Legal

Privacy, Terms
& GDPR.

Last updated: March 2026. These documents apply to the Evidentia Early Access beta program.

What data we collect

Evidentia collects only the minimum data necessary to provide the service.

  • Contact information provided when signing up (name, email, company)
  • Cryptographic proof data (hashes, signatures, timestamps, metadata)
  • Service usage data for billing and operational monitoring

We never collect: Raw AI prompts, AI-generated outputs, or sensitive business content. These remain entirely within your environment — by architectural design.

How we use data

  • To provide and operate the Evidentia service
  • To generate and store tamper-evident evidence records on your behalf
  • To communicate with you regarding your account and the service
  • To improve service reliability and security

Data retention

Evidence records are retained for the duration of your subscription plus a wind-down period as agreed in your Early Access agreement. Contact data is retained for the duration of the business relationship. You may request deletion of contact data at any time.

Third-party services

Evidentia uses third-party infrastructure for cloud storage, key management, and timestamping. These providers are bound by data processing agreements consistent with GDPR requirements. We do not sell or share your data with any third party for marketing or analytics purposes.

Contact

For privacy-related enquiries, please contact us via our request form.

Early Access Program

These Terms govern participation in the Evidentia Early Access beta program. By accessing the service, you agree to these terms. The service is provided in beta form — functionality, pricing, and specifications are subject to change without prior notice.

Permitted Use

  • Use the service to create tamper-evident evidence records for AI workflows within your organization
  • Export evidence packages for internal audit, compliance, and legal review purposes
  • Integrate the service via SDK or API for your approved AI systems

Limitation of Liability

During the Early Access period, the service is provided "as is." Evidentia is not liable for service interruptions, data loss, or consequential damages beyond the fees paid in the relevant billing period. Liability is limited as specified in your individual Early Access agreement.

Disclaimer

Evidentia provides audit-readiness and tamper-evident record infrastructure. It does not provide legal advice. The admissibility, enforceability, or evidentiary value of any records in any jurisdiction is a matter of applicable law and must be assessed by qualified legal counsel. Nothing in this service constitutes a guarantee of legal outcome.

Governing Law

These terms are governed by applicable law. Specific governing jurisdiction is defined in your individual Early Access agreement.

Role Definition

Data Controller

Your organization. You determine the purposes and means of processing AI interaction data within your environment.

Data Processor

Evidentia. We process only cryptographic proof data on your behalf, as defined in the Early Access agreement — designed to support Article 28 DPA workflows.

Legal Basis for Processing

  • Contract performance — processing necessary to provide the agreed service
  • Legitimate interests — service security, fraud prevention, and operational monitoring

Your Rights

Under GDPR, you have the right to:

  • Access personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of contact and account data
  • Data portability for contact information
  • Object to processing in certain circumstances

Cross-border Data Transfers

Where data is transferred outside the EEA, Evidentia is designed to support Standard Contractual Clauses (SCC) as the transfer mechanism. We can provide relevant documentation for enterprise deployments upon request.

Privacy by Design

Evidentia is built on a privacy-by-design principle. Raw AI content never enters our systems. We process only cryptographic fingerprints — minimising data exposure at the architectural level, not just through policy.

Data Protection Contact

For GDPR-related enquiries or to exercise your rights, please contact us via our request form.