Data minimisation
Products should request only information needed to provide the service, operate safely or meet a legitimate business requirement.
Privacy
Privacy is treated as a product and engineering responsibility. Data collection should be proportionate, transparent and limited to a defined purpose.
Core approach
Products should request only information needed to provide the service, operate safely or meet a legitimate business requirement.
Users should be able to understand why information is requested and how it supports the relevant product or workflow.
Access to personal or commercially sensitive information should be limited by role, operational need and appropriate authentication controls.
Information should not be retained indefinitely without a clear operational, legal or contractual reason.
External services and integrations should be selected with attention to the information they receive and the function they perform.
Suspected exposure, misuse or unexpected access should be investigated, contained and documented promptly.
Website enquiries
When someone contacts EVENAI by email, the information supplied is used to understand and respond to the enquiry. Sensitive information should not be sent unless it is necessary and an appropriate handling method has been agreed.