Privacy Policy

The data controller for personal data processed through Evidio is:

O2CODE (O2C) 55 rue Grignan, 13006 Marseille, France SIREN: 941 272 577 VAT: FR12 941 272 577

For privacy inquiries, contact us through our contact form at evidio.io/contact.

The Evidio Chrome extension requests the following permissions, each strictly necessary for the service to function:

• Side Panel: Displays the store analysis panel alongside the page you're visiting. • Storage: Saves your research data, preferences, and settings locally on your device. • Active Tab: Reads the content of the current page only when you interact with Evidio, to detect if the site is a Shopify store and extract publicly available information. • Host permissions (google.com): Allows SERP Radar to detect Shopify stores on Google search results. • Host permissions (evidio.io API): Communicates with our server for account authentication and usage tracking only.

Evidio does not request access to your browsing history, bookmarks, downloads, or any other browser data beyond what is listed above.

We collect minimal data, strictly necessary for the service to function:

Account data (all users): • Email address (for authentication) • Name (for account identification) • Hashed password (if using email/password authentication) • Google account ID (if using Google OAuth — we do not access your Google data beyond name and email)

Usage data: • Plan type • Device identifier (a random ID generated by the extension, not linked to your hardware) • Monthly usage counters (number of analyses and contact extractions performed)

Payment data: • Processed entirely by Stripe. We store only the Stripe customer ID — never your card details.

Anonymous analytics: • We use Umami, a privacy-friendly analytics tool that does not use cookies and does not track personal data. We collect aggregate page views and visit counts only on our website.

This is important to understand:

• We do NOT store the stores you analyze. Your research data (analyzed stores, saved products, dashboard data) stays on your device and is never sent to our servers. • We do NOT track your browsing history or web activity. • We do NOT sell, rent, or share any personal data with third parties. • We do NOT use tracking pixels, fingerprinting, or cross-site tracking. • We do NOT access your Google account data beyond basic profile info (name, email) when using OAuth. • We do NOT collect the content of pages you visit, except for the Shopify store analysis you explicitly trigger.

We use collected data exclusively for:

• Authenticating your account and validating your plan • Enforcing plan limits (monthly analysis quota, device limits) • Processing payments through Stripe • Sending transactional emails (payment receipts, account notifications) • Improving the service based on aggregate, anonymized usage statistics

We do not use your data for advertising, profiling, or any purpose beyond operating the Evidio service.

Server data (accounts, usage counters) is stored on secure servers hosted in the European Union.

Research data (analyzed stores, saved products, comparisons) is stored locally on your device and never leaves it.

We implement appropriate technical measures to protect your data, including: • Encrypted connections (HTTPS/TLS) for all communications between the extension and our servers • Hashed passwords (never stored in plain text) • Database access restricted to application services only • No direct database access from the extension

Account data: Retained as long as your account exists. Deleted upon account deletion request.

Usage data: Usage counters reset monthly. Historical usage is not retained.

Payment data: Retained by Stripe according to their data retention policy and applicable financial regulations.

Local research data: Stored on your device until you clear it. We have no access to this data.

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access: Request a copy of all personal data we hold about you. • Right to rectification: Request correction of inaccurate data. • Right to erasure: Request deletion of your personal data. • Right to data portability: Receive your data in a structured, machine-readable format. • Right to object: Object to processing of your data for specific purposes. • Right to restriction: Request limitation of data processing.

To exercise any of these rights, contact us through our contact form at evidio.io/contact. We will respond within 30 days.

You also have the right to lodge a complaint with the CNIL (French Data Protection Authority) at cnil.fr.

The Evidio website uses minimal cookies:

• Authentication cookies: Strictly necessary for maintaining your login session. These are first-party, secure cookies. • Theme preference: Stored in your browser to remember your dark/light mode preference. • Cookie consent: Stored in your browser to remember your consent choice.

We use Umami for analytics, which does not use cookies and is fully GDPR-compliant.

The Evidio Chrome extension does not use cookies.

We use the following third-party services:

• Stripe (stripe.com): Payment processing. Subject to Stripe's privacy policy. • Google OAuth (google.com): Optional authentication. Subject to Google's privacy policy. We only access your name and email. • Umami (umami.is): Privacy-friendly website analytics. No personal data collected.

We do not share your personal data with any other third parties.

The use of information received from Google APIs by Evidio adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Specifically: • We only use data for the single purpose of providing the Evidio competitive intelligence service. • We do not transfer data to third parties except as necessary to provide the service (Stripe for payments). • We do not use data for advertising or to determine creditworthiness. • We do not sell user data to data brokers or information resellers. • All data transmissions use encrypted connections (HTTPS).

Evidio is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. For material changes, we will notify users via email.

Continued use of the service after changes constitutes acceptance of the updated policy.

For privacy-related inquiries, please contact us through our contact form at evidio.io/contact.

O2CODE (O2C) 55 rue Grignan, 13006 Marseille, France SIREN: 941 272 577