Privacy Policy

How we process and protect your data

Controller

The controller responsible for data processing is Evomation (see legal notice for details). See our Impressum for company information: Impressum

Contact for privacy matters

Email: info@evomation.de
Phone: +49 (0) 5222 187 68 20

Purposes and legal bases

Service operation and account management (Art. 6(1)(b) GDPR – contract).
Security, availability and abuse prevention (Art. 6(1)(f) GDPR – legitimate interests).
Optional error reporting (Sentry) to improve stability (Art. 6(1)(a) GDPR – consent).

Categories of data processed

Account data: email and minimal profile information you provide.
Technical data: device, browser, and log metadata generated during usage.
Processing metadata: we do not store your files; we store only file metadata (e.g., name, type/extension, size, processing timestamps) for traceability.

Recipients and processors

Vercel (EU region fra1): application hosting, CDN delivery, and logging within the EU.
Kinde (EU region): OIDC authentication, session management, and user provisioning.
Neon (AWS eu-central-1 / Frankfurt) via Prisma: managed Postgres hosting for application data.
Sentry (EU-hosted instance): optional error telemetry and masked replays; enabled only with your consent.

Technical cookies and storage

We only use storage needed for language, UI preferences, authentication, and optional telemetry consent. No marketing or advertising cookies are set.

NEXT_LOCALE: Stores your selected language for localized routes and content.
sidebar_state: Stores whether the sidebar is collapsed or expanded (set until end of day).
evk-app-theme (cookie): Stores your selected app/public theme (up to 12 months).
localStorage: evk-app-theme: Stores your selected theme locally to prevent flicker and preserve preference across visits.
evk-sentry-consent: Optional: stores your error-reporting consent (cookie until end of day plus sessionStorage cache for the active session).
evk-sentry-replay-consent: Optional: stores your session-replay consent (cookie until end of day plus sessionStorage cache for the active session).
Kinde session cookies: HttpOnly secure cookies required for authentication and session security.

Retention

We retain account and technical records only as long as necessary for the stated purposes. Processing metadata is kept for a limited period (e.g., up to 6 months) for traceability and will be purged periodically.

International data transfers

Our core providers (Vercel in EU region fra1, Kinde, Neon, and Sentry) run in EU regions; no routine transfers outside the EEA occur. If a transfer becomes necessary, we apply appropriate safeguards (e.g., SCCs).

Your rights

Access to your personal data (Art. 15 GDPR).
Rectification of inaccurate data (Art. 16 GDPR).
Erasure (‘right to be forgotten’, Art. 17 GDPR).
Restriction of processing (Art. 18 GDPR).
Data portability (Art. 20 GDPR).
Objection to processing (Art. 21 GDPR).
Right to lodge a complaint with a supervisory authority.

Updated: 2026-02-25