Privacy Policy

The controller responsible for data processing is Evomation (see legal notice for details). See our Impressum for company information: Impressum.

• Email: info@evomation.de
• Phone: +49 (0) 5222 187 68 20

• Service operation and account management (Art. 6(1)(b) GDPR – contract).
• Security, availability and abuse prevention (Art. 6(1)(f) GDPR – legitimate interests).
• Optional error reporting (Sentry) to improve stability (Art. 6(1)(a) GDPR – consent).

• Account Data: Email address and profile information provided during registration.
• Technical Usage Data: IP address, device type, browser version, and OS.
• Processing Metadata: What we DO store: Metadata regarding your jobs, such as file name, file size, row count, processing duration, and success/failure status. What we DO NOT store: We do not upload, view, or store the content of your files. File processing occurs locally in your browser.

• Vercel (EU region fra1): application hosting, CDN delivery, and logging within the EU.
• Kinde (EU region): OIDC authentication, session management, and user provisioning.
• Neon (AWS eu-central-1 / Frankfurt) via Prisma: managed Postgres hosting for application data.
• Sentry (EU-hosted instance): optional error telemetry and masked replays; enabled only with your consent.

We use only strictly necessary cookies and local storage required to operate EvoKlar. No marketing or tracking cookies are used.

• NEXT_LOCALE: Remembers your language preference.
• sidebar_state: Stores whether the sidebar is collapsed or expanded.
• evk-sentry-consent: Stores your optional error reporting consent preference (only set with your consent).
• evk-sentry-replay-consent: Stores your optional session replay consent preference (only set with your consent).
• Kinde session cookies: HttpOnly cookies for authentication, issued by our EU-hosted identity provider (strictly necessary).

Local Storage

• hasSeenWelcomeGuide: Remembers whether you have seen the welcome guide.

We retain account and technical records only as long as necessary for the stated purposes. Processing metadata is kept for a limited period (e.g., up to 6 months) for traceability and will be purged periodically.

Our core providers (Vercel in EU region fra1, Kinde, Neon, and Sentry) run in EU regions; no routine transfers outside the EEA occur. If a transfer becomes necessary, we apply appropriate safeguards (e.g., SCCs).

• Access to your personal data (Art. 15 GDPR).
• Rectification of inaccurate data (Art. 16 GDPR).
• Erasure (‘right to be forgotten’, Art. 17 GDPR).
• Restriction of processing (Art. 18 GDPR).
• Data portability (Art. 20 GDPR).
• Objection to processing (Art. 21 GDPR).
• Right to lodge a complaint with a supervisory authority.