How we handle her data —
honestly.

1. Our four core principles

We built Eviga around a specific premise: a family is trusting us with the most personal possible record of a person they love. That trust is the foundation of the product. Everything below follows from four commitments:

• Her data is hers. Not ours, not a partner's, not an advertiser's. We are custodians, not owners.
• EU-hosted, EU-jurisdiction. All data stays in Europe. We do not transfer it to the United States or any other non-EU jurisdiction.
• No advertising. No selling. No model training. Her stories will never be used to make money for anyone outside the service that captured them.
• Deletion is fast and complete. She or you can request total deletion at any time. We act within 72 hours and confirm in writing.

2. What we collect

From the buyer (you)

• Your name and email address
• Billing details — handled by Stripe; we do not store full card numbers
• The recipient's name, your relationship to them, and their WhatsApp number
• The date you'd like the gift to begin
• Any optional personal note you choose to include with the first message
• Photos you upload to be woven into chapters

From the recipient (her)

• Her replies on WhatsApp — text, voice notes, photos, videos
• Metadata about those messages (timestamp, channel, language)
• Any biographical information she shares within the conversations themselves

Automatically

• Standard server logs (IP address, request times) on the website itself, retained 30 days for security purposes only
• A session cookie for the language switcher and the dismissed-sticky-bar state

3. Where her data lives

All Eviga data is hosted on EU servers in Frankfurt, Germany, under EU jurisdiction. We use established European cloud infrastructure providers with GDPR-compliant data-processing agreements.

• In transit: TLS 1.3 encryption between every system that touches her data
• At rest: AES-256 encryption on all stored data, including voice files, transcripts, and database records
• Backups: Mirrored to a second EU region for disaster-recovery purposes; equally encrypted
• No cross-border transfer: Her data does not cross to the US, the UK, or any other non-EU jurisdiction. We do not use US-based cloud regions even for "convenience"

4. What we use it for

Eviga uses her data only to deliver the service you bought. Specifically:

• To send her weekly questions on WhatsApp
• To listen to her answers and ask thoughtful follow-ups
• To weave her stories into draft chapters for the digital archive
• To produce the printed hardcover book
• To host the voice files referenced by QR codes in the book
• To allow you and invited family members to see, suggest prompts, and add photos via the dashboard
• To handle billing, refunds, and customer support

5. What we will never do

• We will not sell her data — to advertisers, data brokers, research firms, or anyone else
• We will not share it with advertising or analytics platforms — no Facebook Pixel, no Google Analytics on pages where the recipient interacts with Eviga, no third-party advertising trackers
• We will not use her data to train AI models — neither our own nor any third party's. See section 8 below
• We will not use her data for marketing — to her, to you, or to anyone else
• We will not enrich her profile from external sources — we do not buy data from data brokers, social-media analytics, or any other third-party source to add to what we know about her

6. Who has access

You and your invited family

You — the buyer — and any family members you explicitly invite to your dashboard can view her chapters, listen to her voice clips, suggest prompts, and add photos. You control invitations and can remove people at any time.

The Eviga team

We have technical access — we'd be lying if we said otherwise, since someone has to maintain the systems. Our team is small, GDPR-bound, and access is logged. We do not read individual stories unless you specifically ask us to help with something.

Sub-processors

We use a small number of EU-based sub-processors to deliver the service:

• WhatsApp Business API (Meta Ireland) — for delivering messages
• Stripe — for payment processing
• An EU-hosted cloud provider — for compute and storage
• An EU-based AI provider — for the language model that drafts chapters from her voice notes, bound by a data-processing agreement that prohibits training on customer data
• A European print-on-demand partner — for the physical hardcover production

7. Cookies and tracking

Eviga uses minimal cookies and avoids tracking technologies wherever possible:

• A session cookie for the language switcher
• A session cookie for the dismissed-sticky-bar state
• Stripe's standard cookies on the checkout flow (their privacy policy applies there)

We do not use Google Analytics, Facebook Pixel, or any third-party advertising tracker on the pages where she interacts with Eviga. We may use a privacy-respecting analytics provider (such as Plausible or Fathom, both EU-hosted, both cookie-free) to understand traffic patterns to the marketing site.

8. AI processing and model training

Eviga uses AI to weave her voice notes and messages into written chapters. We want to be specific about what this means for her data:

• Her voice clips and stories are not used to train any AI model — neither ours, nor any third party's
• Our AI provider operates under a data-processing agreement that explicitly prohibits training on customer data
• We use the AI provider's inference capability — it processes her stories to draft chapters, then forgets them
• If we ever wanted to train a model on real customer data, we would ask explicit, opt-in consent from each customer first. We have no current plans to do this

9. Sharing with the family

You can invite up to five family members (siblings, your kids, her sisters) to view the dashboard and contribute. Each invitee gets their own access; you control permissions and can remove people at any time. Family members you invite see her chapters, can suggest prompts, and can add photos. They cannot delete her data — only she or you can do that.

If she requests deletion, all family-member access is revoked at the same time.

10. How long we keep data

• Active subscription: Indefinite, while the service is being used. The voice files, chapters, and printed book remain accessible
• After deletion request: Within 72 hours, all voice clips, transcripts, draft chapters, photos, and database records are removed. Confirmed in writing
• Server logs: 30 days, then automatically purged
• Billing records: 7 years, as required by Swedish accounting law. These contain only invoice information, not story content
• Backup retention: Backups are rotated on a 30-day cycle; deleted data is purged from backups within 30 days of the deletion request

11. Your rights under GDPR

Under GDPR, you and the recipient each have the following rights regarding your respective data:

• Right to access: A copy of all data we hold about you
• Right to rectification: Correct any inaccurate data
• Right to erasure: Delete everything we have
• Right to data portability: Export your data in a machine-readable format (we provide MP3 voice clips, PDF chapters, and a ZIP of photos)
• Right to object: Object to specific uses of your data
• Right to withdraw consent: Stop the engagement at any time
• Right to lodge a complaint: With the Swedish Data Protection Authority (Integritetsskyddsmyndigheten / IMY)

To exercise any of these, write to radera@myeviga.com from the email associated with your account. We respond within 72 hours.

12. If Eviga ever shuts down

We have made specific arrangements to ensure that the printed book continues to function — that the QR codes continue to play her voice — even if Eviga as a company ceases to exist:

• We hold escrow with our cloud provider that maintains the voice files for 5 years past any company shutdown
• Before any wind-down, every customer would be sent an export of all their data: MP3 voice clips, PDF chapters, ZIP of photos
• We are committed to giving 90 days of notice before any service termination, and to refunding pro-rata on any unused engagement time

13. Children's data

Eviga is not directed at users under 18, and we do not knowingly collect data from minors. The product is intended for adults (typically 60+ as the storyteller, and 35–60 as the buyer). If you believe a minor's data has been collected, contact radera@myeviga.com and we will delete it.

14. Changes to this policy

We may update this policy from time to time, particularly as we move from this pre-launch summary to a formal lawyer-reviewed document. Material changes — anything that affects how we use her data, where it's stored, or who has access — will be communicated to you by email at least 30 days before they take effect.

15. Contact

For privacy questions: support@myeviga.com

For deletion requests: radera@myeviga.com

For complaints to a regulatory authority: Swedish Data Protection Authority (IMY)