Privacy Policy
How we handle your data.
Effective date: May 19, 2026 · Last updated: May 19, 2026
Who we are
EVRiskIndex.com ("EV Risk Index", "we", "us", "our") is an independent consumer-advocacy publication and analysis service for electric vehicle owners and fleet operators. We are not affiliated with any vehicle manufacturer, dealer, insurance company, or regulator. This privacy policy describes how we collect, use, and protect your data across our public website, the Invoice Analyzer service, the Fleet Invoice Analyzer service, and related products.
What we collect
Information you provide directly
- Account information — email address, password (stored hashed), name (optional), and, for business accounts, business name and country of operation.
- Service invoices and supporting documents — when you submit an invoice for analysis (PDF, image, or text export), the document content is stored on our infrastructure for processing.
- Vehicle identifiers — VINs, make, model, year, and similar information you attach to an analysis.
- Payment information — processed by Stripe; we do not store full payment card details. We retain the transaction ID, amount, and date.
- Communications — when you email us or fill out a contact form, the message and your contact details.
Information collected automatically
- Basic web analytics — anonymized page views, browser type, referring page, country (not city or precise location).
- Security logs — IP address and login attempt records, retained for security and abuse prevention.
We do not collect biometric data, precise location data, browsing history outside our site, or social-graph information.
How we use your data
We use the data we collect strictly for:
- Providing the analysis service you purchased (the core purpose)
- Cross-referencing your invoice against publicly available recall, warranty, and service-bulletin data
- Returning structured analysis reports to your account
- Sending service-related communications (analysis completion, account alerts, billing receipts)
- Diagnosing problems with the service and improving it
- Detecting fraud and abuse
- Meeting legal obligations (tax records, regulatory inquiries)
We do not use your data to train AI models for unrelated commercial purposes, build psychographic profiles, or sell to data brokers.
Who we share with
We do not share your invoice contents, vehicle identifiers, or analysis reports with:
- Vehicle manufacturers or their representatives
- Dealers or dealer networks
- Insurance companies
- Aftermarket service providers
- Data brokers, marketing networks, or advertising platforms
We share data only with the following categories of recipients, and only as strictly necessary to operate the service:
- Payment processor (Stripe) — for transaction handling. Stripe receives only what it needs to process payment.
- Cloud hosting (Google Firebase, Firestore) — for storing your account and analyses. Data is encrypted at rest.
- Email delivery (transactional) — for service notifications. Email service providers do not access invoice contents.
- Legal disclosures — if compelled by valid legal process. We will notify you where legally permitted to do so.
Data retention and your account lifecycle
Data retention varies by product type. The policy below applies to your invoice uploads and analysis reports. Account profile information (email, business name) is retained for as long as your account exists and follows the same schedule after account closure.
Fleet Invoice Analyzer (annual subscription)
| Phase | Duration | Your access | Cost |
|---|---|---|---|
| Active | During paid subscription term | Full read, write, export | Subscription fee |
| Grace | 6 months after subscription end | Read-only export | Free |
| Cold storage | 24 months following grace | None until reactivation | Free, reactivatable |
| Deletion | After cold storage expires | Data is permanently deleted | — |
Reactivation during cold storage restores full access to all historical analyses and reports. After permanent deletion, data cannot be recovered.
Invoice Analyzer (consumer, one-off purchase)
| Phase | Duration | Your access | Cost |
|---|---|---|---|
| Active | While your account is active (logged in within 12 months of last activity) | Full read, write, export, purchase additional analyses | Per-analysis fee |
| Grace | 6 months after 12 months of inactivity | Read-only export | Free |
| Cold storage | 24 months following grace | None until reactivation | Free, reactivatable by purchasing a new analysis |
| Deletion | After cold storage expires | Data is permanently deleted | — |
Communications and analytics
- Email correspondence: retained for 24 months from the date of the most recent message.
- Web analytics: aggregated and anonymized; individual session data not retained beyond 26 months.
- Security and audit logs: retained for 24 months, longer where required by law.
- Transaction records: retained for 7 years to meet tax and accounting obligations.
Your rights
Subject to applicable law in your jurisdiction, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Export your invoices, analyses, and account data in a portable format
- Delete your account and your data, subject to retention requirements for legal compliance (transaction records under tax law, for example)
- Object to specific uses of your data
- Withdraw consent for processing where consent was the basis
- Lodge a complaint with your local data protection authority
To exercise any of these rights, contact privacy@evriskindex.com. We respond within 30 days. We may need to verify your identity before processing the request.
Security
We use industry-standard measures to protect your data:
- TLS encryption for data in transit (HTTPS only)
- Encryption at rest for stored invoices and analyses
- Authentication via Firebase Auth (Google's identity infrastructure)
- Hashed and salted password storage; we never store passwords in plain text
- Restricted internal access — invoice contents are not routinely viewed by staff
- Regular security review of dependencies and infrastructure
No system is 100% secure. We commit to notifying affected users without undue delay if a security incident affects their personal data.
Cookies and analytics
We use a minimal set of cookies:
- Authentication cookies — keep you logged in to your account; essential for the service to function.
- Analytics cookies — anonymized page view tracking. We do not use cross-site advertising trackers.
We do not display third-party advertisements on EVRiskIndex.com and we do not participate in advertising networks. Affiliate links, where present, are disclosed in context.
International users
EVRiskIndex serves customers in Canada (where we are based), the United States, the United Kingdom, Australia, and the European Union. Data is stored on Google Cloud infrastructure with regions selected to minimize cross-border transfer. Cross-border transfers, where they occur, are handled under standard contractual clauses or equivalent legal mechanisms.
If you are in the European Union, you have rights under the GDPR. If you are in Canada, your data is handled in compliance with PIPEDA. If you are in California, you have rights under the CCPA / CPRA. If you are elsewhere, applicable local law governs.
Changes to this policy
We may update this policy from time to time. Material changes will be announced at least 30 days before they take effect, by email to active account holders and via a notice on this page. The "Last updated" date above always reflects the most recent revision.
Contact
Questions about this policy or your data:
- Email: privacy@evriskindex.com
- For general support: support@evriskindex.com