Data Privacy and Processing Statement

EverMap Plug-ins for Adobe® Acrobat®

Your data stays under your control—secure, private, and local.

The Software does not collect, store, process, transmit, or share any user data outside of the user’s local computer environment. All data remains under the sole control of the user at all times.
All data processing is performed locally on the user’s computer. The Software operates entirely on-premises and does not rely on any external systems or third-party services for processing.
No cloud infrastructure or remote servers are used by the Software. There is no cloud storage, cloud computing, or server-side processing involved in any functionality.
At no time does EverMap have access to, visibility into, or control over any user data, documents, files, or content processed by the Software.
All data remains exclusively within the user’s local computing environment and under the user’s sole ownership and control.
The Software does not communicate with EverMap servers (or any other external servers) for any purpose, including telemetry, analytics, monitoring, updates, or data collection.
The Software can be operated in a fully disconnected environment with zero network connectivity, provided that optional email-sending functionality is not required.

Plug-ins that are offering optional file emailing functionality (AutoMailMerge and AutoDocMail) do not require access to the user’s email system for reading, monitoring, or storing emails. It provides email-sending functionality only by leveraging: a locally installed copy of Microsoft Outlook, MAPI-compatible email clients, or a user-supplied SMTP server. Email functionality is entirely optional and is initiated solely by the user. The Software does not independently access, intercept, or retain email content.
The Software does NOT perform automated analysis to collect, monitor, analyze, or extract any user data, documents, files, or content. All processing remains entirely local to the user’s computer and under the user’s sole control.

The Software is developed in the United States of America. Use of the Software and these data privacy and processing statements are governed by and construed in accordance with the laws of the State of Delaware, USA, without regard to its conflict-of-laws principles.
The Software is designed and architected to support customers’ compliance obligations under applicable data protection and privacy regulations, including the EU General Data Protection Regulation (GDPR), by ensuring that all data remains under the customer’s exclusive control and is processed entirely within the customer’s local environment.

The Software is developed following industry-recognized information security and privacy best practices, aligned with principles defined in standards such as ISO/IEC 27001 and ISO/IEC 27002, including data minimization, access control, and local-only processing.
The Software is developed following industry-recognized secure coding practices to minimize vulnerabilities and maintain reliability.
All code is subject to internal peer reviews and testing before release, including functional, security, and regression testing.
Development follows a version-controlled workflow, ensuring that changes are tracked, documented, and auditable.
Static and dynamic analysis tools are used where applicable to detect potential security issues during development.
Security patches, updates, and bug fixes are tested locally before release to ensure they do not introduce regressions or compromise user data security.
The Software is maintained under change management procedures that track modifications and ensure accountability throughout the development lifecycle.
As part of the Software development lifecycle, static application security testing (SAST) is performed using automated tools to identify and remediate potential security vulnerabilities in the source code prior to release. No user data is accessed during these tests, and all testing is performed within the secure development environment.

The development process is designed to prevent unauthorized access to source code and sensitive configuration information.
Access to source code, development computers, and other systems used in the Software development lifecycle is restricted to authorized personnel only. Physical access controls are employed to prevent unauthorized access. Development workstations are monitored, and sensitive information is stored in controlled environments to ensure the integrity and confidentiality of the Software and its source code.