Privacy Policy

Last updated: 6th February 2026

In plain English

EvenStance helps you resolve disputes with companies. To do that, we need some of your personal information. We treat it with care, never sell it, and give you full control over it. This policy explains exactly what we collect, why, and what rights you have.

1. Who we are

EvenStance is operated by EvenStance Ltd (Company No. 17214222), registered in England & Wales, with registered address at 1 Spring Avenue, Ashby-de-la-Zouch, Leicestershire LE65 2RB. For the purposes of UK GDPR, EvenStance Ltd is the data controller.

ICO Registration Number: [PENDING — to be added]

You can contact us at privacy@evenstance.com.

2. What we collect

  • Account information: Name, email address, and hashed password when you register. If you sign in with Google or Apple, we receive your name and email from those providers.
  • Case information: Details you provide about your dispute, including the company name, category, description, dates, correspondence, and uploaded documents.
  • Payment information: Processed securely by Stripe. We do not store your card details. We store your subscription status and Stripe customer ID.
  • Usage data: We collect anonymised usage data via PostHog to improve the platform. You can opt out at any time using the toggle in Section 7 below.
  • Communications: Emails forwarded to your case, communication logs, and AI chat messages.

3. How we use your data

  • To provide the service: Managing your cases, generating letters, providing AI guidance, and sending notifications about deadlines.
  • To process payments: Managing your subscription via Stripe.
  • To communicate with you: Account verification, password resets, deadline reminders, and service updates.
  • To improve the platform: Via anonymised analytics. You can opt out below.

4. AI and your data

EvenStance uses AI (Google Gemini and Anthropic Claude) to provide case assessments, draft letters, and offer guidance. Before any data is sent to AI providers, we automatically redact personally identifiable information (PII) including names, addresses, phone numbers, and account numbers. AI providers do not retain your data for training purposes under our agreements.

5. Data sharing

We never sell your personal data. We share data only with:

  • Stripe: Payment processing
  • Resend: Transactional email delivery
  • AI providers: Case assessment (with PII redacted)
  • PostHog: Analytics (opt out below)

6. Your rights under UK GDPR

You have the right to:

  • Access:Request a copy of all your data (available in Settings > Data Export).
  • Rectification: Correct inaccurate information in your profile or cases.
  • Erasure:Delete your account and all associated data (available in Settings > Delete Account, with a 7-day cooling-off period).
  • Portability: Export your data in a structured format.
  • Object: Opt out of analytics at any time using the toggle in Section 7 below.

7. Cookies

We use essential cookies for authentication and session management. Analytics cookies (PostHog) are active by default to help us improve the platform. You can opt out at any time using the toggle below.

8. Data retention

We retain your data for as long as your account is active. When you delete your account, all personal data is permanently removed after a 7-day cooling-off period. Audit logs are retained for 12 months for security purposes, then automatically deleted.

9. Security

We protect your data with encryption in transit (HTTPS/TLS), encrypted database storage, rate limiting, CSRF protection, and regular security audits. Passwords are hashed using bcrypt and never stored in plain text.

10. Contact

For any privacy-related queries, contact us at privacy@evenstance.com. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.