (USA): this website is served through Cloudflare's global network, which acts as a reverse proxy and CDN. Cloudflare may process technical data including visitor IP addresses and HTTP request metadata for the purposes of DDoS protection, performance optimisation, and security. Cloudflare is certified under the EU–US Data Privacy Framework and operates under a Data Processing Addendum (DPA) compliant with Art. 28 GDPR. Cloudflare does not use this data for its own commercial purposes. For details, see cloudflare.com/privacypolicy.
  • Email hosting provider: for receiving and sending messages to contact@evlt.ai.

No personal data is transferred to third countries without appropriate safeguards as required by Chapter V GDPR.

6. Retention Periods

  • Meeting and contact data: retained for up to 3 years from the date of last interaction, after which it is permanently deleted.
  • Email correspondence: retained for the duration of the business relationship plus 2 years.
  • Microsoft Clarity session data: retained by Microsoft for up to 30 days for session replay and heatmap purposes, after which it is deleted from Clarity's systems.
  • PostHog event data: individual-level pseudonymous event records are retained for up to 1 year, after which they are automatically deleted by PostHog. We do not retain copies of this data independently.
  • Apollo.io: retention as described in Apollo’s privacy policy at apollo.io/privacy-policy.

7. Your Rights Under GDPR

As a data subject in the European Union, you have the following rights:

  • Right of access (Art. 15): you may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): you may request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): you may request deletion of your personal data where there is no overriding legal basis for retention.
  • Right to restriction (Art. 18): you may request that we limit processing in certain circumstances.
  • Right to data portability (Art. 20): you may request your data in a structured, machine-readable format.
  • Right to object (Art. 21): you may object to processing based on legitimate interests at any time.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at contact@evlt.ai. We will respond within 30 days as required by Art. 12 GDPR.

8. Right to Lodge a Complaint

If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with the competent supervisory authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)

B-dul G-ral. Gheorghe Magheru 28–30, Sector 1, Bucharest, Romania

Website: www.dataprotection.ro

9. Cookies and Behavioural Analytics

This website uses the following categories of cookies:

  • Strictly necessary cookies: required for basic site operation. No consent required.
  • Analytics cookies (Microsoft Clarity): first and third-party cookies used to capture session recordings, heatmaps, scroll and click behaviour. These cookies are set by Microsoft Clarity on our behalf. By continuing to use our site, you agree that we and Microsoft may collect and use this data. You may opt out at any time by contacting us at contact@evlt.ai.
  • Analytics cookies (PostHog): PostHog sets a persistent first-party cookie (ph_<project_key>_posthog) containing a pseudonymous unique browser identifier (distinct_id) and session metadata. This cookie is used to associate behavioural events from the same browser across page loads. It does not contain your name or email address. By continuing to use our site, you agree to this cookie being set. You may delete it at any time via your browser settings, or opt out by contacting us at contact@evlt.ai.
  • Analytics (Apollo.io): Apollo may use cookies or similar storage as part of its website tracker — see their privacy policy. Questions or objections: contact@evlt.ai.

We do not use social media advertising pixels. Other processing is limited to the tools named in this policy.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, or destruction, in accordance with Art. 32 GDPR. All data in transit is encrypted via TLS.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. The date at the top of this page reflects the most recent revision. We encourage you to review it periodically.

12. Contact

For any privacy-related requests or questions, contact Habitmon Digital SRL at: contact@evlt.ai