EVA LocalBack to Home

Privacy Policy

Last updated: February 2026

1. Introduction

EVA Local (“we”, “us”, “our”) is operated by Sparkpoint Digital. We are committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store, and share your personal data when you use the EVA Local platform, including our website, progressive web app, and associated services (the “Platform”).

This policy is written in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We encourage you to read it carefully so you understand how your personal data is handled.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Platform.

2. Data Controller

For the purposes of UK GDPR, the data controller responsible for your personal data is:

  • Company: Sparkpoint Digital
  • Data Protection Email: privacy@evalocal.com
  • Registered Address: [To be confirmed]

If you have any questions or concerns about how we process your personal data, please contact us using the details above.

3. What Data We Collect

We collect different types of personal data depending on how you use the Platform:

Account Data

  • Full name and email address
  • Phone number (optional)
  • Account type (client or vendor)
  • Password (securely hashed — never stored in plain text)
  • Google account data if you sign in with Google (name, email, and profile picture as provided by Google)

Vendor Business Data

If you register as a vendor, we also collect:

  • Business name, description, and address
  • Service offerings and pricing
  • Profile and portfolio images
  • Availability and scheduling information
  • Bank account details for payouts (held securely by Stripe, not stored by EVA Local)

Booking & Transaction Data

  • Inquiry details, quotes, and booking information
  • Payment amounts, transaction references, and booking status
  • Messages exchanged between clients and vendors through the Platform

Important: Credit and debit card details are never stored by EVA Local. All payment data is processed and held securely by Stripe, our PCI-DSS compliant payment processor.

Automatically Collected Data

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited, time spent, and navigation patterns
  • Cookies and similar technologies (see Section 8)
  • Location data — only when you use the vendor search feature and grant permission. We use your postcode or browser location to find vendors near you. This data is not stored permanently.

4. How We Use Your Data

Under UK GDPR, we must have a lawful basis for processing your personal data. The table below sets out each purpose and the corresponding legal basis:

PurposeLegal Basis (GDPR)
Creating and managing your accountPerformance of contract — Art. 6(1)(b)
Processing bookings and paymentsPerformance of contract — Art. 6(1)(b)
Sending booking confirmations and status updatesPerformance of contract — Art. 6(1)(b)
Sending welcome and onboarding emailsLegitimate interest — Art. 6(1)(f) (onboarding new users)
Displaying vendor profiles publicly on the PlatformPerformance of contract — Art. 6(1)(b) (vendor agreed to list services)
Sending marketing communicationsConsent — Art. 6(1)(a) (only with your explicit opt-in)
Improving our Platform and servicesLegitimate interest — Art. 6(1)(f)
Preventing fraud and protecting Platform integrityLegitimate interest — Art. 6(1)(f)
Complying with legal and regulatory obligationsLegal obligation — Art. 6(1)(c)

Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms.

5. Who We Share Your Data With

We work with carefully selected third-party service providers to operate the Platform. We only share the minimum data necessary for each service:

ServicePurposeData SharedLocation
SupabaseDatabase & authenticationAccount data, bookings, messagesCloud (EU region)
StripePayment processingName, email, payment detailsUSA/EU (adequate safeguards)
ResendTransactional emailsEmail address, nameUSA
VercelWebsite hostingIP address, browser dataGlobal CDN
Leaflet / OpenStreetMapMap displayLocation searches (anonymised)Various
GoogleOAuth sign-in (if used)Name, email, profile pictureUSA

We do not:

  • Sell your personal data to any third party.
  • Share your data for advertising or behavioural targeting purposes.
  • Allow third parties to use your data for their own marketing.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or reliance on adequacy decisions issued by the UK Secretary of State.

6. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy, or as required by law:

Data TypeRetention Period
Active account dataDuration of your account + 2 years after deletion
Booking and transaction records7 years (UK tax and accounting requirements)
Messages and inquiries3 years after last activity
Payment records (held by Stripe)7 years (managed by Stripe)
Marketing consent recordsDuration of consent + 1 year
Automatically collected data (analytics, logs)26 months

When your data is no longer required, we securely delete or anonymise it. Anonymised data (which cannot identify you) may be retained indefinitely for statistical and analytical purposes.

7. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you (a “Subject Access Request”).
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete personal data.
  • Right to Erasure: You can ask us to delete your personal data (the “right to be forgotten”), subject to certain legal exceptions.
  • Right to Restrict Processing: You can ask us to temporarily limit how we use your data in certain circumstances.
  • Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format, or ask us to transfer it to another controller.
  • Right to Object: You can object to our processing of your data where we rely on legitimate interest as our legal basis.
  • Right to Withdraw Consent: Where processing is based on your consent, you can withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. EVA Local does not currently use fully automated decision-making.

How to Exercise Your Rights

To exercise any of these rights, please email us at privacy@evalocal.com. We will respond to your request within 30 days. There is no charge for exercising your rights, unless a request is manifestly unfounded or excessive.

We may need to verify your identity before processing your request. If your request is complex, we may extend the response period by a further 60 days and will inform you of the reason for the extension.

Right to Complain

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK’s supervisory authority:

  • Information Commissioner’s Office (ICO)
  • Website: ico.org.uk
  • Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.

8. Cookies

Cookies are small text files placed on your device when you visit a website. We use cookies to help the Platform function properly and to improve your experience.

Essential Cookies

These are required for the Platform to function and cannot be switched off. They include cookies for authentication, session management, and security. Without these cookies, the Platform cannot operate.

Analytics Cookies

These help us understand how visitors interact with the Platform, which pages are most popular, and where users experience difficulties. Analytics cookies are only placed with your consent.

What We Do Not Use

We do not use advertising cookies, tracking pixels, or third-party behavioural advertising technologies.

Managing Cookies

You can manage your cookie preferences through our cookie consent banner when you first visit the Platform, or at any time through your browser settings. Please note that disabling essential cookies may affect the functionality of the Platform.

9. Children’s Data

EVA Local is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18.

If we become aware that we have collected personal data from a child under 18, we will take steps to delete that data as promptly as possible. If you believe a child under 18 has provided us with personal data, please contact us at privacy@evalocal.com.

10. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:

  • All data transmitted between your device and the Platform is encrypted using HTTPS/TLS.
  • Passwords are hashed using industry-standard cryptographic algorithms and are never stored in plain text.
  • Database access is restricted, authenticated, and monitored.
  • Payment data is handled exclusively by Stripe, which is PCI-DSS Level 1 certified.
  • We conduct regular reviews of our security practices and infrastructure.
  • Access to personal data within our team is limited to those who need it to perform their duties.

While we take reasonable measures to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining the highest practical standards.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements.

Where we make material changes, we will notify you by email to the address associated with your account, and/or by posting a prominent notice on the Platform. The “Last Updated” date at the top of this page will always reflect when the latest version was published.

We encourage you to review this policy periodically to stay informed about how we protect your data.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

If you wish to raise a concern with the UK’s data protection authority:

  • Information Commissioner’s Office (ICO)
  • Website: ico.org.uk
  • Telephone: 0303 123 1113

If you have questions about how we handle your data, please contact us at privacy@evalocal.com. This privacy policy was last reviewed in February 2026. We recommend seeking independent legal advice if you have questions about your data protection rights.

Back to top