Privacy policy

Last updated: March 2026

This privacy policy applies to the Evraka Word Add-in, the office.evraka.ai website, and related services. It describes how we collect, use, store, and protect your information.If you are in Türkiye, OzenTek Yazilim Bilisim Sanayi ve Ticaret Ltd. Sti. is your contracting party, owns the Evraka product and offering for users in Türkiye, and is responsible for that offering and for meeting Turkish legal obligations (including personal data law) as described under Users in Türkiye. If you are not in Türkiye, these services are provided by TekinC Oy.

Scope

This policy applies to data handled by the Evraka Word add-in (frontend and backend) and the Firebase/Firestore backend. It covers user-created content (such as chat history and playbooks) and account or usage metadata needed to operate the service.

Data we collect

• Account identifiers: email address, display name, provider type, and tenant ID (when available).
• Authentication: access or ID tokens used to authenticate your requests.
• Chat history: conversation titles, messages, timestamps, task context, and assistant responses.
• Playbooks: templates, instructions, metadata, and timestamps you create.
• Usage metrics: token usage and cost estimates, when enabled.

Why we use your data

• To authenticate you and control access to the service.
• To provide core features: draft/review/redline workflows, chat assistance, and playbook management.
• To sync and persist your data so you can access playbooks across sessions.
• To keep your data secure (including encryption and access controls).

Where we store your data

On your device (local):

• Office runtime storage and Office roaming settings (when available).
• Office document settings for playbooks.
• In-memory cache for the current session.

In the cloud (remote):

• Firestore in a users/{uid} document: encrypted playbooks, encryption key metadata, user profile fields, and usage metrics.

Encryption at rest

Chat history and playbooks are encrypted before they are stored. We use AES‑256‑GCM via the Web Crypto API. Encryption happens in the add-in on your side; data is decrypted only for your authenticated session. We use a unique encryption key per user, stored in a way that restricts access to you.

Access controls

Storage keys are scoped to your user account. Firestore access is restricted so only you can read or write your data. We use tokens to authenticate requests to our backend.

Data retention

• Local chat history: until you clear it or sign out.
• Local playbooks: until you delete them or sign out.
• Remote playbooks: until you delete them in Firestore.
• User profile and usage metadata: retained to support your account and usage tracking.

Your choices and controls

• Clear chat: You can delete conversations in the add-in.
• Sign out: Clears locally stored tokens, chat history, and playbooks.
• Playbooks: You can add, update, or delete playbooks at any time.

Your rights (GDPR, CCPA, and KVKK)

Under GDPR you have rights to access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with a supervisory authority. Under CCPA you have rights to know, delete, correct, and (where applicable) opt out of sale or sharing, and to non‑discrimination. If you are in Türkiye and OzenTek is your controller under Users in Türkiye, you also have rights under the Turkish Law on the Protection of Personal Data (KVKK), including applying to the Personal Data Protection Authority (KVKK).

How to submit a request: Email hi@evraka.ai (primary) or hi@evraka.ai (security). Include your account email and a clear description of your request. We may ask for additional information to verify your identity. We respond to GDPR requests without undue delay and within one month, and to CCPA requests within 45 days (with an extension when permitted).

International data transfers

Data may be processed or stored in locations where our providers (e.g. Firebase/Google, Microsoft, Google identity services) operate. When data is transferred outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses. You can request details about transfer safeguards via the contact details above.

Do not sell or share (CCPA/CPRA)

We do not sell your personal information. We do not share your personal information for cross‑context behavioral advertising. If this changes, we will update this policy and provide an opt‑out mechanism.

Data controller

TekinC Oy (for users outside Türkiye)
Rantaharju 10F 171, 02230 ESPOO, Finland
Primary contact: Tekin Çağın Uyan, hi@evraka.ai, +358408711890
Security contact: hi@evraka.ai, +358408711890

Users in Türkiye

If you are located in Türkiye, your use of the Evraka services and this privacy policy bind you to OzenTek Yazilim Bilisim Sanayi ve Ticaret Ltd. Sti. (“OzenTek”). OzenTek is a separate legal entity from TekinC Oy. For Türkiye, OzenTek is the owner of the Evraka product and offering made available to you, your contracting party, and the party responsible to you for that offering and for compliance with Turkish law. For the processing of your personal data in connection with the Evraka services offered to you in Türkiye, OzenTek is the data controller under KVKK. TekinC Oy may provide technical infrastructure or process data only as a processor or under other arrangements with OzenTek, without merging the two companies into one legal relationship with you. Your first point of contact for privacy requests as a user in Türkiye is hi@evraka.ai unless we publish a Türkiye-specific contact.

Processors and subprocessors

We use the following types of services: Firebase/Firestore (Google) for authentication and storage; Microsoft identity services (when you sign in with Microsoft); Google identity services (when you sign in with Google).

Changes to this policy

We update this document when our data processing changes (for example, encryption, storage, or new data categories). The “Last updated” date at the top reflects the latest version.