Privacy Policy
Last updated: 1st of March 2026
Introduction
Welcome to Evald Sand Media (“we,” “our,” or “us”). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our freelance finance management application (the “Service”).
We operate in compliance with the General Data Protection Regulation (GDPR) and other applicable European Union data protection laws.
Data Controller
Information We Collect
Account Information
When you create an account, we collect:
- Full name
- Email address
- Password (encrypted)
- Business name (if applicable)
- Country of residence
Financial and Business Data
To provide our freelance finance management services, we collect and process:
- Invoice details (client names, amounts, dates, descriptions, payment status)
- Quotation information (proposed services, pricing, terms)
- Transaction records (income, expenses, payment dates)
- Client and vendor contact information
- Tax-related information you choose to enter
Important:
We do not collect or store your bank account details, credit card numbers, or other direct financial account credentials.
Payment Information
When you subscribe to our paid services, payment processing is handled by Stripe, our third-party payment processor. We receive only:
- Confirmation of successful payment
- Subscription status
- Billing country
We do not have access to your full payment card details.
Usage Data
We automatically collect:
- Log data (IP address, browser type, access times)
- Device information
- Feature usage patterns
- Error reports and performance data
How We Use Your Information
We process your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing and maintaining the Service | Performance of contract |
| Processing invoices and financial records | Performance of contract |
| Managing your account and subscription | Performance of contract |
| Sending service-related communications | Performance of contract |
| Improving and developing the Service | Legitimate interest |
| Ensuring security and preventing fraud | Legitimate interest |
| Complying with legal obligations | Legal obligation |
| Sending marketing communications (with consent) | Consent |
Data Storage and Security
Where We Store Your Data
Your data is stored on secure servers located within the European Economic Area (EEA). If any data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
How We Protect Your Data
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit and at rest
- Regular security assessments
- Access controls and authentication measures
- Regular backups
- Staff training on data protection
Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:
- Account data: Retained until you delete your account, plus 30 days for backup purposes
- Financial records: Retained for 7 years after creation to comply with tax and accounting regulations
- Usage data: Retained for 24 months from collection
After these periods, data is securely deleted or anonymised.
Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of Access
- Request a copy of the personal data we hold about you.
- Right to Rectification
- Request correction of inaccurate or incomplete data.
- Right to Erasure
- Request deletion of your personal data (subject to legal retention requirements).
- Right to Restrict Processing
- Request that we limit how we use your data.
- Right to Data Portability
- Receive your data in a structured, machine-readable format.
- Right to Object
- Object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent
- Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, please contact us at me@evaldsand.com. We will respond within 30 days.
Sharing Your Data
We do not sell your personal data. We may share your data with:
- Service providers: Hosting, payment processing, email delivery, and analytics providers who process data on our behalf under strict contractual terms
- Legal requirements: When required by law, court order, or governmental authority
- Business transfers: In connection with a merger, acquisition, or sale of assets (you will be notified of any such change)
Cookies and Tracking
We use essential cookies to ensure the Service functions properly. We may also use analytics cookies to understand how you use our Service. You can manage cookie preferences through your browser settings.
For more details, please see our Cookie Policy.
Children's Privacy
Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have collected data from a child, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. The “Last updated” date at the top indicates when the policy was last revised.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
Data Protection ContactEvald Sand Media
Amsterdam
Netherlands
Email: me@evaldsand.com
Supervisory Authority
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection supervisory authority.