Privacy Policy

Last Updated: February 8, 2026

1. Introduction

Evokore ("we," "us," or "our") operates the website at evokore.com. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data. By using Evokore, you agree to the practices described here.

2. Information We Collect

2.1 Account Information

When you create an account or sign in via a third-party provider (Google or GitHub), we receive and store:

  • Email address
  • Display name (if provided by the OAuth provider)
  • Profile avatar URL (if provided by the OAuth provider)
  • OAuth provider identifier (we never receive or store your password from third-party providers)

2.2 User-Submitted Content

When you submit a prompt, we store the prompt title, content, description, category, and source information you provide. Submissions are associated with your account if you are signed in, or with your IP address if you are not.

2.3 Automatically Collected Data

We automatically collect:

  • IP address (provided by Cloudflare; used for rate limiting and abuse prevention)
  • User agent string (browser type and version)
  • Pages visited and interaction data (via Cloudflare Web Analytics — no cookies used)

2.4 Cookies and Local Storage

Evokore uses no tracking cookies. We use browser localStorage solely to persist your theme preference (dark, light, or terminal) and authentication session tokens managed by Supabase Auth. Session data in sessionStorage is used to preserve form drafts.

3. How We Use Your Information

  • Authentication: To create and manage your account, and to identify your submissions.
  • Content moderation: Submitted prompts are processed through AI moderation (Google Gemini) to assess quality and safety before publication.
  • Vector embeddings: Published prompt content is converted into vector embeddings for semantic search. These derived representations are not reversible to personal data.
  • Rate limiting: IP addresses are used to enforce submission quotas and prevent abuse.
  • Service improvement: Aggregated, anonymized usage patterns help us improve the platform.

4. OAuth Provider Data (Limited Use)

When you sign in via Google or GitHub, we request only the minimum scopes necessary for authentication (typically email and basic profile). We:

  • Do not access your contacts, files, repositories, or other account data
  • Do not post on your behalf or modify your third-party accounts
  • Do not sell, lease, or share your OAuth data with any third party
  • Use your OAuth data only for authenticating you on Evokore

This complies with Google's Limited Use requirements.

5. Third-Party Services

We use the following third-party services to operate Evokore:

  • Supabase (authentication, database, storage) — Privacy Policy
  • Cloudflare (CDN, DNS, DDoS protection, analytics) — Privacy Policy
  • Google Gemini API (content moderation only — no user data is sent, only prompt text)

We do not use any advertising networks or sell data to data brokers.

6. Data Retention

  • Account data: Retained until you delete your account.
  • Submitted prompts: Retained until you request deletion or delete your account. Published prompts that have been anonymized may remain in the database without attribution.
  • IP addresses: Stored in submission records for abuse prevention. Purged after 90 days for submissions that were rejected.
  • Analytics: Cloudflare Web Analytics retains aggregated data; no personal identifiers are stored.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Delete your account and associated data (see our Data Deletion page)
  • Export your data in a portable format
  • Withdraw consent for optional processing at any time

To exercise any of these rights, email us at support@evokore.com. We will respond within 30 days.

8. Data Security

We implement industry-standard security measures including: encrypted connections (TLS 1.3), Row-Level Security (RLS) on all database tables, Cloudflare WAF and rate limiting, server-side input validation, and AI-powered content moderation. No system is 100% secure, and we encourage responsible disclosure of vulnerabilities to support@evokore.com.

9. Children's Privacy

Evokore is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@evokore.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via a notice on the site. Continued use after changes constitutes acceptance.

11. Contact

For privacy-related questions or requests: support@evokore.com

For data deletion requests: deletion@evokore.com or use the self-service deletion page.