At Evomi, we respect your privacy rights and are committed to safeguarding your Personal Data. This Privacy Policy (hereinafter "Policy") aims to inform you how we collect, manage, use, and protect your Personal Data.

Please review this Policy in conjunction with our Terms of Use and Cookie Policy. Terms not otherwise defined in this Privacy Policy have the same meanings as in our Terms of Use.

About Us

The operator of this service and the entity responsible under the General Data Protection Regulation (GDPR) is:

TeraShift GmbH, a company incorporated in Switzerland with its registered address at Weissbadstrasse 8b, 9050 Appenzell, Switzerland (referred to as "Evomi," "we," "us," etc.).

TeraShift GmbH acts as the controller of Evomi's Individual Users' Personal Data. For clarity, "Individual User" refers to any natural person who visits our Site or uses our Services. If you have any questions regarding your privacy, please contact us at:

• Email: hello@evomi.com

• Or use the "Contact Us" form on our website.

Core Principles

This Privacy Policy outlines how we process personal data while providing our services. Protecting your privacy is of utmost importance to us, and we strictly adhere to statutory data protection provisions.

Consent

BY USING OUR SERVICES, YOU CONSENT TO THE COLLECTION, USE, AND TRANSFER OF YOUR PERSONAL DATA AS DESCRIBED IN THIS PRIVACY POLICY AND OUR TERMS OF USE.

Users of our Services should note that all data processing and storage, including registration, is hosted on servers in the European Union. By using our Services and providing information to us, you consent to the transfer and processing of your information, unless stated otherwise in this Policy. You may be asked for your explicit consent during account creation.

Acceptance

Please read this Privacy Policy carefully. Your access to and use of our Services signifies that you've read, understood, and agreed to all terms within this Policy. If you disagree with any part, please do not access or continue to use the Services or submit your Personal Data.

What Data is Being Logged by Default

To ensure the technical functionality and presentation of our System and Services, clarify security incidents, and monitor technical malfunctions or attacks, we collect necessary standard data. You can browse areas of our Website and System that do not require access authorization without disclosing any personal data.

Log Files

When you visit our Website, log files (activity logs) are automatically transmitted to our servers. This generally does not constitute personal data and is not mixed with other data processed by us.

• Time and date of the page visit

• Information about user activity and transferred data volume

Server Logs

We may create de-identified or anonymous data from Personal Data by excluding components (such as your name, email address, or linkable tracking ID) that make the data personally identifiable. Our use of anonymized and de-identified data is not subject to this Privacy Policy.

Data Provision Stipulated or Required

Providing Personal Data is necessary and obligatory for the presentation and functionality of our System and Services. Without the transmission of technically necessary information, these cannot be guaranteed.

Additional Information

Our Services are not aimed at children or teenagers under 18 without parental consent. If we become aware that a child has submitted information to us, we will delete it immediately.

Our Website or System may contain links to other websites or applications. We are not responsible for their content, function, or compliance. Please review their data protection regulations.

Data Retention

We retain your Personal Data as long as you maintain an Account or as required to provide you with the Services. We also retain your Personal Data as necessary to comply with legal obligations, resolve disputes, and enforce agreements. When we no longer need your data for these purposes, we will delete it from our systems.

Where permissible, we will also delete your Personal Data upon your written request. For questions about our data retention practices, please contact us through hello@evomi.com.

Security

We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized processing, accidental loss, or destruction. However, we cannot entirely eliminate security risks associated with the storage and transmission of Personal Data.

Legal Basis for Data Processing

Under GDPR, we base the processing of your data on the following legal principles:

• Your consent, if given (Art. 6 para. 1 lit. a) GDPR)

• The initiation or execution of a contract with you (Art. 6 para. 1 lit. b) GDPR)

• Fulfillment of a legal obligation (Art. 6 para. 1 lit. c) GDPR)

Storage Period of Collected Data

We store your data based on the following criteria:

• With your consent, until you revoke it.

• For contract execution, as long as the contractual relationship exists or legal retention periods apply.

• Based on a justified interest, until your interest in deletion or anonymization prevails.

• Based on legal obligations, until the end of those obligations.

Data Sources

Along with data received from you, we gather data from publicly accessible sources, your devices, and third parties. The list of data received includes, but is not limited to:

• Name, surname, date of birth, phone number, email, address, registration date, first visit date, session times and dates, language preferences, total active System time, and newsletter subscription agreement.

Your Rights as a Data Subject

Under GDPR:

• You can request free information about the processing of your data.

• Correct your data.

• Delete or block your data.

• Restrict the processing of your data.

• Object to the processing of your data.

• Revoke your consent for future processing.

• Complain to the competent supervisory authority about unauthorized data processing.

Data Forwarding

We cooperate with various service providers for the operation of our online presence, System, and Services. Your data is only forwarded as necessary for contractual obligations or legal requirements. We do not sell any Personal Data.

Services for Operation

• Data Storage and Server Provider

• Development Services Provider

• Customer Support Software Provider

• Email Provider

• Payment Processing Tools

• Order Processing Tools

• Receivables Management

• Call Center Services

• Newsletter Providers

• Translation Services

• Telecommunications Providers

• Postal Services

• Bookkeeping and Invoicing Services

• Legal, Audit, and Tax Advisors

Transfer to Recipients Outside the EEA

We transfer personal data to countries outside the European Economic Area (EEA) where adequate protection levels are confirmed or guaranteed through agreements.

Evomi is the Data Controller under GDPR, processing Personal Data in line with this Privacy Policy. If you have concerns or questions about data processing, contact us.

For All Questions Regarding Data Protection

For questions about our data protection measures or your rights, contact our data protection officer:

• Email: hello@evomi.com

For particularly sensitive concerns, contact us by post, as email communications can have security vulnerabilities.

Consent as Basis for Processing

We may ask for your consent to process your Personal Data. Consent can be indicated in various ways including ticking a box when providing Personal Data or registering. You can withdraw your consent at any time.

Identity Verification

We use third-party services for identity verification to meet KYC and AML regulations:

• Stripe: https://stripe.com/privacy

Email Hosting

We use various services for email hosting and internal communications, including:

• Brevo (formerly Sendinblue) for email communications: https://www.sendinblue.com/legal/privacypolicy/

• Google Workspace for email hosting: https://policies.google.com/privacy

Payment Processing Tools

For processing payments, we use:

• Stripe: https://stripe.com/privacy

Communication Tools

We use various tools for internal team communication, customer support, and analytics, including:

• Slack: https://slack.com/privacy-policy

• Intercom: https://www.intercom.com/legal/privacy

• Google Analytics: https://policies.google.com/privacy

• Posthog: https://posthog.com/privacy

• Microsoft: https://privacy.microsoft.com/en-gb/privacystatement

Marketing Communication

Where legally required, we ask for your consent before sending promotional materials. You can revoke your consent at any time. Additional use of Personal Data not described here will only occur with statutory requirements or your consent.

Legal Basis for Processing under GDPR

We process Personal Data on several legal bases depending on the nature of data and processing activities involved. Details on the legal bases can be found in the section above.

Right to Lodge a Complaint

We encourage you to contact us directly to address concerns. However, you also have the right to lodge a complaint with a competent data protection supervisory authority.

Changes to This Policy

We may update this Privacy Policy to comply with data protection laws. We will notify you of any changes via email. We always use your Personal Data in accordance with GDPR requirements and the Policy in effect when you submitted the information unless you consent to changes.

Contact Us

For privacy-related questions, please contact us:

• Email: hello@evomi.com

• Contact Us form on our website