1. Payment card data — handled entirely by 4CSweb
When you pay for an Evoluut service through this website:
- You are taken to or interact with 4CSweb's hosted payment infrastructure, which is fully PCI DSS (Payment Card Industry Data Security Standard) compliant.
- 4CSweb collects, encrypts, transmits, and processes your full cardholder data on its own secured systems.
- Evoluut receives only the transaction metadata needed to confirm and ship your order — typically a transaction reference, the amount, the status (success/failed), and (where shared) the last four digits of the card and the cardholder name.
- Evoluut does not store, log, transmit, or have technical access to raw card numbers, full PANs, CVV/CVC codes, magnetic stripe data, or PINs.
2. Verifying our payment processor's PCI DSS status
4CSweb's compliance status can be verified through the official Visa and Mastercard service provider registries:
3. Transmission security — SSL/TLS
The entire evoluut.ai website is served over HTTPS with industry-standard TLS encryption. This includes:
- All pages and assets.
- All form submissions (contact form, Website Package onboarding form).
- All API endpoints used by our payment-modal integration with 4CSweb.
You can verify HTTPS at any time by clicking the padlock icon in your browser's address bar. If our certificate is ever invalid or the connection downgrades, your browser will warn you before submitting any sensitive data.
4. Site hosting and infrastructure
The Evoluut website is hosted by Hostinger, an ISO 27001 certified hosting provider with free SSL/TLS certificates via Let's Encrypt and DDoS protection through Cloudflare. HTTPS is enforced site-wide through our .htaccess configuration. Server-side endpoints for payment processing run on Hostinger's PHP infrastructure and never expose credentials to the client.
5. Customer information security
Information you provide directly to Evoluut (name, business name, email, phone, project content) is protected through:
- TLS in transit for all submissions through this website.
- Restricted internal access on a need-to-know basis among Evoluut staff.
- Reputable third-party tools for email and project management (each with their own security and privacy posture).
- Minimum-data principle — we collect only what we need to deliver your project (see our Privacy Policy).
6. Storage and retention
We retain customer records only as long as needed to fulfil your project, meet legal/tax/accounting obligations, and defend against potential disputes. See Privacy Policy — Data Retention for specific retention periods.
7. Incident response
In the unlikely event of a security incident affecting customer data:
- We will contain and assess the incident as quickly as possible.
- If your data is materially affected, we will notify you and any required regulator without undue delay (and within applicable statutory windows).
- For incidents involving cardholder data on 4CSweb's side, 4CSweb's own incident response procedures govern, and we will relay information promptly as we receive it.
- We will document the incident, root cause, and remediation, and apply lessons to our processes.
8. Compliance summary
Evoluut's compliance posture, at a glance:
- PCI DSS — achieved through 4CSweb, our PCI DSS compliant service provider, which handles all cardholder data. Evoluut itself is out of PCI DSS scope by design.
- SSL/TLS encryption — enforced for the entire
evoluut.aidomain. - Hosting — Hostinger (ISO 27001 certified, free SSL/TLS, Cloudflare DDoS protection).
- Jurisdiction — Anguilla, BWI. Disputes governed by Anguillan law (see Terms and Conditions).
9. Reporting a security concern
If you discover a vulnerability, suspected breach, or anything that looks security-relevant on the Evoluut site, please email info@evoluut.ai with subject "Security concern". We will acknowledge within 1 business day and triage promptly.
10. Related policies
11. Contact
For security questions, contact info@evoluut.ai or +1 (264) 772-5886.