Last update: May 11th, 2023
Personal information we collect
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number. We refer to this information as “Order Information”.
How do we use your personal information?
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
We also use the Device Information that we collect to do advertising and remarketing.
Sharing you personal Information
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Do not track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
If you are a resident of the European Union (EU) or the United States, you may have certain rights regarding your personal data, in accordance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). These rights include:
- Right to Access: You have the right to request access to the personal information we hold about you and to obtain a copy of that information.
- Right to Rectification: You have the right to request the correction or amendment of any personal information that is inaccurate or incomplete.
- Right to Erasure: You have the right to request the deletion of your personal information, under certain circumstances.
- Right to Restrict or Object to Processing: You have the right to request restrictions on or object to the processing of your personal information, under certain circumstances.
To exercise any of these rights, please contact us using the contact information provided below.
If you are a resident of the EU, please note that we process your information to fulfill any contracts we may have with you (for example, if you place an order through the Site) or for our legitimate business interests as stated above. Additionally, please be aware that your information may be transferred to countries outside of the EU, including Canada and the United States.
EvolaClass will retain personal information for as long as needed to provide Service to our customers, subject to our compliance with this Policy. We may further retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Please note that we may require additional information from you to verify your identity and process your request. We will respond to your request within the timeframes required by applicable privacy laws.
The Site is not intended for individuals under the age of 18.
Last update: May 11 2023
EvolaClass is a product and service developed by PenPower Inc (hereafter PenPower). It utilizes PenPower's security mechanisms to protect user data. Please read the following information to understand the service security provided by PenPower:
Thank you for using the products and services provided by PenPower Inc. We understand the importance of data security and privacy to you. We are committed to providing a reliable and secure cloud environment, applications, and services. The purpose of this page is to explain how PenPower protects user data security.
PenPower conducts regular security checks, including monitoring suspicious activities in the infrastructure, assessing company data security risks, updating security models, and resolving security issues. Through these management processes, PenPower ensures that security controls can continuously meet the information security requirements arising from the company's growth.
2. Network Security
PenPower uses load balancing equipment, firewalls, and VPN to define network data, control PenPower's publicly accessible services on the internet, and differentiate between production environments and other computing infrastructures. We strictly monitor the infrastructure of the production environment and restrict data access to protect data and network security. The firewall used in applications and cloud deployments acts as a perimeter firewall to intercept ports and protocols, protect software from attacks, and prevent the loss of important user data.
3. Account Security
EvolaClass accounts require a password with a minimum length of 8 characters. We recommend setting a complex password that is different from the passwords used for any other websites or online services. The password should include both letters and numbers. We never store your password as a plain text file.
4. Email Security
EvolaClass uses multiple email domains, each serving different purposes, such as sending system notifications, communicating with users, or sharing marketing information.
5. Product Security
PenPower conducts in-depth analysis and checks on the security and privacy of system or product functionalities and code. Before deploying to the production environment, we store the code in a Git version control database and evaluate it in a testing environment.
Our development team is responsible for improving the security of the code and regularly assessing our applications and services for common security issues, including CSRF, injection attacks (XSS, SQLi), session management, URL redirection, and clickjacking. Our services use OAuth to authenticate all third-party client applications. When you connect a third-party application to your account, you can do so without providing your login credentials to that application. Once you have successfully authorized PenPower's service, we provide client authorization credentials to verify your subsequent access permissions. As a result, third-party applications no longer need to store your account and password on their devices.
6. Information Retention and Deletion
Unless you intentionally delete files or remove the application from your device without backup, PenPower will retain the files and contents stored within the application. For instructions on how to delete files, please follow the instructions within the application. If you store files in EvolaClass Cloud, unless you deliberately delete the files or request PenPower customer service to delete your EvolaClass/PenPower account, the files stored in the free 500MB cloud storage will continue to be retained in the cloud. If you subscribe to PenPower's services and obtain cloud storage space as part of the subscription plan, and subsequently stop the subscription, PenPower may decide to delete or remove any or all files stored in EvolaClass Cloud after a grace period of 60 days from the end of the subscription. For information on subscription expiration policies, please refer to our terms of service under the heading "Subscription Expiration."
If you wish to delete or deactivate your EvolaClass account, you can contact our customer service team through https://www.evolaclass.com/en/docuink. Please note that once you delete your EvolaClass account, the files stored in EvolaClass Cloud will be permanently deleted.
7. Customer Data Security
The PenPower servers are built on the foundation of Google Cloud Platform (GCP). GCP services are trusted in the industry, and detailed explanations of security measures are provided. You can find more information at the following links:
8. Access Authorization
We understand that the data you store in PenPower services is private and confidential. We strictly control access to internal data to ensure the security and confidentiality of your data. Except for authorized developers, the rest of the PenPower team does not have access to the database. Only authorized developers are allowed to access the data when resolving customer-related issues or optimizing system performance.
9. Activity Logs
We store records of interactions between customers and us on the server side, including accesses to web servers or applications and activity logs through APIs. You can inquire with customer service about the recent access times linked to your account in various applications.
10. System Monitoring and Alerts
PenPower collects and stores logs of production environment servers to analyze and monitor the security status of the production environment's infrastructure. We store these logs in a separate network and establish indexes for them.
11. Encryption in Transit
PenPower encrypts all data at rest and in transit within its servers to ensure continuous protection of user data. We use TLS v1.2 to secure the data and AES-256 for encrypting data in transit. User passwords are processed using hashing functions. We leverage the technologies provided by Google Cloud Platform (GCP) to ensure a high level of protection for user data over the network.
We regularly back up user data on the GCP network, with daily backups of all data. The backup data is encrypted and distributed to multiple locations, and it is retained for 30 days. We have a data recovery plan in place that is executed daily.
13. Physical Security Measures
PenPower's systems and user data are hosted on the GCP network and are tightly protected. Google data centers adhere to high standards and follow industry best practices for physical security controls to prevent any system failures and maintain the ability for data center recovery.
For more information about GCP data centers, please refer to the following link:
14. Privacy and Regulatory Compliance