Compliance

Privacy & cookies notice

We process only the personal data that is necessary to answer enquiries and keep Evidentia running securely. This notice fulfils our obligations under the EU General Data Protection Regulation (GDPR) and applicable Polish law.

Last updated:

1. Data controller

The controller of personal data is Piotr Żmuda Dev, Rynek Główny 28, 31-010 Kraków, Poland. You can reach us at piotr.zmuda.dev@gmail.com.

We act as the controller for data submitted through this website and as a processor for client experiments hosted on our Cloudflare infrastructure.

2. What data we process

Contact form

We collect your name, email address, optional organisation name, and the contents of your enquiry. Technical metadata (IP address, browser details, submission timestamp) is processed to prevent abuse.

Accounts & authentication

If you create an account, we store your email address and a password verifier. Passwords are never stored in plain text. We use PBKDF2 with SHA-256, a unique per-user salt, and 100,000 iterations to derive a hash. We also maintain your token balance (manual top-ups) and usage counters to operate the service.

Operational security data

Our CDN and firewall provider, Cloudflare, Inc., may temporarily process IP addresses and connection metadata to maintain availability and defend against attacks. Logs are stored in aggregated form for up to 90 days.

Support conversations

When you contact us by email, we retain the thread (including headers and attachments) so we can respond and maintain support records.

No analytics or advertising

Evidentia does not use advertising identifiers, third-party analytics pixels, or social media trackers on this site.

3. Purposes and legal bases

  • Responding to enquiries - Article 6(1)(f) GDPR (legitimate interest in communicating with prospective clients and partners).
  • Maintaining security logs - Article 6(1)(f) GDPR (legitimate interest in preventing fraud, spam, and abuse).
  • Fulfilling legal obligations - Article 6(1)(c) GDPR (e.g. bookkeeping or archiving duties arising from correspondence).

4. Retention periods

  • Contact enquiries are stored for up to 24 months from the last interaction, unless you request earlier erasure.
  • Security logs retained by Cloudflare are kept for up to 90 days unless a longer period is required for incident investigation.
  • Local storage preferences (e.g. hiding the cookie banner) remain in your browser for 12 months or until you clear them manually.

5. Data recipients

We work with trusted processors on the basis of data processing agreements and EU Standard Contractual Clauses (SCCs):

  • Cloudflare, Inc. (USA) - hosting, network protection, and content delivery.
  • MailChannels, Inc. (USA) - secure email delivery for contact form submissions.
  • Regulatory or law enforcement authorities when disclosure is legally required.

6. International transfers

When data is processed by providers located outside the European Economic Area, we rely on the SCCs combined with technical and organisational safeguards (encryption in transit, strict access controls, audit logging) to ensure an adequate level of protection.

7. Your rights

You can exercise the following rights at any time by contacting piotr.zmuda.dev@gmail.com:

  • Access to your data and the right to obtain a copy.
  • Rectification of inaccurate or incomplete information.
  • Erasure (“right to be forgotten”) where applicable.
  • Restriction of processing in the situations listed in Article 18 GDPR.
  • Objection to processing based on legitimate interests.
  • Data portability for information processed on the basis of consent or a contract.
  • Complaint to the President of the Personal Data Protection Office (PUODO) in Poland if you believe we breach data protection law.
  • You may delete your account at any time from the My Account page; this removes your profile, token balance, and usage logs from our database.

8. Cookies and similar technologies

Evidentia uses only strictly necessary cookies and local storage. They keep the platform secure and remember that you acknowledged this notice. We do not run marketing, behavioural, or cross-site tracking cookies on this domain.

Cookie / storage Purpose Retention
Evidentia session (session) Authentication cookie that keeps you signed in. Contains a signed JWT with your user id, email, and role. HttpOnly, Secure, SameSite=Lax. Up to 30 days or until you sign out.
Cloudflare (__cf_bm, cf_clearance) Mitigates bots and ensures the site remains available. Set by our CDN and security provider. Session or a few hours, managed by Cloudflare in line with their global network policies.
Local storage (evidentia-cookie-consent) Remembers that you already saw this notice so we do not show it on every visit. 12 months or until you clear your browser storage.

You can manage cookies at the browser level: disable them entirely, delete existing ones, or limit them to selected sites. Disabling security cookies may affect the availability of Evidentia pages.

11. Where your data is stored

Evidentia runs on Cloudflare Workers. Account records (email, password hash, token balance) and usage logs are stored in Cloudflare D1, our managed database. Data may be replicated across regions by our hosting provider for resilience and performance. We apply encryption in transit, least-privilege access, and audit logging.

9. Security measures

  • All traffic is encrypted via HTTPS/TLS.
  • Administrative access is protected with multi-factor authentication and role-based controls.
  • Privileged actions are logged and reviewed regularly.
  • Incident response procedures ensure we notify authorities and affected individuals when required by law.

10. Contact

For privacy enquiries, data subject rights, or general questions about this policy, email piotr.zmuda.dev@gmail.com or write to Piotr Żmuda Dev, Rynek Główny 28, 31-010 Kraków, Poland.