Last updated: 16.05.2026

1. Introduction

Welcome to our event management service. This Privacy Policy explains what personal data we collect, why we collect it, how it is used, and what rights you have over it. We are committed to protecting your privacy and processing your data in compliance with the General Data Protection Regulation (GDPR) and applicable EU data protection law.

2. Data We Collect

Account information — collected when you register or update your profile:

• Name
• Email address
• Phone number
• Preferred language
• Password (stored as a one-way cryptographic hash — never readable)

Profile / contact card — optional information you may add to your public or private profile:

• Display name, job title, company name
• City and country
• Interests and spoken languages
• Profile photo
• Bio / description

Tickets and payments — when you purchase or receive an event ticket:

• Ticket code and type
• Purchase date and price
• Payment reference (we do not store full card numbers; card processing is handled by our payment provider)

Attendance data — when you check in to an event:

• Check-in timestamp and location (venue)
• Identity of the staff member who performed the check-in

Chat messages — when you use the in-app messaging feature:

• Message content and timestamps
• Read receipts
• Conversation participants

Authentication data — depending on the login method you choose:

• One-time password (OTP) tokens, stored temporarily and deleted after use
• Passkey / biometric authentication credentials (WebAuthn public key — the biometric data itself never leaves your device)
• Social login provider identifier (e.g. Google account ID), if you sign in via a third-party provider

Push notification subscriptions — if you opt in to browser push notifications:

• Browser endpoint URL and encryption keys required to deliver notifications

Communication logs — to track service emails:

• Email type, delivery status, and recipient address
• Logs are automatically deleted after 90 days

Technical data — automatically collected to operate the service:

• Session cookies necessary for authentication and security
• Browser and device type (user-agent)

3. Legal Basis for Processing (GDPR)

We process your personal data only where a lawful basis under GDPR applies:

• Performance of a contract — account creation, ticket management, check-in, and service-related communications are necessary to provide the service you requested.
• Legitimate interests — operating the chat system, delivering push notifications you opted into, maintaining security logs, and preventing fraud, where these interests are not overridden by your rights.
• Consent — marketing emails and optional push notifications are sent only with your explicit consent, which you may withdraw at any time.
• Legal obligation — retaining certain records where required by applicable law.

4. How We Use Your Data

• Creating and managing your account
• Verifying your identity and providing secure authentication
• Processing ticket purchases and managing access to events
• Recording attendance at events you registered for
• Enabling private messaging between attendees (chat feature)
• Displaying your public profile in the attendee directory (if you set it to public)
• Sending transactional emails (registration confirmation, ticket, password reset)
• Sending marketing emails, with your consent
• Delivering browser push notifications, if you opted in
• Allowing event organizers to manage participants

5. User-Generated Content

The service allows you to create content visible to other users, including:

• Your profile / contact card (name, photo, bio, city, interests) — visibility controlled by your privacy setting (public, private, or hidden)
• Chat messages sent to other attendees

You are responsible for the content you submit. Do not include personal data of third parties without their consent. You may edit or delete your profile and messages from within the service.

6. Information Sharing

We do not sell your personal data. We share data only in the following circumstances:

• Event organizers and administrators — can access your name, email, phone number, ticket information, and attendance records for event management purposes.
• Other attendees — can see your public profile information if you have set your contact card to public.
• Payment processors — your payment details are processed by our payment service provider. We only retain a payment reference, not your full card details.
• Social login providers — if you choose to log in via a third-party provider (e.g. Google), that provider shares limited identity data with us under their own privacy policy.
• Legal requirements — we may disclose data when required by law or to protect the rights and safety of our users.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted transmission (HTTPS), hashed passwords, and access controls. Passkey / biometric credentials are stored as public keys only — your biometric data never leaves your device.

8. Data Retention

• Account data — retained for as long as your account is active. You may request deletion at any time.
• Chat messages — retained while your account exists; deleted when you delete your account.
• Attendance / check-in logs — retained for the duration of the event and for a reasonable period thereafter for record-keeping purposes.
• Email logs — automatically deleted after 90 days.
• OTP tokens — deleted immediately after use or on expiry (typically within 10 minutes).
• Push notification subscriptions — retained until you withdraw consent or unsubscribe in your browser settings.

9. Your Rights Under GDPR

As a data subject in the European Economic Area (EEA) you have the following rights:

• Right of access — obtain a copy of the personal data we hold about you.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure — request deletion of your data where there is no overriding legal basis to retain it.
• Right to restriction — request that we limit processing in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

You can exercise most of these rights directly from your profile page. For requests you cannot complete yourself, please contact us. You also have the right to lodge a complaint with your national data protection authority.

10. Cookies

We use only technically necessary cookies required for the operation of the service (session authentication and security). We do not use cookies for advertising or cross-site tracking. You can manage cookie settings through your browser, but disabling session cookies will prevent you from logging in.

11. Children's Privacy

Our service is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us for immediate deletion.

12. International Data Transfers

Where your data is transferred outside the European Economic Area, we ensure an adequate level of protection through appropriate safeguards (such as Standard Contractual Clauses) in compliance with GDPR Chapter V.

13. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page and, where appropriate, by email. The date at the top of this page reflects the most recent revision.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us through the contact details provided on this website.