Privacy Policy

Last updated: January 6, 2026

This Privacy Policy describes how EVOWEB, UNIPESSOAL LDA (“Company”, “we”, “us”, or “our”) collects, uses, and discloses your information when you use the website https://evoweb.ai and related services (the “Service”).

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), Portuguese Law No. 58/2019, and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

EVOWEB, UNIPESSOAL LDAPortugalEmail: [email protected]

We have not appointed a Data Protection Officer (DPO) because, based on our current processing activities, we are not required to do so under the GDPR and Portuguese Law No. 58/2019.

Supervisory authority in our main establishment:Comissão Nacional de Proteção de Dados (CNPD), Portugal.

2. Information We Collect

We may collect the following categories of personal

2.1 Information You Provide

  • Name
  • Email address
  • Company name
  • Account credentials
  • Messages or inquiries sent via forms or email
  • Billing-related information (processed via third-party providers)

Providing your email address is necessary to create and manage your account and to perform the contract for the use of the Service.account for you.

2.2 Automatically Collected Information

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and interaction data
  • Referring URLs
  • Date and time of access

2.3 Content You Generate

When using EvoWeb.ai, you may submit text, prompts, images, or other materials for AI-powered website generation. This content may be processed to provide the Service.

3. Purpose of Data Processing

We process your personal data for the following purposes:

  • To provide and operate the Service
  • To create and manage user accounts
  • To generate AI-powered websites and related content
  • To communicate with you regarding your account or inquiries
  • To provide customer support
  • To improve, optimize, and secure the Service (including analytics and debugging)
  • To prevent fraud and abuse
  • To comply with legal obligations
  • To analyze usage and performance metrics

4. Legal Basis for Processing (GDPR)

We process personal data on the following legal bases under Article 6 GDPR:

  • Account creation and Service provision: performance of a contract (Article 6(1)(b) GDPR).
  • Customer support and communication: performance of a contract and/or our legitimate interests in operating the Service (Article 6(1)(b) and 6(1)(f) GDPR).
  • Analytics, service improvement and security: our legitimate interests in operating, improving and securing the Service (Article 6(1)(f) GDPR). You can object to such processing at any time where your rights override our interests.
  • Marketing communications (e.g. newsletters, product updates): your consent (Article 6(1)(a) GDPR), which you can withdraw at any time, for example by using the “unsubscribe” link in our emails.
  • Compliance with legal obligations: processing is necessary to comply with legal obligations, including tax and accounting rules (Article 6(1)(c) GDPR).

Where we rely on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5. AI & Automated Processing

EvoWeb.ai uses artificial intelligence and automated systems to generate website content, layouts, and structures.

  • AI processing is performed only to deliver the requested Service (e.g. generating website content based on your prompts and inputs).
  • We do not use your content to identify individuals.
  • We do not sell AI-generated or user-provided data.
  • Your content may be processed by third-party AI providers solely to provide the Service, under data processing agreements and appropriate safeguards.
  • Automated processing does not produce legal or similarly significant effects concerning you without human involvement, and we do not take decisions based solely on automated processing that significantly affect you within the meaning of Article 22 GDPR.

If in the future we introduce decisions based solely on automated processing with legal or similarly significant effects, we will provide additional information, ensure human intervention, and allow you to contest such decisions in accordance with GDPR.

6. Data Sharing and Third Parties

We may share your data with trusted third parties only when necessary for the purposes described in this Policy:

  • Hosting and infrastructure providers
  • Analytics and monitoring services
  • Payment processors and billing providers
  • Email delivery and communication tools
  • AI service providers (only for content generation)
  • Professional advisers (legal, accounting, etc.), where necessary
  • Authorities or third parties, where required by law or necessary to protect our rights

All third parties are contractually bound to comply with data protection regulations and to process personal data only on our documented instructions.

Where possible, we use providers located in the European Economic Area (EEA). If providers are located outside the EEA (for example, in the United States), we ensure appropriate safeguards for international transfers, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms under GDPR.

7. International Data Transfers

Your data may be processed outside the European Economic Area (EEA), for example by our hosting, analytics, communication or AI service providers.

When this occurs, we ensure appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • GDPR-compliant data processing agreements
  • Additional technical and organizational measures, where necessary

You can obtain more information about these safeguards by contacting us at [email protected].

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law.

  • Account data (e.g. name, email, account settings): for the duration of your account being active and for a reasonable period afterwards (e.g. up to 3 years) for support, security and record-keeping purposes, unless we are required by law to keep it longer.
  • Generated content: according to your account settings and for as long as necessary to provide the Service. You may delete projects or content at any time via your account, where available.
  • Billing and legal data (e.g. invoices, transaction records): as required by applicable tax and accounting laws (often 7–10 years, depending on jurisdiction).
  • Marketing data (e.g. email newsletter lists): until you withdraw consent or unsubscribe, plus a short period to record your opt-out choice.

When data is no longer needed, it will be deleted or irreversibly anonymized in accordance with our data retention procedures.

9. Your Rights Under GDPR

You have the following rights under GDPR, subject to certain conditions:

  • Right of access: to obtain confirmation whether we process your personal data and to receive a copy.
  • Right to rectification: to correct inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”): to request deletion of your personal data, where applicable.
  • Right to restriction of processing: to request that we restrict processing in certain situations.
  • Right to object: to object to processing based on our legitimate interests, including profiling, and to object at any time to processing for direct marketing.
  • Right to data portability: to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time.
  • Right to lodge a complaint: to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. In Portugal, the supervisory authority is CNPD (Comissão Nacional de Proteção de Dados).

To exercise your rights, please contact us at [email protected]. We may need to verify your identity before responding to your request.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service.

We use:

  • Essential cookies: necessary for the basic functioning of the Service (e.g. authentication, security, session management).
  • Analytics and performance cookies: to understand how the Service is used and to improve usability and performance.
  • Security and fraud prevention tools: to protect the Service and our users.

For non-essential cookies (such as analytics or marketing cookies), we will ask for your consent via a cookie banner when you first visit the website, in accordance with ePrivacy and GDPR requirements.can withdraw or change your cookie preferences at any time using the cookie settings available on the website, where implemented, or through your browser settings.

For more details, please see our separate Cookie Policy.

11. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encrypted connections (HTTPS/TLS)
  • Access controls and role-based access
  • Secure infrastructure and network protections
  • Regular system monitoring, logging and backups
  • Limiting access to personal data to authorized personnel and processors

However, no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

12. Children’s Privacy

The Service is not directed at children. We do not knowingly collect personal data from children.

Where we offer information society services directly to a child and rely on consent as the legal basis for processing, consent will only be valid if the child is at least 13 years old, in line with Article 8 GDPR and Portuguese Law No. 58/2019.steps to delete such information as soon as possible.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in law, our practices, or the Service.

Changes will be posted on this page with an updated “Last updated” date. Where changes are material, we may also notify you by email or other appropriate means.

We encourage you to review this Policy periodically to stay informed about how we process your personal data.

14. Contact Us

If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise your data protection rights, you can contact us at:

📧 [email protected]