Privacy Policy

Last updated: 6 February 2026

In plain English

EvenStance helps you resolve disputes with companies. To do that, we need some of your personal information. We treat it with care, never sell it, and give you full control over it. This policy explains exactly what we collect, why, and what rights you have.

1. Who we are

EvenStance is a consumer empowerment platform operated in the United Kingdom. For the purposes of UK GDPR, we are the data controller. You can contact us at privacy@evenstance.uk.

2. What we collect

  • Account information: Name, email address, and hashed password when you register. If you sign in with Google or Apple, we receive your name and email from those providers.
  • Case information: Details you provide about your dispute, including the company name, category, description, dates, correspondence, and uploaded documents.
  • Payment information: Processed securely by Stripe. We do not store your card details. We store your subscription status and Stripe customer ID.
  • Usage data: If you consent to analytics, we collect anonymised usage data via PostHog to improve the platform. This is entirely optional.
  • Communications: Emails forwarded to your case, communication logs, and AI chat messages.

3. How we use your data

  • To provide the service: Managing your cases, generating letters, providing AI guidance, and sending notifications about deadlines.
  • To process payments: Managing your subscription via Stripe.
  • To communicate with you: Account verification, password resets, deadline reminders, and service updates.
  • To improve the platform: Only with your explicit analytics consent.

4. AI and your data

EvenStance uses AI (Google Gemini and Anthropic Claude) to provide case assessments, draft letters, and offer guidance. Before any data is sent to AI providers, we automatically redact personally identifiable information (PII) including names, addresses, phone numbers, and account numbers. AI providers do not retain your data for training purposes under our agreements.

5. Data sharing

We never sell your personal data. We share data only with:

  • Stripe: Payment processing
  • Resend: Transactional email delivery
  • AI providers: Case assessment (with PII redacted)
  • PostHog: Analytics (only with your consent)

6. Your rights under UK GDPR

You have the right to:

  • Access: Request a copy of all your data (available in Settings > Data Export).
  • Rectification: Correct inaccurate information in your profile or cases.
  • Erasure: Delete your account and all associated data (available in Settings > Delete Account, with a 7-day cooling-off period).
  • Portability: Export your data in a structured format.
  • Object: Opt out of analytics at any time via cookie preferences.

7. Cookies

We use essential cookies for authentication and session management. Analytics cookies (PostHog) are only activated with your explicit consent via our cookie banner. You can change your preferences at any time.

8. Data retention

We retain your data for as long as your account is active. When you delete your account, all personal data is permanently removed after a 7-day cooling-off period. Audit logs are retained for 12 months for security purposes, then automatically deleted.

9. Security

We protect your data with encryption in transit (HTTPS/TLS), encrypted database storage, rate limiting, CSRF protection, and regular security audits. Passwords are hashed using bcrypt and never stored in plain text.

10. Contact

For any privacy-related queries, contact us at privacy@evenstance.uk. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.