Evoluna
Last updated: 24.03.2026

Privacy Policy

Introduction

XPERT MEDIA OÜ (registry code 12852895, address Tornimäe tn 5, 10145 Tallinn, Estonia), hereinafter "Evoluna", "we" or "platform", operates the website evoluna.app. This privacy policy explains how we collect, use, store, and protect your personal data in accordance with the European Union General Data Protection Regulation (GDPR) and Estonian data protection laws.

Platform Role

Evoluna is a marketplace platform that connects users with independent specialists (mentors, coaches, consultants). We are not the provider or employer of these services. Specialists are independently responsible for the content, quality, and any data processing that occurs within their services. Evoluna acts as a data controller for the data necessary for platform operations.

What Data We Collect

Account Data

  • Name
  • Email address
  • Profile picture (optional)
  • Password (encrypted)
  • Language preference

Authentication Data

  • Google OAuth data (if using Google login)
  • Apple Sign-In data (if using Apple login)
  • Session data and cookies

Service Usage Data

  • Booking history
  • Reviews and ratings
  • Favorites and preferences
  • Session reflections and notes
  • Development plans and achievements
  • Assessment results and dimension scores
  • Profile visibility preferences
  • AI match scores and explanations
  • Referral data (referrer, referee, status)
  • Custom profile URL (vanity URL)
  • Campaign and discount redemption data

Subscription Data

  • Subscription tier (Basic/Standard/Premium)
  • Billing period and history
  • Subscription status and changes
  • Trial period data
  • Custom package data (content, price, status)

Payment Data

  • Transaction history (via Stripe)
  • Invoice data
  • Subscription recurring payment data
  • Custom package payment data
  • The platform does not store your bank card details – these are securely processed by Stripe

Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Timezone (auto-detected)
  • Visit statistics (Google Analytics)
  • Terms acceptance metadata (version, timestamp, IP)

Legal Basis for Processing

We process your data on the following GDPR Article 6 grounds:

Contract Performance

To manage your account, service bookings, subscriptions, and custom packages.

Consent

For sending marketing communications, using analytics cookies, and managing profile visibility settings.

Legitimate Interest

To ensure platform security, prevent fraud, improve services, and for AI-based matching and recommendation generation (GDPR Art. 6(1)(f)).

Legal Obligation

To comply with accounting and tax laws.

Data Sharing with Third Parties

We share your data with the following trusted partners:

PartnerPurposeLocation
StripePayment processing and securityUSA/EU
GoogleAuthentication (OAuth) and analyticsUSA/EU
AppleAuthentication (Sign-In with Apple)USA/EU
CloudflareSecurity and bot protection (Turnstile)USA/EU
Abacus.AIPlatform hosting, infrastructure, and AI services (LLM API for match explanation generation and chatbot functionality)USA

All third parties are required to comply with GDPR requirements, and we have data processing agreements in place with them.

Data Retention

Account dataUntil account deletion + 30 days
Booking history7 years (accounting law)
Payment data7 years (accounting law)
Subscription history7 years (accounting law)
Custom package data7 years (accounting law)
ReviewsUntil specialist account deletion
AI match resultsUntil account deletion
Referral historyUntil account deletion
Campaign redemption data2 years
Analytics data26 months (Google Analytics standard)

Your Rights

Under GDPR, you have the following rights:

Right of Access

The right to obtain information about what data we process about you.

Right to Rectification

The right to request correction of inaccurate data.

Right to Erasure

The right to request deletion of your data ("right to be forgotten").

Right to Restrict Processing

The right to restrict processing of your data in certain situations.

Right to Data Portability

The right to receive your data in a structured, machine-readable format.

Right to Object

The right to object to processing based on legitimate interest.

Right to Withdraw Consent

The right to withdraw given consent at any time.

To exercise your rights, contact us at [email protected]

Data Security

We use the following measures to protect your data:

  • SSL/TLS encryption for all data transfers
  • Password hashing with bcrypt algorithm
  • Regular security audits
  • Limited data access (need-to-know basis)
  • CAPTCHA protection (Cloudflare Turnstile)

Cookies

We use cookies for platform functionality and to improve user experience. For detailed information, please see our cookies policy.

Minors

The Evoluna platform is intended only for adult users (18+). We do not knowingly collect personal data from persons under 18. If we become aware that a person under 18 has created an account, we will delete that account and associated data.

Profile Visibility Settings

Evoluna allows you to control what data is displayed on your public profile.

Displaying assessment results on your profile is disabled by default. You can choose to show your assessment results on your public profile by enabling the corresponding option in your dashboard. Only the assessment name, profile type, and overall score are displayed publicly – detailed answers, dimension scores, and internal analyses are not shown.

You have full control over which assessment results are visible. You can change your visibility preferences at any time from your dashboard (Assessments section).

If you enable assessment results to be displayed on your public profile, the platform will share this information with anyone who views your profile. We recommend carefully considering what information you wish to share publicly.

Profile visibility settings are based on GDPR Article 6(1)(a) (consent). Withdrawal of consent (disabling visibility) immediately removes the data from your public profile.

Automated Decision-Making and Profiling

In accordance with GDPR Article 22, we inform you about automated decision-making and profiling.

Evoluna uses an AI-based matching system that analyzes your assessment results and specialist profile data to generate personalized recommendations. This constitutes profiling within the meaning of GDPR.

AI matching is NOT fully automated decision-making: AI provides recommendations and explanations, but the final choice is always made by the user. AI recommendations do not have legal or similarly significant effects.

You have the right to:

Request human intervention in reviewing AI recommendations

Challenge AI recommendations

Opt out of AI-based matching through profile settings

Obtain information about the logic of AI matching

Data used for AI matching: assessment dimension scores, goals, preferences, and specialist competency profiles. AI-generated explanations are stored and used solely for displaying recommendations to you.

Marketing Communications

We may send you marketing communications and newsletters about Evoluna services, offers, and updates.

We ask for your explicit consent to send marketing communications during registration. Consent is not required to create an account – you can use the platform without receiving marketing emails.

You have the right to opt out of marketing communications at any time by changing settings on your profile page (Security tab) or by contacting us.

We do not send marketing communications more frequently than once a month and we respect your privacy.

All marketing communications are sent on the basis of GDPR Article 6(1)(a) (consent). Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Data from Public Professional Directories

Evoluna may import specialist data from public professional directories and registries (e.g., Estonian Association of Supervision and Coaching, Estonian Psychologists' Association, kutsekoda.ee, etc.) to create so-called "unclaimed profiles" on the platform.

Legal basis: GDPR Article 6(1)(f) – the controller's legitimate interest in providing users with a comprehensive overview of available specialists. The data source is always public and verifiable. The full Legitimate Interest Assessment (LIA) is available at evoluna.app/legal/lia.

Evoluna uses artificial intelligence (AI) technology to analyze, systematize, and enrich imported data – for example, extracting skills and competencies from bios. The AI-based analysis and resulting profile structure are Evoluna's intellectual property.

Imported data: name, specialty/field, qualifications, contact information (if publicly available), source URL.

Unclaimed profiles are clearly marked and include information about the data source. Bookings are not possible through unclaimed profiles.

Your rights as an unclaimed profile subject:

Claim the profile – you can claim the profile and manage it yourself

Data rectification – you can request correction of inaccurate data

Data erasure – you can request complete removal of your data from the platform

Object to processing – you can object to the processing of your data

To exercise your rights, visit our privacy request page at evoluna.app/privacy-request or contact us at [email protected].

In accordance with GDPR Article 14, we notify individuals whose data has been imported within 14 days after the data has been added to the platform.

If an unclaimed profile is neither claimed nor deleted, we will automatically remove it after 12 months.

Changes to Privacy Policy

We may update this privacy policy from time to time. For significant changes, we will notify you via email and/or through the platform. We recommend checking this page regularly.

Contact

For questions regarding your personal data, contact:

XPERT MEDIA OÜ

Tornimäe tn 5, 10145 Tallinn, Estonia

[email protected]

You also have the right to file a complaint with the Data Protection Inspectorate (www.aki.ee) if you believe your rights have been violated.

Terms of ServiceCookies Policy