Privatlivspolitik

1. Introduction

This Privacy Policy explains how Ejvin, owned by Pallas Studio, collects, uses, and protects personal data in connection with our SaaS platform for property management and AI-powered email automation.

We are committed to handling your personal information responsibly and transparently in accordance with the EU General Data Protection Regulation (GDPR).

Company details:

Ejvin (owned by Pallas Studio)

Pladehals Allé 7, 4. th., 2450 København SV, Denmark

Email: support@ejvin.com

CVR: (coming soon)

2. Data We Collect

Account Data

• Email address

• Password (hashed via Supabase Auth)

• Username

• Organization name

Property Management Data

• Property information (address, zip code, city, country)

• Tenant information (name, email, phone number)

• Contract files (PDFs and extracted text)

• Property notes (titles, content, AI embeddings)

Gmail Integration Data

• Gmail email address

• OAuth access and refresh tokens (encrypted)

• Email content (sender, recipient, subject, body, metadata)

• Message and thread IDs

AI Processing Data

• AI-generated draft responses

• Confidence scores and processing metadata

Cookies and Local Storage

• Session cookies for authentication (Supabase)

• LocalStorage for authentication tokens (“ejvin-auth”)

No analytics tools are currently used. This may change in the future, in which case this policy will be updated accordingly.

3. How Data Is Collected

• Account creation forms (Supabase Auth)

• Property and tenant input forms

• File uploads (contracts, notes)

• Gmail OAuth authorization (explicit user consent)

• Automatic email synchronization after Gmail OAuth consent

4. Purpose and Legal Basis

Purposes:

• To provide and operate the SaaS platform

• To allow users to manage properties, tenants, and contracts

• To generate AI-powered email responses

• To process uploaded documents and extract relevant content

• To ensure platform security and performance

Legal basis under GDPR:

• Contract: Processing necessary to deliver the service

• Consent: Gmail OAuth authorization for accessing and composing emails

• Legitimate interest: Service improvement, security, and fraud prevention

5. Data Sharing

We share personal data only with trusted third-party providers that help us operate and maintain Ejvin.

• Supabase – used for authentication, database, and storage. Process all user data. Hosted in the United States (AWS).

• Google APIs – used for Gmail integration. Processes email content, metadata, and OAuth tokens with explicit user consent. Hosted in the United States.

• OpenAI – used for generating AI embeddings and processing property notes. Hosted in the United States.

• N8N – used for workflow automation that supports AI responses. Processes limited email and tenant data. Hosted in the European Union.

• Neon – used for PostgreSQL database management. Data may be stored in the United States or the European Union.

Some providers are located outside the EU/EEA, primarily in the United States. All international data transfers are protected by Standard Contractual Clauses (SCCs) to ensure GDPR compliance.

6. Data Retention

• Active accounts: Data is retained for as long as the account remains active.

• Deleted accounts: All associated personal data is permanently deleted within 30 days after account deletion or upon user request.

• Gmail data: Retained only as long as Gmail integration is active.

• Uploaded files: Retained as long as the related property record exists.
  
  

  
  

7. Data Security

We take both technical and organizational measures to protect your data:

• SSL/TLS encryption (HTTPS)

• Encrypted storage of OAuth tokens

• Supabase Row Level Security (RLS)

• Password hashing (bcrypt)

• Organization-level access control

• API key security and least-privilege access
  
  
  

8. User Rights (GDPR)

Users have the right to:

• Access their data

• Rectify incorrect data

• Request deletion of their data

• Request data portability in a readable format

• Withdraw consent (e.g., disconnect Gmail integration)

To exercise these rights, contact us at support@ejvin.com.

We respond to all requests within 30 days as required by GDPR.

9. Cookies and Consent

Ejvin uses only essential cookies for authentication and functionality.

We are in the process of implementing a cookie consent banner to comply with EU regulations.

10. Children

Ejvin does not target or knowingly collect personal data from children under the age of 16.

11. Policy Scope

This Privacy Policy applies to the SaaS web application (app.ejvin.com) and all related services operated by Ejvin.

12. Changes to This Policy

We may update this policy from time to time. All significant changes will be communicated via our platform or email.