Privacy Policy

1. Who We Are

Evalora is operated by Pintech LTD ("we", "us", "our"). We are the data controller for the personal data you provide when using the Evalora platform. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

For any privacy-related questions, contact us at: privacy@evalora.me

2. What Data We Collect

We collect the following categories of personal data:

• Account information: your name, email address, organization name, and role.
• Usage data: pages visited, features used, credit consumption, and session timestamps.
• Documents you upload: grant proposals and funding call documents you provide for evaluation. These may contain project details, team names, or organizational information.
• Organization profile: information you voluntarily enter about your organization's capacity, projects, and contact details.
• Payment data: transaction records. We do not store full payment card details; payment processing is handled by our payment provider.
• Communication data: messages you send us via the contact or demo request form.

3. Legal Basis for Processing

We process your personal data on the following legal grounds under GDPR:

• Contract performance (Art. 6(1)(b)): processing necessary to provide the Evalora service you signed up for.
• Legitimate interests (Art. 6(1)(f)): improving the platform, preventing fraud, and maintaining security.
• Consent (Art. 6(1)(a)): for non-essential cookies and any optional marketing communications.
• Legal obligation (Art. 6(1)(c)): where required by law, such as retaining transaction records.

4. How We Use Your Data

We use the information we collect to:

• Create and manage your account and organization profile.
• Deliver the AI-powered proposal evaluation and improvement services.
• Process payments and maintain credit balances.
• Send service-related notifications (e.g., evaluation ready, low credits).
• Respond to support requests and demo inquiries.
• Improve platform reliability, performance, and features.
• Comply with legal and regulatory requirements.

We do not use your uploaded documents to train AI models without your explicit, separate consent.

5. Data Sharing

We do not sell your personal data. We share it only with:

• AI processing providers: third-party AI APIs used to analyze proposals and generate suggestions, under strict data processing agreements.
• Payment processors: to handle credit purchases securely.
• Hosting and infrastructure providers: who store and serve the platform, operating under data processing agreements.
• Legal authorities: where required by law or to protect our legal rights.

All third parties who process data on our behalf are required to maintain appropriate security measures and may only use the data for the stated purpose.

6. Data Retention

We retain personal data only for as long as necessary:

• Account data: retained for the duration of your account plus 12 months after closure.
• Uploaded proposals: retained for up to 24 months after upload, or until you delete them.
• Payment records: retained for 7 years to comply with financial regulations.
• Contact inquiries: retained for 12 months.

You can request deletion of your account and associated data at any time (see Section 8).

7. International Transfers

Some of our AI processing providers may be based outside the European Economic Area (EEA). Where data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

8. Your Rights Under GDPR

As a data subject in the EU, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure ("right to be forgotten"): request deletion of your personal data.
• Restriction: ask us to limit how we use your data in certain circumstances.
• Portability: receive your data in a machine-readable format.
• Object: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email us at privacy@evalora.me. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encrypted storage, access controls, and secure communications (HTTPS). However, no system is completely secure; we encourage you to use a strong, unique password and to contact us immediately if you suspect any unauthorized access.

10. Cookies

We use cookies to operate the platform and improve your experience. See our Cookie Policy for details and to manage your preferences.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you via email or in-platform notification when material changes are made. The updated policy becomes effective 14 days after notification.

12. Contact

For privacy queries or to exercise your rights: privacy@evalora.me