1. Introduction
This privacy policy explains how Evidora collects and processes personal data when you use the service at https://evidora.se/en. We comply with the EU General Data Protection Regulation (GDPR) and applicable data-protection law.
Evidora is a clinical decision-support service for licensed healthcare professionals. The service is not intended for patients and does not replace clinical judgement.
2. Controller
Evidora is the controller for the processing described here. Contact us at support@evidora.se for privacy questions.
3. Personal data we process
We process account data, chats and questions, optional clinical context, technical data, and feedback you choose to send us.
Patient-identifying information
Do not enter names, identity numbers, or information that can identify a patient. Use hypothetical or de-identified clinical scenarios.
4. Purposes and legal basis
We process data to provide the service, keep you signed in, protect the service from abuse, and improve Evidora through anonymous analytics and feedback.
5. Third-party providers
We use Supabase for authentication and database services, AI providers for inference, Vercel for hosting and analytics, and Resend for email delivery. Transfers outside the EEA use appropriate safeguards such as Standard Contractual Clauses.
6. Retention
Account data and chats are kept while your account is active. Feedback is kept only while relevant, up to 24 months. Server and security logs are normally deleted within 30 days.
7. Your GDPR rights
You can request access, correction, deletion, restriction, portability, object to certain processing, or withdraw consent. Email us and we will respond within 30 days.
8. Security
We use TLS, access controls, encryption where appropriate, and least-privilege access for service providers.
9. Changes
We may update this policy. Material changes will be communicated in the service or by email.