Privacy Policy

From you: the email and password used to sign in, your name and company name, and basic usage analytics.

Product data you enter: the products you add and the answers you give about materials, intended use, hazards, markets, and languages, plus the documents EUProof generates from those answers.

When you upgrade to a paid plan, our payment processor Polar collects billing details (cardholder name, billing address, country, tax IDs, last four of card). We never see or store your full card number.

We use your data only to operate EUProof: generating GPSR documents from your answers, storing those documents, emailing you about your account, and measuring aggregate usage.

Our legal bases under the GDPR are: performance of our contract with you (to run your account and generate your documents); your consent (for non-essential analytics cookies, which you can withdraw at any time); and our legitimate interests (to keep the service secure, prevent abuse, and understand aggregate usage). Where Polar processes your billing data, it does so to meet its own legal and tax obligations.

We do not sell your data. We do not share it with advertisers. We do not use it to train AI models.

Passwords are hashed with bcrypt. Generated documents are stored in encrypted object storage and served via short-lived signed URLs. All connections use TLS 1.3.

We share data only with the sub-processors required to deliver the service:

Email delivery (Resend): your email address and the email body for account, billing, and trial notices.

Payment processor and merchant of record (Polar Software Inc.): billing details, country, email, and product slug for paid subscriptions. Polar collects, processes, and remits applicable VAT and sales tax on our behalf.

AI processing (Google): we use the Google Gemini API to help draft document text from the answers you enter. Google processes your inputs to return a result to us and, under its paid-API terms, does not use that content to train its models. We may add or change AI providers and will update this list when we do.

Hosting and storage providers under standard data processing agreements.

We use Google Analytics 4 (GA4) to measure aggregate, anonymized usage of euproof.com. GA4 sets a first-party cookie that assigns your browser a pseudonymous client ID. We have IP anonymization enabled.

We do not currently run advertising pixels (no Meta Pixel, no Google Ads conversion tag, no LinkedIn Insight Tag, no TikTok Pixel). The 'Your privacy choices' link in the footer pre-wires an opt-out for advertising cookies so the control exists if we ever add one.

We honor the Global Privacy Control (GPC) browser signal. If your browser sends GPC, we automatically opt you out of advertising cookies before any are set.

You can opt out of GA4 across all sites with Google's official opt-out add-on: https://tools.google.com/dlpage/gaoptout

If you are in the European Economic Area or the United Kingdom, you have rights under the GDPR and UK GDPR: the right to access your personal data, correct it, erase it, restrict or object to its processing, and receive it in a portable format.

Where we rely on consent (for example, non-essential analytics), you can withdraw it at any time. You also have the right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, email privacy@euproof.com. We respond within one month.

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of any 'sale' or 'sharing' of it for cross-context behavioral advertising.

We do not sell your personal information and we do not share it for cross-context behavioral advertising. We will honor any opt-out request regardless. To exercise your rights, email legal@euproof.com or use the 'Your privacy choices' link in the footer.

Generated documents are kept for as long as your account is active, so you can re-export them for the 10-year GPSR record-keeping requirement. You can delete any document or your whole account at any time.

Trial accounts that expire and are not converted to paid have their product and document data deleted on day 21 (14-day trial + 7-day grace).

Billing records (invoices, transaction IDs) are retained for as long as required by tax and accounting law in the jurisdictions where you and Polar operate.

You can access your data, correct inaccuracies, export your documents as PDFs, and delete your account from within the app. Email privacy@euproof.com if you need help.

We use a session cookie for authentication and a locale cookie to remember your language preference. See section 5 for analytics cookies.

EUProof is operated globally, including from regions outside the EEA and UK. By using the service you consent to the transfer of your data to the regions where our infrastructure and sub-processors operate, subject to appropriate safeguards such as Standard Contractual Clauses where required.

Privacy questions: privacy@euproof.com.