Legal

Website Privacy Policy

How Evident processes technical access data, email communications, hosting data, partner program data, and your data protection rights on this website.

Last updated: June 11, 2026

Language

Effective date: May 26, 2026
Last updated: June 11, 2026
Policy version: 1.1

1. Controller and Contact

Controller within the meaning of Article 4(7) GDPR:

Maximillian Joel Stabe
Wasserstraße 11
25337 Elmshorn
Germany

Email:    privacy@evidentapp.com
Phone:    +49 176 21462252
Website:  https://evidentapp.com

For data protection requests, contact us at: privacy@evidentapp.com


2. Scope

This privacy policy applies to the website https://evidentapp.com, including its subpages and, where available, protected internal tool areas. A separate App Privacy Policy for the Evident mobile app is available at https://evidentapp.com/privacy-policy/app.


3. Categories of Data, Purposes and Legal Bases

CategoryExamplesPurposeLegal basis
Technical access dataIP address, date and time of access, URL, HTTP method, response status, user agent, referrerDelivering the website, security, troubleshooting, abuse preventionArt. 6 (1)(f) GDPR
Hosting and observability dataServer/worker logs, technical metrics, error eventsStable and secure website operationArt. 6 (1)(f) GDPR
Email communicationsEmail address, name, message content, communication metadataHandling your requestArt. 6 (1)(b) GDPR where your request relates to a contract; otherwise Art. 6 (1)(f) GDPR
Protected tool areasSearch terms, prompts, image URLs, uploaded or generated image data, technical request metadataProviding internal website tools, image search, image generation and content workflowsArt. 6 (1)(f) GDPR; Art. 6 (1)(b) GDPR where you voluntarily use a tool

Our legitimate interest is the secure, performant and reliable operation of the website and the handling of legitimate inquiries.


4. Hosting, Infrastructure and Recipients

The website is delivered through Cloudflare or Cloudflare-compatible infrastructure. Cloudflare processes technical access data to deliver content, defend against attacks, diagnose errors and maintain availability.

Some website content may be loaded from content endpoints operated by us, such as content.evidentapp.com or images.evidentapp.com. Public challenges or studies may be read server-side from Supabase; during normal website usage, we do not create website visitor profiles from this.

Protected tool areas may involve additional providers depending on the feature, in particular:

  • Supabase for database and content workflows.
  • Cloudflare R2 for image and asset storage.
  • Freepik for image search when the respective tool is used.
  • An image generation service configured by us when the respective tool is used.

These tool areas are not part of normal public website usage.


5. Cookies, Tracking and Analytics

The public website currently does not set non-essential tracking cookies and does not use web analytics scripts such as Google Analytics, Meta Pixel or comparable advertising trackers.

Technically necessary processing by hosting, security systems and server/worker logs may still occur. If we add analytics or marketing technologies in the future, we will update this privacy policy and obtain required consents.


6. Email Contact

If you contact us by email, we process the data you provide to answer your request. Depending on your message, this may include your name, email address, message content, attachments and technical email metadata.

Please do not send sensitive health data by email unless it is necessary for your request.


7. Partner Program (Influencer Referrals)

If you participate in our partner program, we process the data required to run the partnership: your name and partner code, contact and contract data (including the signed partner agreement), your commission rate, the number of verified App Store purchases attributed to your code, payout records, and the payment details you provide for payouts.

We use this data to manage the partnership, to calculate and pay commissions, and to provide your personal partner dashboard, which is accessible via an individual link. Legal bases are the performance of a contract (Art. 6 (1) (b) GDPR) and compliance with legal obligations, in particular statutory tax and commercial retention duties (Art. 6 (1) (c) GDPR).

Purchase attribution is based on Apple App Store transaction identifiers; we do not receive the buyer's name, contact or payment details. Partner data is stored in our Supabase infrastructure (see Section 4). Payout and accounting records are retained for up to ten years under statutory retention duties (Sec. 147 AO, Sec. 257 HGB).


8. Retention

DataRetention
Technical access data and security logsFor as long as required for operation, troubleshooting and security; generally short-term
Email communicationsFor as long as required to handle the request and comply with statutory retention duties
Tool data and generated assetsFor as long as required for the relevant internal workflow, auditability and operation

9. Your Rights

Subject to the GDPR, you have in particular the following rights:

  • Access to the personal data we process about you (Art. 15 GDPR).
  • Rectification of inaccurate data (Art. 16 GDPR).
  • Erasure of your data (Art. 17 GDPR).
  • Restriction of processing (Art. 18 GDPR).
  • Data portability (Art. 20 GDPR).
  • Objection to processing based on legitimate interests (Art. 21 GDPR).
  • Withdrawal of consent with effect for the future (Art. 7 (3) GDPR).

To exercise your rights, contact us at privacy@evidentapp.com.


10. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for the Controller is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany

Phone: +49 (0) 981 180093-0
Website: https://www.lda.bayern.de

11. Changes to this Policy

We may amend this privacy policy if the website, the infrastructure we use or legal requirements change. The current version is published at https://evidentapp.com/privacy-policy/web.