Privacy Policy

Last updated: February 6, 2026

This Privacy Policy (hereinafter — "Policy") describes how the operator of the web service "Ye-Vidhuk" (hereinafter — "Operator", "we", "us", "our") collects, uses, stores, transfers, and protects personal data of users (hereinafter — "User", "you", "your") when using the web platform evidhuk.com.ua and related services (hereinafter — "Service"). By using the Service, you confirm that you have read this Policy and consent to the processing of personal data in the manner and under the conditions set forth herein.

1. General Provisions

This Policy has been developed in accordance with the Law of Ukraine "On Personal Data Protection" No. 2297-VI, the General Data Protection Regulation of the European Union (GDPR, Regulation (EU) 2016/679), and other applicable data protection regulations.

The Policy applies to all personal data collected through the Service, including data voluntarily provided by Users and data automatically collected during Service usage.

The Operator reserves the right to update this Policy at any time without prior notice. The current version is always available at evidhuk.com.ua/privacy. Continued use of the Service after changes constitutes your acceptance of the updated Policy.

2. Definitions

The following terms are used in this Policy:

  • "Personal Data" — any information relating to an identified or identifiable natural person (data subject).
  • "Processing" — any operation or set of operations performed on personal data, including collection, recording, organization, storage, adaptation, alteration, retrieval, use, disclosure, dissemination, blocking, and destruction.
  • "Tenant" — an organization or individual entrepreneur registered in the Service to collect and analyze feedback from their customers.
  • "End User" — an individual who submits feedback through a form created by a Tenant using the Service.
  • "Data Controller" — a subject that determines the purposes and means of personal data processing. The Operator acts as Data Controller for Tenant data and Data Processor for End User data.
  • "Data Processor" — a subject that processes personal data on behalf of the Data Controller.

3. What Data We Collect

We collect and process the following categories of personal data:

3.1. Data provided by Tenants during registration and Service usage:

  • Full name of the contact person
  • Email address
  • Phone number (optional)
  • Organization / business name
  • Company description (optional)
  • Company website (optional)
  • Payment data (processed exclusively through certified payment systems Stripe, LiqPay, WayForPay — we do not store bank card data)
  • Google account data (when authorizing via Google OAuth): name, email, account identifier

3.2. End User data collected through feedback forms:

  • Feedback text and ratings (NPS, CSAT, CES, star rating)
  • Survey responses created by the Tenant
  • Name and contact information (only if voluntarily provided by the End User)
  • Media files (photos, videos, audio) if voluntarily uploaded by the End User
  • Device type and model, operating system version, browser type
  • Browser language, screen resolution
  • Approximate geographic location (based on IP address, city-level accuracy)

3.3. Automatically collected data (technical):

  • IP address
  • Cookies and similar technologies (see Section 7)
  • Date, time, and duration of Service usage
  • Pages viewed
  • Referrer URL
  • Behavioral analytics of form completion: time per question, number of clicks, drop-off points (collected in anonymized form for form conversion optimization)

4. Purpose of Data Collection and Processing

We process personal data exclusively for the following purposes:

  • Providing, supporting, and improving Service functionality
  • Registering accounts and authenticating Users
  • Processing payments and invoicing (through certified payment systems)
  • Sending service notifications: new feedback alerts, system messages, service changes
  • Ensuring Service security: fraud detection, abuse prevention, suspicious activity monitoring
  • Analyzing Service usage for product improvement (in aggregated and anonymized form)
  • Fulfilling legal obligations, including legislative requirements and requests from authorized bodies
  • Responding to User inquiries through the contact form

5. Legal Basis for Processing

Personal data processing is carried out on the following legal bases in accordance with Art. 6 GDPR:

  • Data subject consent (Art. 6(1)(a) GDPR) — during Service registration, feedback form completion, notification subscription.
  • Contract performance (Art. 6(1)(b) GDPR) — to provide services in accordance with the Terms of Use.
  • Legitimate interest (Art. 6(1)(f) GDPR) — to ensure Service security, prevent fraud, improve the product.
  • Legal obligation (Art. 6(1)(c) GDPR) — to comply with applicable Ukrainian and EU legislation.

6. Data Sharing with Third Parties

We do not sell, rent, or disclose personal data to third parties, except in the following cases:

  • Payment providers (Stripe, LiqPay, WayForPay) — exclusively for payment processing. These providers have their own privacy policies and are PCI DSS certified.
  • Hosting providers — for server hosting and Service operation (server infrastructure is located in the European Union).
  • Email services — for sending service notifications.
  • Telegram Bot API — for sending new feedback notifications (only per Tenant settings).
  • Google OAuth — during Google authorization (only data necessary for authentication is transferred).
  • Law enforcement and government authorities — in cases directly provided by Ukrainian law or by a court order.

All third parties to whom we transfer data are required to ensure an adequate level of personal data protection in accordance with applicable law.

7. Cookies and Tracking Technologies

The Service uses cookies and similar technologies to ensure proper operation, analytics, and user experience improvement.

Types of cookies we use:

  • Essential — ensure basic Service functionality: authorization, security, language settings. The Service cannot function properly without them.
  • Analytics — help us understand how Users interact with the Service for product improvement. Data is collected in aggregated form.
  • Functional — store your settings and preferences (theme, interface language).

You can manage cookies through your browser settings. Please note that disabling essential cookies may limit Service functionality.

We do not use advertising cookies and do not track Users across other websites.

8. Data Retention

Personal data is stored for the period necessary to achieve the purposes of collection or for the period required by applicable law:

  • Tenant account data — for the duration of the account and 30 days after deletion (for recovery purposes).
  • End User feedback data — for the duration of the Tenant's account to which they belong.
  • Payment information (transactions, invoices) — for the period required by tax law (minimum 3 years).
  • Technical logs — no longer than 90 days.
  • Contact form data — no longer than 12 months.
  • Database backups — no longer than 30 days from creation.

After the retention period expires, personal data is destroyed or anonymized in a manner that prevents recovery.

9. Data Security

We implement organizational and technical measures to protect personal data from unauthorized access, loss, destruction, alteration, and disclosure, including:

  • Data encryption in transit (TLS/SSL) and at rest
  • Password hashing using BCrypt (12 rounds)
  • Role-based access control (RBAC)
  • Protection against CSRF, XSS, and other web application attacks
  • Regular data backups
  • Security monitoring and access event logging
  • Rate limiting for DDoS attack protection

Despite security measures taken, no system of data transmission and storage over the Internet can guarantee 100% security. We make every effort to protect your data but cannot guarantee absolute security of information transmitted over the Internet.

10. User Rights

In accordance with the GDPR and the Law of Ukraine "On Personal Data Protection", you have the following rights regarding your personal data:

  • Right of access — you may request a copy of your personal data that we process.
  • Right to rectification — you may request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — you may request deletion of your personal data, except where retention is required by law.
  • Right to restriction of processing — you may request restriction of data processing in legally defined cases.
  • Right to data portability — you may request your data in a structured, commonly used, and machine-readable format.
  • Right to object — you may object to processing of your data based on legitimate interest.
  • Right to withdraw consent — if processing is based on your consent, you may withdraw it at any time.

To exercise any of these rights, contact us using the contact details in Section 13. We will respond to your request within 30 calendar days.

If you believe your rights have been violated, you have the right to file a complaint with the relevant data protection supervisory authority.

11. International Data Transfers

The Service's server infrastructure is located in the European Union. In cases where personal data is transferred outside the EU/EEA (e.g., when using third-party services), we ensure an adequate level of protection through:

— Standard Contractual Clauses (SCCs) approved by the European Commission;

— Adequacy decisions regarding the recipient country;

— Privacy Shield certification (where applicable).

12. Aggregated and Anonymized Data

The Operator has the right to aggregate, systematize, and analyze information received from Users after anonymization (depersonalization) for the purposes of:

— Improving the functionality and quality of the Service;

— Creating analytical and statistical reports;

— Market research and trends in the field of customer experience;

— Development of new features and products.

Anonymized data is not personal data and does not allow identification of a specific individual. The Operator is the exclusive owner of intellectual property rights to aggregated and anonymized data.

13. Children's Privacy

The Service is not intended for persons under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child without proper parental consent, we will take steps to promptly delete such data.

14. Limitation of Liability

The Operator is not liable for:

— Actions of Tenants regarding the collection and use of End User data through forms created in the Service. The Tenant is an independent Data Controller for feedback collected through their forms and bears full responsibility for the legality of their collection and processing;

— Content of feedback submitted by End Users;

— Loss or damage to data caused by circumstances beyond the Operator's reasonable control (force majeure, third-party actions, internet outages);

— Security of data transmitted over the Internet until received by our servers.

You use the Service at your own risk and understand that no technology can guarantee absolute data protection.

15. Contact Information

For all questions regarding this Privacy Policy, personal data processing, or exercising your rights, you may contact us:

Telegram: @evidhuk_ua

Postal address: indicated on the Service's contact page.

Request processing time: up to 30 calendar days from receipt.

Last updated: February 6, 2026