Legal

Privacy & Data Protection Policy.

The short version: this website uses no third-party analytics, sets no tracking cookies, shows no ads and has no accounts. We count visits ourselves, on our own server, without storing anything that identifies you. Beyond that, the only personal data we ever touch is what you choose to send us by email or through our contact form, plus the technical logs every web server keeps.

Who we are

Exevio d.o.o., Vukovarska 6, 51000 Rijeka, Croatia, is the data controller for any personal data processed through this website (exevio.com). You can reach us at contact@exevio.com or +385 95 222 1110.

We process personal data in line with the EU General Data Protection Regulation (GDPR) and the Croatian Act on the Implementation of the GDPR.

Server logs

Like every website, exevio.com generates standard access logs when you visit: your IP address, the time of the request, the page requested, the referring page and your browser's user agent string. Our hosting infrastructure stores these on our behalf.

We use them only to keep the site secure and running: detecting abuse, diagnosing faults, defending against attacks. The legal basis is our legitimate interest in operating a secure website (Article 6(1)(f) GDPR). Logs are kept for a short period and then deleted or anonymised. They are never used to profile you.

How we count visits

We wrote our own visit counter instead of using an analytics service, so your data never leaves our server. When a page loads, your browser sends us one small message with the page's address and, if there was one, the domain of the site that linked you here. From the request itself we note whether the device looks like a phone or a desktop, and which country the visit comes from. The country is worked out on our own server against a local copy of a public IP-to-country table (DB-IP), so the address is never sent to anyone for the lookup. That is the entire list.

To tell visits and visitors apart without cookies, we compute a scrambled fingerprint (a cryptographic hash) from your IP address and browser signature, mixed with a value that changes every day. The raw IP address and browser signature are never written to disk, the fingerprint cannot be reversed into them, and because the mix changes daily it cannot connect your visit today to your visit tomorrow. There is no profile of you to build, sell or leak.

If your browser sends the Do Not Track or Global Privacy Control signal, we skip the counting entirely. The legal basis for this minimal measurement is our legitimate interest in understanding how the site is used (Article 6(1)(f) GDPR).

When you write to us

If you email us, or use the contact form on the Build with Exevio page, we process what you send: your email address, your name if you include it, and the content of your message. We use it to reply and to follow up on whatever you asked about, whether that is a venture proposal, a partnership or a question.

Messages sent through the form are delivered to our inbox by Postmark, an email delivery service acting as our processor. Nothing you type in the form is stored on this website itself, and nothing is sent anywhere until you press Send.

The legal basis is taking steps at your request prior to entering a contract (Article 6(1)(b) GDPR) or our legitimate interest in responding to correspondence (Article 6(1)(f) GDPR). We keep correspondence for as long as the conversation is relevant, plus any period required by law.

Cookies and local storage

This website sets no cookies. None. There is nothing to consent to, which is why you have not seen a cookie banner.

If you toggle the moonlight theme, your browser stores a single preference (exevio-mode) in its own local storage. On your very first visit the homepage plays a short opening film; your browser remembers which one you were shown and that you have seen it (exevio-intro-cast, exevio-intro-seen) so it never plays again. If you beat the little game hidden on our 404 page, your browser remembers that victory the same way (exevio_404_completed), and one hidden page keeps a marker (exevio_vault_door) for the duration of the browser session so you only watch its door animation once. None of these values ever leaves your device, none is transmitted to us and none contains personal data. You can clear them any time through your browser settings. (One more, for completeness: a password-protected statistics page used by our own crew keeps its access key in session storage, exevio-stats-key. It never applies to regular visitors.)

What we never do

  • No third-party analytics or measurement services. Our own counting stays on our own server, as described above.
  • No advertising, ad networks or remarketing pixels.
  • No profiling or automated decision-making.
  • No selling, renting or trading of personal data. Ever.
  • No newsletters or marketing emails, unless you explicitly ask us to keep you posted.

Social networks and external links

The footer links to our profiles on LinkedIn, X, Facebook and Instagram. These are plain links, not embedded widgets, so nothing is loaded from those platforms while you browse this site. Once you follow a link, the privacy policy of that platform applies.

One hidden page contains a video hosted on YouTube. Until you press play, only a poster image served from our own domain is shown and nothing is requested from YouTube. If you do press play, the video streams from YouTube's privacy-enhanced domain (youtube-nocookie.com) and YouTube's privacy policy applies from that moment.

The same goes for the websites of our ventures and satellite products. Each is operated separately and has its own privacy policy. This policy covers exevio.com only.

Who can access your data

Only the people at Exevio who need it to answer you, the hosting provider that stores server logs on our behalf, and Postmark, which carries contact-form messages to our inbox. Both work under data processing agreements. We do not share personal data with anyone else unless the law requires it.

Your rights

Under the GDPR you can ask us, at any time and free of charge, to:

  • confirm whether we process your personal data, and access a copy of it;
  • correct inaccurate data or complete incomplete data;
  • delete your data ("right to be forgotten");
  • restrict processing, or object to processing based on legitimate interest;
  • receive your data in a portable format;
  • withdraw consent, where processing is based on consent, without affecting prior processing.

Write to contact@exevio.com and we will respond within 30 days. If you believe we handle your data unlawfully, you also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP, azop.hr) or the supervisory authority in your EU member state.

Security

Exevio is ISO 27001 certified. Information security is not a footer badge for us, it is an audited management system. This site is served over TLS, and the little data we hold is protected against loss, misuse and unauthorised access.

Changes to this policy

If our practices change, this page changes first.

Contact

Exevio d.o.o.
Vukovarska 6, 51000 Rijeka, Croatia
contact@exevio.com
+385 95 222 1110

Last updated: 12 July 2026