Privacy

Privacy notice.

Evercred collects, stores, and processes credential data for practitioners and the practices that hire them. This page is the high-level summary; a full policy with vendor-specific detail is available on request.

⚠ Draft. Plain-English summary below. A full legal policy is in progress with counsel. Email legal@evercred.com for the current vendor-questionnaire-ready version.
What we collect

What Evercred collects.

When a practitioner builds a credential wallet, we collect the credential records they upload (medical licenses, board certifications, DEA registrations, malpractice coverage, CME, etc.) plus the metadata required to verify them at the primary source. When a practice uses Evercred, we collect the practice's roster, the credential packets shared with it, and the audit log of who viewed what.

We do not sell credential data, and we do not share it with third parties beyond the subprocessors required to operate the platform (cloud infrastructure, document storage, transactional email, payments, AI inference, analytics). See the trust page for the subprocessor-list request process.

On our marketing site (www.evercred.com), once you interact with a CTA we use a third-party B2B visitor-identification service that may recognize the business associated with your network and, where available through its identity network, your professional profile. This is used for sales follow-up, is limited to the marketing site (never the authenticated app at app.evercred.com or ai.evercred.com), and is not joined to credential data.

How we use it

How we use it.

Credential data is used to: verify the credential at the primary source; share scoped, time-bound credential packets with practices the practitioner approves; track expiration and alert ahead of renewals; produce the audit trail every practice and practitioner can review. We use aggregated, de-identified data to improve verification quality and platform reliability.

Your rights

Your rights.

Practitioners can export their wallet to PDF and structured data, revoke any active credential share, and delete their account at any time. Practices can export their credential roster and audit logs. We respond to standard data-subject requests (access, deletion, portability) within 30 days. For HIPAA-covered entities, BAAs are available on request.

Privacy questions or data-subject requests: legal@evercred.com. Security and vendor questionnaires: it@evercred.com.