top of page

Privacy Policy

Last Updated: 14 March 2026
1. Controller

Company: evaluoi.ai

Email: hello@evaluoi.ai

Data Protection Officer: kaisa@evaluoi.ai

2. Data We Collect

We collect the following categories of personal data when you use our Service:

Account Information

  • Email address

  • Display name

  • Password (hashed)

Measurement Data

  • Goals, constructs, and metrics you create

  • Responses submitted by you or participants

  • Triangulation and measurement configuration data

AI Analysis Results

  • Sentiment outputs

  • Identified themes

  • Quantified insights generated from text responses

Usage Data

  • Login timestamps

  • Device and browser metadata

  • Feature usage logs (anonymized after 90 days)

Payment Information

  • Processed securely by Stripe

  • We do not store credit card numbers or full payment details

Data We Do Not Process

evaluoi.ai is not designed to process special category data as defined in GDPR Article 9, including health data, biometric data, genetic data, or data revealing racial or ethnic origin, political opinions, religious beliefs, or sexual orientation.

 

Triangulation data imported into the platform should be anonymized and aggregated at organizational level.

3. Legal Bases for Processing

We process personal data under the following GDPR legal bases:

  • Consent (Article 6(1)(a))

You provide explicit consent during signup and when granting specific permissions.

  • Contract Performance (Article 6(1)(b))

Processing is necessary to provide the evaluoi.ai Service.

  • Legitimate Interest (Article 6(1)(f))

For security, fraud prevention, and improving the reliability and performance of the Service.

4. Your Rights

Under GDPR, you have the following rights:

  • Right of Access: Export all your data from Dashboard → Settings → Export Data.

  • Right to Rectification: Update your profile information at any time.

  • Right to Erasure: Delete your account, triggering a 30-day soft deletion period before permanent removal.

  • Right to Data Portability: Export data in machine-readable JSON or Excel format.

  • Right to Withdraw Consent: Modify consent settings in your account.

  • Right to Object: Object to processing based on legitimate interest.

To exercise these rights, contact: hello@evaluoi.ai

5. Security

We implement strict security standards to protect your data:

  • Encryption at rest (AES-256)

  • Encryption in transit (TLS 1.3)

  • Database Row Level Security (RLS) for tenant isolation

  • Access controls based on roles and permissions

  • Audit logs retained for 90 days

  • Passwords hashed using industry-standard algorithms

6. Third-Party Processors

Data processing locations:

  • Primary data storage: EU (Frankfurt) via Supabase

  • AI processing: May involve non-EU regions under Standard Contractual Clauses

  • Application hosting: EU

We work with the following GDPR-compliant processors:

Supabase

  • Services: Database, Authentication, Storage

  • Location: EU (Frankfurt)

  • Compliance: GDPR, ISO-certified infrastructure

Google (Gemini AI)

  • Services: AI-powered analysis

  • Data Handling: Zero retention; data not used for model training

  • Compliance: Standard Contractual Clauses (SCCs)

Stripe

  • Services: Payment processing

  • Compliance: PCI DSS Level 1 certified

All processors operate under Data Processing Agreements (DPAs) compliant with GDPR Article 28.

7. Data Retention

  • Active accounts: Retained until deletion

  • Deleted accounts: 30-day soft delete, then permanent removal

  • Audit logs: 90 days

  • Admin logs: 1 year

  • Backups: Encrypted backups retained for 90 days

8. Cookies

We use only essential cookies:

  • Session authentication cookies

  • Language preference cookie (fi/en)

We do not use advertising, tracking, or analytics cookies without consent. For details, see our Cookie Policy.

9. Contact
bottom of page