Privacy Policy

Effective Date: Effective April 2026

Introduction & Scope

This Privacy Policy ("Policy") is published by National Evermore Services ("NES," "we," "us," or "our") and governs the collection, use, storage, sharing, and protection of personal information obtained through the NES website at evermoreaudits.com, the NES Client Portal, the NES Auditor Portal, and all related digital services, tools, reports, and integrations (collectively, the "Services").


This Policy applies to all visitors, clients, portal users, auditors, employees, contractors, and any individual whose personal information is processed in connection with the Services. By accessing or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, you must discontinue use of the Services.


This Policy is incorporated by reference into the NES Terms of Service. In the event of a conflict between this Policy and a separately executed data processing agreement or client contract, the separately executed agreement shall control.

Information We Collect

NES collects personal information across four categories:


1. Account & Identity Data

Information you or your organization provides to establish and manage portal access, including: full name, business email address, username, role or title, employer or client organization name, mobile phone number (if provided for SMS authentication), login credentials, and account preferences.


2. Audit & Operational Data

Information generated through or uploaded to NES services in connection with food-safety auditing, compliance, and corrective action activities, including: audit inspection findings, violation records, audit scores, corrective action plan (CAP) submissions and approvals, uploaded documents and reports, store and facility location data, inspection histories, and notes or comments entered by auditors or client personnel.


3. Technical & Device Data

Information collected automatically when you access the Services, including: Internet Protocol (IP) address, browser type and version, operating system, device identifiers, referring URL, session tokens, and timestamps of access events.


4. Behavioral & Activity Data

Within the authenticated portal environment (not on public-facing pages), NES collects session activity data for the purposes of platform security, fraud detection, and service improvement. This includes: pages visited, time spent on each page, click and navigation patterns, portal feature usage, form interaction data, and session anomaly signals (including patterns such as repeated failed interactions). This data is used solely for internal operational purposes and is never used for advertising or sold to third parties.

How We Use Your Information

NES uses collected information for the following purposes:


  • Providing, operating, maintaining, and improving the Services
  • Generating, delivering, and storing audit reports, corrective action plans, and compliance records
  • Authenticating users, managing access controls, and enforcing role-based permissions
  • Detecting and preventing unauthorized access, fraud, abuse, and security threats
  • Sending transactional communications including account notifications, security alerts, system updates, and audit-related notifications
  • Performing internal quality control, audit calibration, and service analytics
  • Fulfilling contractual obligations to clients and service agreements
  • Complying with applicable laws, regulations, legal process, and governmental requests
  • Protecting the rights, safety, and property of NES, its clients, users, and the public
  • Investigating and resolving disputes, support requests, and reported incidents
  • Improving NES systems, interfaces, and audit methodologies based on aggregated usage patterns

NES does not use personal information for advertising, behavioral profiling for marketing purposes, or sale to third parties under any circumstances.

Legal Basis for Processing

NES processes personal information on the following legal grounds:


  • Contract Performance: Processing necessary to deliver services under an executed service agreement or accepted Terms of Service
  • Legitimate Interests: Processing necessary for fraud prevention, system security, platform improvement, and protection of NES and its clients, provided such interests are not overridden by individual rights
  • Legal Obligation: Processing required to comply with applicable laws, regulations, subpoenas, court orders, or regulatory requirements
  • Consent: Processing of SMS/phone data and optional features (such as AI-enhanced tools) where affirmative opt-in consent has been provided. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

Third-Party Service Providers

NES engages the following third-party service providers to operate its platform. Each provider receives only the data necessary to perform their specific function and is contractually obligated to maintain data protection standards consistent with applicable law. NES does not authorize any service provider to use personal data for their own independent purposes.


Provider Purpose Data Shared
Cloudflare, Inc. Content delivery network, DDoS protection, traffic routing IP address, request metadata, browser headers
GoDaddy Operating Co., LLC Web hosting infrastructure and server environment All data processed on NES servers
Microsoft Corporation (SharePoint / Azure) Secure cloud storage for audit files and reports Uploaded audit files, reports, and associated metadata
SafetyCulture Pty Ltd (iAuditor) Audit data source and field inspection integration Inspection scores, audit findings, visit data
Twilio Inc. SMS delivery for authentication (2FA and password reset) Mobile phone number and message content
Google LLC / Microsoft Corporation Optional OAuth single sign-on authentication Email address and display name (only if SSO is enabled by the user)
Anthropic PBC Optional AI-powered Audit Note Enhancement feature Audit observation text only, when feature is actively used by the user

NES does not sell, rent, or trade personal information to any third party for commercial purposes.


NES may also disclose information to professional advisors (attorneys, accountants, insurers) under confidentiality obligations, or to a successor entity in the event of a merger, acquisition, or asset sale, with notice to affected users as required by law.

Artificial Intelligence Features

NES offers an optional Audit Note Enhancement feature powered by Anthropic's Claude AI ("AI Feature"). Use of this feature is strictly opt-in. The following terms govern NES's use of AI in connection with the Services:


  • When the AI Feature is enabled and used, audit observation text is transmitted to Anthropic's API for processing and enhancement
  • Only audit observation text is shared with Anthropic — no personally identifiable information (PII) such as names, email addresses, or contact data is included in AI processing requests
  • AI-generated output is advisory only and does not constitute a guarantee of accuracy, completeness, or regulatory compliance
  • Users are solely responsible for reviewing and validating AI-enhanced content before use in official reports or communications
  • Anthropic's processing of transmitted data is governed by Anthropic's own privacy policy and data use terms
  • NES does not use content submitted through the AI Feature to train NES's own models or to improve AI models operated by third parties
  • The AI Feature may be disabled at any time. Disabling it does not affect any other portal functionality.

Cookies & Tracking Technologies

NES uses cookies and similar session technologies to operate and secure the Services. The following types of cookies are used:


  • Authentication Cookies: Required to maintain your logged-in session and verify your identity across portal pages. Without these cookies, portal access is not possible.
  • Security Cookies: Used to detect and prevent unauthorized access, session hijacking, and cross-site request forgery (CSRF) attacks. These are required for system security.
  • Session Activity Cookies: Used within the authenticated portal to record feature usage and navigation patterns for platform improvement and anomaly detection. These are not used on public-facing pages.

NES does not use advertising cookies, tracking pixels, or third-party marketing trackers of any kind. NES does not participate in cross-site behavioral advertising networks.


Disabling cookies in your browser will prevent portal login and may significantly impair portal functionality. Cookie preferences set through browser tools are respected for non-essential cookies where technically feasible.


NES does not respond to browser "Do Not Track" (DNT) signals at this time, as no universally accepted standard for DNT compliance has been established. This disclosure is made in accordance with California law.

Data Retention

NES retains personal and operational data according to the following schedule:


  • Active Cloud Storage: Data is retained on NES cloud infrastructure for a period of five (5) years from the date of collection or last active use, whichever is later.
  • Offline Backup Storage: Data is retained in secure offline or physical backup media for an additional five (5) years beyond the active cloud retention period, for a total retention period of up to ten (10) years.
  • Backup Access: Data stored in offline backup is available upon written request. NES will make reasonable efforts to fulfill verified backup data requests within thirty (30) business days.
  • Client-Specific Terms: Retention periods may be modified by client-specific service agreements. Where a service agreement specifies a different retention schedule, that schedule governs.
  • Legal Holds: Data subject to an active legal hold, regulatory investigation, audit, litigation, or court order will be retained for the duration of such obligation regardless of standard retention schedules.
  • Deletion Requests: Clients may request deletion of data not subject to legal hold or regulatory retention requirements. NES will confirm completed deletion in writing within thirty (30) business days of a verified deletion request.

Data Security

NES implements a comprehensive set of administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. Security measures include:


  • Transport Layer Security (TLS) encryption for all data transmitted between users and NES systems
  • Role-based access control (RBAC) and principle of least privilege for all portal users and internal personnel
  • Multi-factor authentication options including SMS-based one-time passwords (OTP)
  • Comprehensive audit logging of authentication events, access attempts, data exports, and administrative actions
  • Session management controls including idle timeout, absolute session lifetime, IP binding, and user-agent binding
  • IP-based threat detection, rate limiting, and automated blocking of suspicious activity patterns
  • CSRF (cross-site request forgery) protection on all authenticated API endpoints
  • HTTP security headers including HSTS, Content Security Policy, and Permissions Policy
  • MIME-type validation for all file uploads
  • Regular internal security reviews and vulnerability assessments
  • Separation of web-accessible and non-web-accessible server environments

Despite these measures, no information security system can guarantee complete protection. Users are responsible for maintaining the confidentiality of their login credentials and for reporting any suspected unauthorized access to assist@evermoreaudits.com immediately.

Your Rights & Privacy Choices

Rights Available to All Users

All users of NES Services have the right to:

  • Request access to the personal information NES holds about them
  • Request correction of inaccurate or incomplete personal information
  • Request deletion of personal information, subject to legal, contractual, and regulatory retention obligations
  • Request portability of personal information in a structured, machine-readable format where technically feasible
  • Withdraw consent for optional features (such as SMS and AI tools) without affecting other services
  • Lodge a complaint with NES regarding data handling practices

California Residents — CCPA / CPRA Rights

California residents have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected, the purposes of collection, and the categories of third parties with whom information is shared
  • Right to Delete: Request deletion of personal information, subject to exceptions including legal obligations, contractual requirements, security purposes, and internal operational needs
  • Right to Correct: Request correction of inaccurate personal information in NES's records
  • Right to Opt-Out of Sale: NES does not sell personal information. No opt-out is required, but this right is acknowledged.
  • Right to Limit Use of Sensitive Personal Information: NES does not use sensitive personal information (as defined under CPRA) for purposes beyond those permitted by law
  • Right to Non-Discrimination: NES will not discriminate against any user for exercising their CCPA/CPRA rights

California residents may submit requests by emailing assist@evermoreaudits.com. NES will verify your identity and respond within forty-five (45) days. Requests may be extended by an additional forty-five (45) days with notice.


Other U.S. State Residents

NES honors comparable privacy rights for residents of states with enacted consumer privacy laws, including Virginia (VCDPA), Colorado (CPA), Texas (TDPSA), Connecticut (CTDPA), and similar statutes. Residents of these states may exercise equivalent rights by contacting assist@evermoreaudits.com with their state of residence.

Data Breach Notification

In the event of a confirmed security incident resulting in unauthorized access to, disclosure of, or destruction of personal information, NES will:


  • Notify affected clients within seventy-two (72) hours of confirming the breach, or as soon as reasonably practicable
  • Provide notice including: a description of the nature of the incident, the categories and approximate volume of records affected, the likely consequences of the breach, and the measures NES has taken or proposes to take to address the breach and mitigate its effects
  • Cooperate with applicable state and federal regulatory reporting obligations
  • Notify affected individual users where required by applicable breach notification law

NES maintains an incident response plan and conducts internal security reviews to minimize the risk and impact of potential breaches.

Children's Privacy

The NES Services are not directed to, and NES does not knowingly collect personal information from, individuals under the age of eighteen (18). If NES becomes aware that personal information of a minor has been collected without appropriate consent, NES will take prompt steps to delete such information. If you believe a minor's information has been submitted to NES, please contact assist@evermoreaudits.com immediately.

International Users & Future Expansion

NES currently serves clients and users in the United States and its territories, including Puerto Rico. All data collected through the Services is processed and stored on servers located within the United States.


NES intends to expand its services internationally in the future. Prior to offering services in jurisdictions covered by the European General Data Protection Regulation (GDPR), the United Kingdom GDPR, or other international data protection frameworks, NES will implement appropriate legal transfer mechanisms (including Standard Contractual Clauses where required) and update this Policy accordingly. Users in international jurisdictions will be notified prior to any expansion of service to their region.

Law Enforcement & Legal Process

NES may disclose personal information to government authorities, law enforcement agencies, regulatory bodies, or other third parties where required or permitted by law, including in response to a valid subpoena, court order, search warrant, regulatory demand, or other lawful legal process.


Where legally permitted to do so, NES will notify affected users or clients prior to complying with a governmental request, unless such notification is prohibited by law, would obstruct a lawful investigation, or would pose a risk to the safety of any person. NES may challenge legal process it believes to be overbroad, improper, or inconsistent with applicable law.


NES may also disclose information without legal process where NES reasonably believes such disclosure is necessary to protect the safety, rights, or property of NES, its clients, users, or the public, or to detect and prevent fraud, security incidents, or unlawful activity.

SMS Communications

NES may collect and use your mobile phone number for account security and authentication purposes when you are invited to access the Evermore Portal. Users opt in to receive SMS messages by providing their mobile phone number during the portal invitation and account activation process. SMS consent is collected directly from the user and is not obtained from third parties.


SMS messages are strictly transactional and limited to security-related notifications such as:

  • Two-factor authentication (2FA) verification codes
  • Password reset verification codes

Messages are sent only in response to a user-initiated request. Message frequency varies based on account activity and is not recurring. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages.


You may opt out of SMS communications at any time by replying STOP. For assistance, reply HELP or contact our support team at assist@evermoreaudits.com or through our website contact page.


NES does not send marketing or promotional SMS messages. Mobile phone numbers collected for authentication are used solely for account security purposes and are never sold or shared with third parties for advertising or marketing. Consent to receive SMS messages is not a condition of purchasing services.

Policy Updates

NES reserves the right to update or modify this Privacy Policy at any time. For material changes — meaning changes that substantially affect your rights or how NES processes your personal information — NES will provide at least thirty (30) days' advance notice by email to portal users and/or by posting a prominent notice on the portal login screen, where reasonably practicable.


Non-material changes (such as clarifications, formatting updates, or corrections) may be made without advance notice. The effective date at the top of this Policy reflects the date of the most recent update. Your continued use of the Services following the effective date of any revised Policy constitutes your acceptance of the updated terms.


We encourage you to review this Policy periodically. Prior versions of this Policy are available upon request.

Contact & Privacy Requests

For questions, concerns, or requests regarding this Privacy Policy, your personal information, or your privacy rights, please contact us:


National Evermore Services
Privacy & Data Inquiries
Email: assist@evermoreaudits.com


NES will acknowledge receipt of verified privacy requests within five (5) business days and will respond substantively within the timeframes required by applicable law (generally forty-five (45) days, with a possible extension of an additional forty-five (45) days for complex requests). Requests submitted by email should include your full name, the email address associated with your NES account, and a description of your request. NES may require additional verification to confirm your identity before processing sensitive requests.

Reset your password

Select how you'd like to reset your password:

Enter your account email to receive a verification code:

Enter your phone number to receive a verification code:

Enter the 6-digit verification code we just sent you:

Password Updated

Your password has been successfully changed. You can now log in with your new password.