Terms of Service
Version 2.2 · Effective May 21, 2026
The contract between you and Evenhand. Covers acceptable use, payment terms, IP, disclaimers, liability, and dispute resolution.
Trust Center
Evenhand Trust Center.
Evenhand is a deal management platform for small business M&A. Brokers, buyers, sellers, and the service providers on a deal use it to compare offers, run a quality of earnings analysis, and close. The Trust Center is where the legal, privacy, security, and sub-processor disclosures backing that platform live.
Evenhand is offered exclusively in the United States. Last update to any document on this page: May 21, 2026.
Legal agreements.
The four documents that govern your use of Evenhand. Every URL listed here is canonical — the documents reference each other by these paths and will continue to resolve here.
Privacy Policy
Version 2.2 · Effective May 21, 2026
What we collect, why we collect it, who we share it with, how long we keep it, and how to exercise your privacy rights.
Acceptable Use Policy
Version 1.1 · Effective May 21, 2026
Conduct rules for using Evenhand — what you may not upload, integrity violations that get you suspended, and how to report misconduct.
Data Processing Addendum
Version 1.1 · Effective May 21, 2026
Template B2B addendum for Brokerage customers. Sets out Evenhand's Service Provider / Processor obligations under CCPA, VCDPA, and the other state privacy laws.
Sub-processors.
Evenhand uses 13 sub-processors to deliver the platform — authentication, database, application hosting, AI-assisted document extraction, payments, transactional email, error tracking, product analytics, edge security, e-signature, and uptime monitoring. Each is bound by a written agreement that imposes data-protection obligations substantially equivalent to those Evenhand owes its customers.
We post at least thirty (30) days' prior notice before adding or replacing a sub-processor. A subscription form for those notifications will be available on the sub-processor page; customers with an executed Data Processing Addendum also receive notice by email.
Security disclosures.
- Encryption
- All client–server and inter-service traffic uses TLS 1.2 or higher. Database storage and backups are encrypted at rest. OAuth refresh tokens for calendar, accounting, and document-storage integrations are encrypted with AES-256-GCM and key material held outside the database.
- Audit log
- Significant actions write to an append-only, cryptographically hash-chained audit log. Audit entries cannot be modified or deleted by any user — including Brokerage Administrators and Brokerage Managers.
- Row-level security
- Multi-tenant isolation is enforced at the database layer via Postgres row-level security. Every cross-tenant access path is exercised by a continuous-integration probe suite that runs on every code change; a regression blocks merge.
- Production access
- Administrative access to production systems requires multi-factor authentication. Least-privilege access, automated revocation on role change, and signed-commit policies apply across the engineering organization.
Contact channels.
| Purpose | Address |
|---|---|
| General support | support@evenhandhq.com |
| Legal questions | legal@evenhandhq.com |
| Security vulnerabilities | security@evenhandhq.com |
| Integrity / fraud reports | integrity@evenhandhq.com |
| Abuse / content reports | abuse@evenhandhq.com |
| Data protection (privacy requests) | legal@evenhandhq.com |