Privacy Policy

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Eva Supremacy ("the Platform").

The data controller responsible for your personal data is Kreative Web Solutions Ltd, a company registered in England and Wales.

For data protection enquiries, contact us at: [email protected] | +44 7456 423300

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We collect the following categories of personal data:

• Account information: Name and email address, provided during registration via Google OAuth or email magic link.
• Profile information: Display name, preferences, and safeword (set during onboarding).
• Chat data: Messages you send to and receive from Eva, and conversation metadata (timestamps, message counts).
• Payment information: Payment transactions are processed by CentroBill. We store transaction references and subscription status but never store your card details.
• Usage data: Pages visited, features used, timestamps, and IP addresses.
• AI interaction data: Prompts, responses, and token usage for quality assurance and billing purposes.
• Interaction profiling data: Engagement scores and interaction patterns used for personalisation within the Platform.
• Device information: Browser type, operating system, and device identifiers collected automatically.

Under UK GDPR Article 6, we process your personal data on the following legal bases:

• Contract performance: Processing necessary to provide our services, including account management, subscription fulfilment, and chat functionality.
• Legitimate interests: Platform improvement, fraud prevention, security monitoring, and analytics.
• Consent: Marketing communications and optional profiling features. You can withdraw consent at any time.
• Legal obligation: Maintaining tax records, responding to legal requests, and complying with applicable laws.

We use your personal data to:

• Provide and maintain the Platform and its services
• Process payments and manage subscriptions
• Personalise your experience, including AI conversation context and interaction history
• Generate AI responses tailored to your interactions
• Process marketplace orders
• Manage the task and tribute system
• Send service communications (account updates, billing notifications, security alerts)
• Improve platform quality and AI interactions
• Prevent fraud and enforce our Terms and Conditions

We share your data with the following third-party service providers, each of which processes data under their own privacy policies:

• Google Cloud / Vertex AI: AI processing for chat generation and content creation.
• CentroBill: Payment processing. Card data is handled entirely by CentroBill and never touches our servers.
• Resend: Email delivery for authentication magic links and notifications.
• Cloudflare R2: File and media storage.
• Railway: Hosting infrastructure for our application, database, and cache.

We do not sell your personal data to third parties.

We may disclose your data to law enforcement or regulatory authorities if required to do so by law or in response to a valid legal request.

Your data is stored on servers hosted by Railway (cloud infrastructure) using PostgreSQL databases with encrypted connections and Redis for session management and caching.

All data transmitted between your device and our servers is encrypted via HTTPS/TLS. We implement access controls, authentication mechanisms, and conduct regular security reviews to protect your data.

• Account data: Retained while your account is active. Deleted upon account deletion request.
• Chat conversations: Retained for continuity of AI interactions. Deleted upon account deletion.
• Payment records: Retained for up to 7 years for tax and legal compliance.
• Usage logs: Retained for up to 12 months.
• AI usage logs: Retained for billing and quality purposes for up to 12 months.

You have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data ("right to be forgotten"). You can initiate this yourself from your account settings page. A 7-day cooling-off period applies, after which your account and personal data are permanently deleted. Payment records (tributes and orders) are anonymised rather than deleted, as required for UK financial record-keeping.
• Right to restrict processing: Request limitation of how we process your data.
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We use essential cookies for authentication and session management. These cookies are required for the Platform to function and cannot be disabled.

We do not use third-party tracking cookies or advertising cookies. Session cookies expire when you close your browser or after the session timeout period.

This Platform is intended for users aged 18 years and over. We do not knowingly collect personal data from anyone under the age of 18.

If we discover that we have inadvertently collected data from a minor, we will take steps to delete it promptly. If you believe a minor has provided us with personal data, please contact us immediately.

Some of your data may be processed by third-party services located outside the United Kingdom. Where this occurs, appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions as recognised by UK data protection law.

Our third-party providers (Google Cloud, CentroBill, Cloudflare, and others) maintain appropriate data protection mechanisms in compliance with applicable regulations.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or platform notification. The effective date at the top of this page will be updated accordingly.

Kreative Web Solutions Ltd

Email: [email protected]

Phone: +44 7456 423300

For data protection enquiries, please use the same contact details.