Privacy Policy

Last updated: March 2026 · GDPR Article 13 compliant

Readix is committed to protecting the privacy of our users and processing all data in accordance with the EU General Data Protection Regulation (GDPR). This policy explains what data we collect, how we use it, and your rights as a data subject.

1. What Data We Process

▪

Invoice files (XML/PDF) — files you upload for compliance analysis. These are processed transiently and deleted immediately after analysis — they are never stored permanently.

▪

Your email address — required for account creation and authentication (processed via Supabase Auth).

▪

Payment data — processed exclusively by PayPal. Readix does not store card numbers or bank account details.

▪

Analysis results — the compliance findings generated from your invoice are stored in your dashboard until you delete them.

2. How Long We Store Data

Data type	Retention
Invoice files (XML/PDF)	Deleted immediately after analysis — no permanent storage
Analysis results	Stored in your dashboard until you request deletion
Account data (email)	Until you request account deletion
Payment records	Retained as required by EU tax law (7 years)

3. Where Data Is Processed

All data processing takes place within the European Union. Our infrastructure is hosted on EU-region servers. We use Supabase (EU region) for authentication and result storage. Invoice files are processed on EU-hosted compute and deleted immediately after analysis completes.

4. Legal Basis for Processing

▪Contract performance (Art. 6(1)(b) GDPR) — processing your invoice file and delivering the analysis report.

▪Legitimate interest (Art. 6(1)(f) GDPR) — maintaining service security and fraud prevention.

▪Legal obligation (Art. 6(1)(c) GDPR) — retaining payment records as required by EU tax law.

5. Your Rights (GDPR Article 13)

As an EU data subject, you have the right to:

▪Access: Request a copy of all personal data we hold about you.

▪Deletion: Request deletion of your account and all associated data.

▪Portability: Receive your data in a structured, machine-readable format.

▪Rectification: Correct inaccurate personal data we hold.

▪Objection: Object to processing based on legitimate interest.

To exercise any of these rights, contact: contact@readix.evidra.online. We will respond within 30 days.

6. Data Processing Agreement (DPA)

A Data Processing Agreement is available on request for enterprise customers or any customer who requires one for internal compliance purposes (e.g. DACH corporate procurement requirements).

Request a DPA: contact@readix.evidra.online

7. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics that identify individuals. You can dismiss our cookie notice at any time.

8. Contact & Supervisory Authority

For privacy questions or complaints: contact@readix.evidra.online

You also have the right to lodge a complaint with your local EU data protection supervisory authority if you believe your data has been processed unlawfully.

We value your privacy

We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.