Privacy Policy (eventOne Clients)

Summary — what this policy means in plain English

🔍 What we collect: Your name, email, billing details, the events you build, and basic usage data (pages visited, errors, etc.).
⚙️ Why we collect it: To run the platform, process payments, send you important emails, help you when something goes wrong, and make the product better.
🤝 Who we share it with: Only the third-party tools we need to operate (Stripe for payments, Postmark for email, Sentry for errors, and others listed below). We never sell your data.
🍪 Cookies: The dashboard uses only essential session cookies. Our marketing site uses cookieless Fathom Analytics and may also use HubSpot cookies for CRM and marketing functionality.
🗑️ How long we keep it: As long as your account is active, plus 90 days after cancellation for reactivation or export. Backups are purged within 12 months of cancellation.
✅ Your rights: You can ask us to access, correct, or delete your data at any time by emailing legal@event1.io.

This summary is a helpful overview — the full policy below is the legally binding text.

Applies to: eventOne dashboard users, account holders, and event organizers

This Privacy Policy describes how eventOne, Inc. ("eventOne," "we," "us," or "our") collects, uses, and discloses information when you use our platform at event1.io and dash.event1.io (collectively, the "Service"). This policy applies to clients and organizers who create and manage events using eventOne — not to event attendees, who are covered by a separate privacy policy.

By using the Service, you agree to the collection and use of information described in this policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

1.1 Account & Profile Information

When you create an eventOne account or manage your organization, we collect:

Name and email address
Organization name and details
Billing information (processed by Stripe — we do not store raw card data)
Profile settings and preferences
Communications you send us via email or support channels

1.2 Event & Content Data

When you build and manage events using the Service, we collect and store:

Event names, descriptions, dates, locations, and metadata
Session, speaker, and schedule information
Registration forms and field configurations
Files and images you upload (stored in Google Cloud Storage)
Pricing, promo codes, and ticket configurations

1.3 Usage & Technical Data

We automatically collect certain data when you access the Service:

IP address and approximate geographic location
Browser type and version, operating system
Pages visited, features used, and actions taken within the dashboard
Session duration and navigation patterns
Error reports and performance data (via Sentry)
GraphQL API performance metrics including query names, latency, and error rates (via Apollo GraphOS)
Server-side logs including user IDs, request paths, and timestamps (via Google Cloud Logging)

1.4 Communications Data

If you contact us for support or sign up for communications, we may collect:

Support tickets and conversation history (via HelpScout)
Email address for transactional and product communications (via Postmark and EmailOctopus)
Feedback, feature requests, and votes (via Canny)
Phone number if you use SMS-based two-factor authentication (via Twilio Verify)

2. How We Use Your Information

We use the information we collect to:

Provide and operate the Service: create and manage your account, process event registrations, deliver features you use
Process payments: facilitate billing and subscription management via Stripe
Authenticate your identity: send one-time verification codes via Twilio Verify
Send transactional communications: account confirmations, password resets, and event-related notifications via Postmark
Send product communications: product updates, announcements, and newsletters via EmailOctopus (you may opt out at any time)
Provide customer support: respond to inquiries, resolve issues, and maintain support history via HelpScout
Improve the Service: analyze usage patterns, track errors, and prioritize product development using aggregated and de-identified analytics
Enable search: index public event metadata (name, location, dates) in Algolia to power search functionality — no personal data is indexed
Monitor performance and security: detect errors, diagnose technical issues, and maintain system reliability via Sentry, Apollo GraphOS, and Google Cloud Logging
Comply with legal obligations: retain records as required by applicable law and respond to lawful requests

3. Third-Party Services & Data Processors

We use the following third-party services to operate the platform. Each processes data on our behalf and is governed by its own privacy policy.

3.1 Payments

Stripe Payment processing, subscription billing, and invoicing. Card data is collected and stored directly by Stripe; eventOne does not store raw payment card details. Provider: Stripe, Inc. — Privacy Policy

3.2 Analytics & Monitoring

Fathom Analytics Privacy-first website analytics for event1.io. Fathom does not use cookies, does not track users across sites, and does not sell data. Aggregate traffic data only. Provider: Conva Ventures Inc. — Privacy Policy

Sentry Error tracking and application performance monitoring. Sentry may capture stack traces, request data, and user IDs to help diagnose bugs and crashes. Provider: Functional Software, Inc. — Privacy Policy

Apollo GraphOS GraphQL API performance monitoring. Apollo GraphOS collects query names, field usage, latency metrics, and error rates from our API. This data is used to monitor API health and improve performance. Apollo GraphOS does not receive the contents of user data fields — only query structure and operational metadata. Provider: Apollo Graph, Inc. — Privacy Policy

Google Cloud Logging Server-side logging infrastructure. Logs may include IP addresses, user IDs, request paths, response codes, and timestamps used for debugging and security monitoring. Provider: Google LLC — Privacy Policy

3.3 Marketing & CRM

HubSpot Marketing and CRM platform. HubSpot tracking is active on the event1.io marketing website to track visitor behavior and support lead management. If you visit our marketing site, HubSpot may set cookies and collect browsing data. Provider: HubSpot, Inc. — Privacy Policy

EmailOctopus Email marketing and newsletter delivery. We use EmailOctopus to send product announcements and updates to users who have opted in. You may unsubscribe at any time via the link in any marketing email. Provider: EmailOctopus Ltd. — Privacy Policy

3.4 Customer Support & Feedback

HelpScout Customer support platform for managing support tickets and conversations. Support communications are stored and processed by HelpScout. Provider: Help Scout PBC — Privacy Policy

Canny Product feedback and feature request management. If you submit feedback or vote on features, your name, email, and feedback content are stored by Canny. Provider: Canny, Inc. — Privacy Policy

3.5 Authentication

Twilio Verify SMS-based two-factor authentication. If you enable 2FA, your phone number is sent to Twilio to deliver one-time verification codes. Twilio does not use this data for advertising. Provider: Twilio Inc. — Privacy Policy

3.6 Communications Infrastructure

Postmark Transactional email delivery (account confirmations, password resets, event notifications). Postmark processes your email address and message content to deliver these emails. Provider: Wildbit LLC (an ActiveCampaign company) — Privacy Policy

3.7 Search

Algolia Search infrastructure for public event discovery. Only public event metadata (event name, location, dates) is indexed. Personal data, attendee information, and private event details are not sent to Algolia. Provider: Algolia SAS — Privacy Policy

3.8 File Storage

Google Cloud Storage Storage for files and images you upload to the platform (event graphics, speaker photos, etc.). Provider: Google LLC — Privacy Policy

3.9 Maps

Mapbox Map rendering and location display for event venue information. Mapbox may receive location queries and device information when maps are rendered. Provider: Mapbox, Inc. — Privacy Policy

3.10 Infrastructure & Hosting

Heroku Primary application hosting platform. Your data is processed and stored on servers operated by Heroku. Heroku is a Salesforce company. Provider: Salesforce, Inc. — Privacy Policy

MongoDB Atlas Managed cloud database hosting our primary application database. Account, event, registration, and other application data is stored in MongoDB Atlas. Provider: MongoDB, Inc. — Privacy Policy

Redis Labs (Redis Cloud) Managed Redis hosting used for caching and session data. May transiently hold session identifiers and cached application data. Provider: Redis Ltd. — Privacy Policy

Cloudflare CDN, DNS, and website hosting for static assets and the event1.io marketing site. Cloudflare processes network traffic and may log IP addresses and request metadata for performance and security purposes. Provider: Cloudflare, Inc. — Privacy Policy

Google Cloud Platform Cloud infrastructure provider for select services including Cloud Storage, Cloud Logging, and other managed services described elsewhere in this policy. Provider: Google LLC — Privacy Policy

3.11 Internal Operations

Google Workspace Business email and productivity suite used by the eventOne team for internal communications and direct correspondence with clients. If you email us or we email you directly (outside of automated transactional or marketing emails), that communication is processed and stored via Google Workspace. Google does not use Workspace customer data for advertising. Provider: Google LLC — Privacy Policy

4. Cookies and Tracking Technologies

We and our third-party service providers use cookies and similar tracking technologies on our marketing website (event1.io). The dashboard (dash.event1.io) uses only essential session cookies required for authentication and operation.

Essential Cookies Required for the Service to function. These include authentication tokens and session identifiers. They cannot be disabled without breaking core functionality.

Analytics We use Fathom Analytics, which is a cookieless analytics tool. Fathom does not use cookies, does not fingerprint users, and does not share data with advertisers.

Marketing & CRM Tracking (event1.io only) HubSpot may set cookies on the event1.io marketing website to track page visits and interactions for CRM purposes. These cookies are active on the marketing site only and are not present in the dashboard application.

You may opt out of HubSpot cookie tracking by visiting HubSpot's Cookie Policy or by enabling a "Do Not Track" signal in your browser.

5. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

With service providers: We share data with the third-party processors listed in Section 3 solely to provide the Service.
Within your organization: Information you share as part of your eventOne organization is accessible to other members of that organization you have authorized.
Legal compliance: We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of eventOne or others.
Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website.
With your consent: We may share information in other ways if you explicitly consent.

6. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. If you cancel your account:

Account and event data is retained for 90 days following cancellation to allow for reactivation or data export.
After 90 days, account data is deleted from our active systems.
Some data may be retained in backups for up to 12 months, after which it is purged.
We may retain certain records longer if required by law or for legitimate business purposes such as fraud prevention.
Log data in Google Cloud Logging is subject to our configured retention policies (typically 30–90 days).

You may request deletion of your data at any time by contacting us at the address in Section 12.

7. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

Encryption of data in transit (TLS) and at rest
Access controls limiting data access to authorized personnel
Application error monitoring and alerting via Sentry
Infrastructure security via Heroku and Google Cloud Platform
DDoS protection and network-level security via Cloudflare
Regular review of third-party service security practices

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:

8.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we collect about you, the categories of sources from which we collect it, the business purpose for collecting it, and the categories of third parties with whom we share it.

8.2 Right to Delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as information needed to complete a transaction or comply with a legal obligation).

8.3 Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

8.4 Right to Opt-Out of Sale or Sharing

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. You do not need to opt out of a sale because no such sale occurs.

8.5 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

8.6 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:

Category	Examples
Identifiers	Name, email address, IP address, account ID
Commercial information	Subscription and billing history
Internet or network activity	Marketing site browsing, dashboard usage, log data
Geolocation data	Approximate location inferred from IP address
Professional information	Organization name and role

8.7 Submitting a Request

To exercise your California privacy rights, contact us at legal@event1.io. We will verify your identity before processing your request and respond within 45 days.

9. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately and we will take steps to delete such information.

10. Third-Party Links

The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

11. Changes to This Policy

When we make material changes to this policy, we will:

Update the "Last Updated" date at the top of this document
Notify you via email to the address on your account, and/or
Display a prominent notice within the dashboard

Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your data:

eventOne, Inc. Email: legal@event1.io Website: event1.io