Website Privacy Policy
How Evident processes technical access data, email communications, hosting data, and your data protection rights on this website.
Last updated: May 26, 2026
Effective date: May 26, 2026
Last updated: May 26, 2026
Policy version: 1.0
1. Controller and Contact
Controller within the meaning of Article 4(7) GDPR:
Maximillian Joel Stabe
Welserstrasse 3
87463 Dietmannsried
Germany
Email: privacy@evidentapp.com
Phone: +49 176 21462252
Website: https://evidentapp.com
For data protection requests, contact us at: privacy@evidentapp.com
2. Scope
This privacy policy applies to the website https://evidentapp.com, including its subpages and, where available, protected internal tool areas. A separate App Privacy Policy for the Evident mobile app is available at https://evidentapp.com/privacy-policy/app.
3. Categories of Data, Purposes and Legal Bases
| Category | Examples | Purpose | Legal basis |
|---|---|---|---|
| Technical access data | IP address, date and time of access, URL, HTTP method, response status, user agent, referrer | Delivering the website, security, troubleshooting, abuse prevention | Art. 6 (1)(f) GDPR |
| Hosting and observability data | Server/worker logs, technical metrics, error events | Stable and secure website operation | Art. 6 (1)(f) GDPR |
| Email communications | Email address, name, message content, communication metadata | Handling your request | Art. 6 (1)(b) GDPR where your request relates to a contract; otherwise Art. 6 (1)(f) GDPR |
| Protected tool areas | Search terms, prompts, image URLs, uploaded or generated image data, technical request metadata | Providing internal website tools, image search, image generation and content workflows | Art. 6 (1)(f) GDPR; Art. 6 (1)(b) GDPR where you voluntarily use a tool |
Our legitimate interest is the secure, performant and reliable operation of the website and the handling of legitimate inquiries.
4. Hosting, Infrastructure and Recipients
The website is delivered through Cloudflare or Cloudflare-compatible infrastructure. Cloudflare processes technical access data to deliver content, defend against attacks, diagnose errors and maintain availability.
Some website content may be loaded from content endpoints operated by us, such as content.evidentapp.com or images.evidentapp.com. Public challenges or studies may be read server-side from Supabase; during normal website usage, we do not create website visitor profiles from this.
Protected tool areas may involve additional providers depending on the feature, in particular:
- Supabase for database and content workflows.
- Cloudflare R2 for image and asset storage.
- Freepik for image search when the respective tool is used.
- An image generation service configured by us when the respective tool is used.
These tool areas are not part of normal public website usage.
5. Cookies, Tracking and Analytics
The public website currently does not set non-essential tracking cookies and does not use web analytics scripts such as Google Analytics, Meta Pixel or comparable advertising trackers.
Technically necessary processing by hosting, security systems and server/worker logs may still occur. If we add analytics or marketing technologies in the future, we will update this privacy policy and obtain required consents.
6. Email Contact
If you contact us by email, we process the data you provide to answer your request. Depending on your message, this may include your name, email address, message content, attachments and technical email metadata.
Please do not send sensitive health data by email unless it is necessary for your request.
7. Retention
| Data | Retention |
|---|---|
| Technical access data and security logs | For as long as required for operation, troubleshooting and security; generally short-term |
| Email communications | For as long as required to handle the request and comply with statutory retention duties |
| Tool data and generated assets | For as long as required for the relevant internal workflow, auditability and operation |
8. Your Rights
Subject to the GDPR, you have in particular the following rights:
- Access to the personal data we process about you (Art. 15 GDPR).
- Rectification of inaccurate data (Art. 16 GDPR).
- Erasure of your data (Art. 17 GDPR).
- Restriction of processing (Art. 18 GDPR).
- Data portability (Art. 20 GDPR).
- Objection to processing based on legitimate interests (Art. 21 GDPR).
- Withdrawal of consent with effect for the future (Art. 7 (3) GDPR).
To exercise your rights, contact us at privacy@evidentapp.com.
9. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for the Controller is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Phone: +49 (0) 981 180093-0
Website: https://www.lda.bayern.de
10. Changes to this Policy
We may amend this privacy policy if the website, the infrastructure we use or legal requirements change. The current version is published at https://evidentapp.com/privacy-policy/web.