EVENTUM PRIVACY POLICY

1. INFORMATION WE COLLECT

1.1. Information You Provide Directly

We collect information you provide when using the Service:

Account Information: Name, email address, password, profile photo, professional title, bio, expertise tags, social media links (LinkedIn, Twitter, GitHub), website, timezone, language preferences.

Event Information (Organizers): Event name, description, date, venue, expected attendees, ticket pricing, event type, CFP settings, jury member details.

Speaker Information: Talk titles, abstracts, co-speaker details, session formats, equipment needs, travel requirements, honorarium details, availability calendar.

Jury Information: Expertise tags, review capacity, conflict of interest declarations (company affiliations, personal relationships), review feedback and scores.

Attendee Information: Ticket purchase details, check-in status, sessions attended, dietary restrictions, accessibility needs.

Feedback and Ratings: Session ratings (1-5 stars), written feedback, answers to custom questions, sentiment data.

1.2. Information Collected Automatically

Device and Usage Information: IP address, browser type, operating system, device identifiers, pages viewed, time spent on pages, links clicked, referring website.

Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to analyze usage patterns, remember preferences, and improve the Service. See Section 7 for cookie management.

Analytics Data: We use Mixpanel and PostHog for product analytics to understand user behavior and improve the Service.

1.3. Information from Third Parties

OAuth Providers: If you sign in using Google, LinkedIn, or Microsoft, we receive your name, email, and profile photo from those services.

Payment Processors: Stripe provides us with transaction data but not full payment card details.

Ticketing Integrations: If you integrate Eventbrite, Luma, or other ticketing platforms, we receive attendee lists and ticket data.

2. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

• Provide and Operate the Service: Create accounts, manage events, process payments, facilitate CFP submissions, enable feedback collection.
• Role-Based Functionality: Enable context switching between roles (Organizer, Speaker, Jury, etc.), display historical performance data to organizers, power Speaker Discovery searches.
• Data-Driven Curation: Show organizers how speakers performed at past events, enable auto-invitation rules based on ratings, detect reviewer bias.
• Communication: Send transactional emails (confirmations, notifications, reminders), respond to inquiries, provide customer support.
• Analytics and Improvement: Analyze usage patterns, measure performance, identify bugs, improve features, conduct A/B testing.
• Security and Fraud Prevention: Detect and prevent fraudulent activity, protect against spam and abuse, enforce our Terms.
• Legal Compliance: Comply with applicable laws, respond to legal requests, protect our rights.

3. HOW WE SHARE YOUR INFORMATION

We share your information in the following circumstances:

3.1. Within the Platform (Role-Based Sharing)

Organizers can see: Speaker profiles, submission details, jury review scores and feedback, attendee lists, aggregated session ratings.

Speakers can see: Their own submission status, aggregated feedback ratings, written feedback (anonymized), travel/logistics details.

Jury Members can see: Assigned submissions (title, abstract, speaker bio), historical speaker performance (if repeat speaker at same event), their own scoring statistics.

Attendees can see: Public event agendas, speaker names and bios, session descriptions.

3.2. Cross-Organizer Intelligence (Opt-In Only)

Speakers can opt into Speaker Discovery, which allows:

• Organizers to search for speakers across the platform based on topic, rating, and availability
• Display of speaker performance data (avg rating, number of talks) to searching organizers
• "Verified Speaker" badges for speakers with 3+ events and 4.5+ avg rating

Default setting is PRIVATE (only visible to events you have participated in). Speakers must explicitly opt in to public discovery.

3.3. Service Providers

We share data with trusted third-party service providers:

• Stripe (payment processing)
• SendGrid or Postmark (transactional emails)
• AWS S3 or Cloudflare R2 (file storage)
• Vercel and Railway (hosting)
• Mixpanel and PostHog (analytics)
• Sentry and Datadog (error monitoring and performance)

These providers are bound by confidentiality agreements and may only use data to provide services to us.

3.4. Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, safety, or the safety of others.

3.5. Business Transfers

If EVENTUM is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

3.6. With Your Consent

We may share information for any other purpose with your explicit consent.

4. DATA RETENTION

Active Accounts: We retain your data for as long as your account is active or as needed to provide the Service.

Deleted Accounts: When you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law.

Aggregated Data: We may retain anonymized, aggregated data indefinitely for analytics and research.

Audit Logs: We retain audit logs (who accessed what, when) for 1 year for security and compliance.

5. YOUR RIGHTS AND CHOICES (GDPR & CCPA)

You have the following rights regarding your personal data:

• Right to Access: Request a copy of all personal data we hold about you (JSON export available in settings).
• Right to Rectification: Correct inaccurate or incomplete data through your account settings.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your account and personal data. We will comply within 30 days unless legal retention is required.
• Right to Data Portability: Export your data in a machine-readable format (JSON) via account settings.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Object: Object to certain uses of your data, such as marketing communications.
• Right to Withdraw Consent: If processing is based on consent (e.g., Speaker Discovery), you can withdraw consent at any time.

To exercise these rights, contact us at privacy@eventum.co or use the settings in your account.

6. DATA SECURITY

We implement industry-standard security measures to protect your data:

• Encryption: Data in transit is encrypted using TLS 1.3. Passwords are hashed using bcrypt.
• Access Controls: Role-based access control (RBAC) ensures users only access data they are authorized to see.
• Infrastructure Security: Hosting on secure cloud platforms (Vercel, Railway) with DDoS protection (Cloudflare).
• Monitoring: 24/7 security monitoring via Sentry and Datadog. Vulnerability scanning via Snyk.
• Employee Access: Limited employee access to production data, with audit logging.

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. COOKIES AND TRACKING TECHNOLOGIES

We use the following types of cookies:

• Essential Cookies: Required for the Service to function (authentication, session management). Cannot be disabled.
• Analytics Cookies: Track usage patterns to improve the Service (Mixpanel, PostHog). You can opt out in settings.
• Preference Cookies: Remember your language, timezone, and other preferences.

You can manage cookies through your browser settings. Disabling essential cookies may impair functionality.

8. CHILDREN'S PRIVACY

The Service is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately at privacy@eventum.co.

9. INTERNATIONAL DATA TRANSFERS

EVENTUM operates globally. Your data may be transferred to and processed in countries other than your own, including the United States, where data protection laws may differ. We use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for data transferred outside the EEA.

10. THIRD-PARTY LINKS AND SERVICES

The Service may contain links to third-party websites or integrate with third-party services (Stripe, Eventbrite, Google Calendar, etc.). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice in the Service

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. CONTACT INFORMATION

For questions or concerns about this Privacy Policy or our data practices, contact us at:

13. EU REPRESENTATIVE (GDPR)

If you are in the European Economic Area (EEA), you may contact our EU representative at: [EU Representative Name and Address - if applicable]