This Privacy Policy explains how Evidexa collects, uses, stores, shares and protects personal data when you use our website and our independent technical review services. We are committed to processing your data lawfully, fairly and transparently in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable national data protection law.
Contents
1Data we collect
We collect only the data needed to review your case and deliver a response. Depending on how you use the service, this may include:
- Identity and contact data — your full name and email address.
- Case data — your country, preferred response language, case category, selected package, your description of the problem, what has already been done, what the other party says, the result you want, and the event date.
- Submitted materials — photos, videos, documents, invoices, service records, diagnostic reports, contracts, warranty documents and correspondence you choose to upload. These may contain personal data about you or third parties, and in some cases special category data (for example, health information in a damage claim). See section 4.
- Payment data — payments are processed by Stripe. We receive confirmation of payment and limited transaction metadata, but we do not receive or store your full card number. See section 5.
- Technical data — limited information such as your browser type and interactions needed to operate the website securely. Our site uses minimal local storage (for your language preference) rather than tracking cookies. See section 10 and our Cookie Policy.
2How we use your data
We use your personal data to:
- assess whether your case is suitable for our service and which package fits;
- carry out the independent technical review and prepare your response, assessment or report;
- communicate with you about your case, including requesting additional materials;
- process your payment and issue confirmation;
- deliver your response or report by email;
- keep records required for accounting, tax and legal compliance;
- protect the security and integrity of our service and prevent misuse or fraud.
We do not use your data for automated decision-making that produces legal or similarly significant effects, and we do not sell your data.
3Lawful bases for processing
We rely on the following lawful bases under Article 6 GDPR:
| Purpose | Lawful basis |
|---|---|
| Providing the review you requested and delivering the response | Performance of a contract (Art. 6(1)(b)) |
| Processing payment and keeping accounting records | Contract and legal obligation (Art. 6(1)(b), (c)) |
| Securing the service and preventing misuse | Legitimate interests (Art. 6(1)(f)) |
| Any optional communications you opt into | Consent (Art. 6(1)(a)) |
Where your materials contain special category data (Art. 9 GDPR), we process it only as far as necessary to review the case you submitted, on the basis that you have made the data available to us for that purpose and, where required, with your explicit consent, or for the establishment, exercise or defence of legal claims.
4Uploaded materials and third-party data
Our service depends on the materials you submit. Please note:
- You should upload only materials you are entitled to share. If your materials contain personal data about other people (for example, the other party to a dispute), you are responsible for ensuring you have a lawful basis to share that data with us for the purpose of your review.
- Where possible, remove or redact personal data that is not relevant to your case before uploading.
- We treat all submitted materials as confidential and use them only to review your case and prepare your response.
5Sharing and processors
We do not sell your personal data. We share it only with service providers ("processors") who help us operate, and only to the extent necessary. Current processors include:
| Processor | Purpose | Data involved |
|---|---|---|
| Stripe | Payment processing | Name, email, payment and transaction data |
| FormSubmit | Delivery of your case submission to us by email | Form field data you submit |
| Hosting / infrastructure provider Cloudflare | Website hosting and file storage | Technical data and submitted materials |
| Email provider Google (Gmail), delivered via FormSubmit | Case correspondence and delivery of your response | Name, email, case content |
Each processor is bound by a data processing agreement requiring appropriate security and restricting use of your data to our instructions. We may also disclose data where required by law or to establish, exercise or defend legal claims.
6International transfers
Some of our processors may store or process data outside the European Economic Area (EEA). Where this happens, we ensure an adequate level of protection through mechanisms recognised under the GDPR, such as an adequacy decision or the European Commission's Standard Contractual Clauses. You may request more information about the safeguards applied.
7Data retention
We keep your personal data only as long as necessary for the purposes described in this policy:
- Case data and materials — retained for the duration of your case and for a limited period afterwards to handle follow-up questions and possible disputes, then deleted or anonymised. Target retention: 12 months after delivery, unless a longer period is required by law or you ask us to keep them.
- Payment and accounting records — retained for the period required by applicable tax and accounting law (typically up to 7 years).
You may ask us to delete your materials earlier; see section 9.
8Security
We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss or disclosure, including encryption in transit, access controls and limiting who can view your materials. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and the relevant supervisory authority of any breach where required by law.
9Your rights
Under the GDPR you have the right to:
- Access — obtain a copy of the personal data we hold about you;
- Rectification — correct inaccurate or incomplete data;
- Erasure — ask us to delete your data ("right to be forgotten"), subject to legal retention obligations;
- Restriction — ask us to limit how we use your data;
- Portability — receive certain data in a structured, machine-readable format;
- Object — object to processing based on legitimate interests;
- Withdraw consent — where processing is based on consent, at any time, without affecting prior processing.
To exercise any right, contact us through email at dmitrijarvala@gmail.com. We will respond within one month, as required by the GDPR. We may need to verify your identity first.
10Cookies and local storage
Our website does not use advertising or tracking cookies. We use minimal browser local storage to remember your chosen language, and our payment provider may set cookies necessary to process payments securely. See our Cookie Policy for details.
11Children
Our service is intended for adults and is not directed at children. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
12Changes to this policy
We may update this Privacy Policy from time to time. The version and effective date at the top of this page indicate when it was last revised. Material changes will be communicated where appropriate.
13Complaints
If you have concerns about how we handle your data, we encourage you to contact us first. You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU country of your residence or workplace. In Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).