We're accepting pilot partners — apply for early access
Evidencestack

Privacy Policy

Last updated: January 2026

At Evidencestack, we take your privacy seriously. This policy explains what information we collect, how we use it, and your rights regarding your data. We've written this in plain English because we believe you shouldn't need a lawyer to understand how your data is handled.

Information we collect

Account information

When you sign up, we collect your email address, name, and company name. This is used to create your account and communicate with you about the service.

Repository and project data

When you connect your development tools (GitHub, GitLab, Jira, Linear), we access:

  • Commit messages and metadata
  • Pull request titles and descriptions
  • Issue and ticket information
  • Project and repository names

Important: We use read-only access. We cannot modify your repositories, code, or tickets. We analyse metadata and descriptions to generate R&D narratives — we do not store or process your actual source code.

Usage data

We collect information about how you use Evidencestack, including pages visited, features used, and interactions with the platform. This helps us improve the product.

How we use your information

  • To provide and maintain the Evidencestack service
  • To generate R&D tax credit documentation from your development activity
  • To communicate with you about your account and the service
  • To improve and develop new features
  • To ensure security and prevent abuse

We do not sell your data. Your information is never sold to third parties for marketing or advertising purposes.

Data security

We implement appropriate technical and organisational measures to protect your data:

  • All data is encrypted in transit (TLS) and at rest
  • Access to data is restricted to authorised personnel only
  • We use secure, reputable cloud infrastructure providers
  • Regular security reviews and updates

Third-party services

We use a limited number of third-party services to operate Evidencestack:

  • Cloud hosting providers for infrastructure
  • Analytics tools to understand product usage
  • Communication tools for customer support

These providers are bound by data processing agreements and are only permitted to use your data as necessary to provide their services to us. We do not share your repository data with third parties.

Your rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of the data we hold about you
  • Correction: Ask us to correct inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain types of processing

To exercise any of these rights, contact us at [email protected].

Data retention

We retain your data for as long as your account is active or as needed to provide the service. If you close your account, we will delete your data within 30 days, except where we are required to retain it for legal or regulatory purposes.

You can revoke access to connected repositories at any time through your account settings or directly in GitHub/GitLab.

Cookies

We use cookies and similar technologies for:

  • Essential cookies: Required for the platform to function (authentication, security)
  • Analytics cookies: Help us understand how the platform is used

You can manage cookie preferences through your browser settings.

Changes to this policy

We may update this privacy policy from time to time. We will notify you of any significant changes by email or through the platform. The “Last updated” date at the top of this page indicates when the policy was last revised.

Contact us

If you have any questions about this privacy policy or how we handle your data, please contact us at [email protected].