Privacy Policy

At allset., we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event management platform. Please read this policy carefully. By using allset., you consent to the data practices described in this policy.

From Event Attendees:

• Identity Information: First name, last name, email address
• Event Responses: RSVP status, dietary restrictions, accessibility needs
• Travel Information: Arrival/departure dates, flight details, airport, airline
• Accommodation: Hotel preferences, room requirements
• Emergency Contact: Name and phone number of emergency contact
• Preferences: T-shirt size, ground transportation needs

From Event Organizers:

• Account Information: Email address, full name
• Event Data: Event details, schedules, attendee lists
• Usage Data: How you interact with the platform

Automatically Collected:

• Device Information: Browser type, operating system, IP address
• Cookies: Session cookies for authentication and CSRF protection

We use the information we collect to:

• Provide, operate, and maintain the event management platform
• Enable event organizers to manage attendee information
• Send event-related communications (invitations, reminders, updates)
• Process travel and accommodation arrangements
• Ensure dietary and accessibility needs are communicated to venues
• Provide customer support and respond to inquiries
• Improve our services and develop new features
• Detect and prevent fraud or security issues

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Consent: When you submit an RSVP form, you consent to processing of your data for event management
• Contract: To fulfill our service agreement with event organizers
• Legitimate Interest: To improve our services and ensure security

Third-Party Service Providers

We share your information with the following categories of service providers:

• Supabase: Database hosting and authentication (US-based)
• Resend: Email delivery for invitations and notifications
• OpenRouter: AI processing for data parsing features
• Google: Optional Google Sheets integration (when enabled by organizer)
• Stripe: Payment processing for premium features

All service providers are contractually bound to protect your data and use it only for the specified purposes.

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

• Event Data: Retained for 12 months after the event end date
• Account Data: Retained until you delete your account
• Audit Logs: Retained for 90 days for security purposes

Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest (AES-256)
• Access controls and authentication
• Regular security assessments
• Audit logging of data access

International Data Transfers

Your data may be transferred to and processed in the United States where our service providers are located. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.

For any privacy-related questions, data requests, or to exercise your rights, please contact us at:

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.