Privacy Policy

1.1 Information You Provide

• Account Information: Name, email address, phone number, organization name, and password when you create an account.
• Profile Information: Job title, profile photo, and other optional details you choose to add.
• Event Data: Event names, descriptions, dates, venues, attendee lists, and pass configurations you create through our platform.
• Payment Information: Billing address and payment method details (processed securely through our third-party payment processors).
• Communications: Messages, feedback, and support requests you send to us.

1.2 Information Collected Automatically

• Device Information: Hardware model, operating system, unique device identifiers, and mobile network information.
• Log Data: IP address, browser type and version, pages visited, time and date of access, time spent on pages, and referring URLs.
• Usage Data: Features used, actions taken, scan logs, and interaction patterns within the platform.
• Location Data: Approximate location derived from IP address (we do not collect precise GPS location without consent).

1.3 Information from Third Parties

• SSO Providers: If you sign in via a third-party service (e.g., Google), we receive your name, email, and profile picture as authorized by you.
• Analytics Partners: Aggregated and de-identified usage data to help us improve our Services.

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve our platform, including event management, pass issuance, and scan verification.
• Account Management: To create and manage your account, authenticate your identity, and provide customer support.
• Communications: To send transactional emails (confirmations, alerts, updates) and, with your consent, promotional messages.
• Analytics & Improvement: To understand usage patterns, diagnose technical issues, and develop new features.
• Security: To detect, prevent, and address fraud, abuse, and security threats.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

We do not sell your personal information. We may share data in limited circumstances:

• Service Providers: With trusted third-party vendors who perform services on our behalf (hosting, payment processing, email delivery, analytics) under strict confidentiality obligations.
• Event Organizers: When you register for or attend an event, the organizer may receive your registration data as necessary for event operations.
• Legal Requirements: When required by law, subpoena, court order, or government request; or to protect rights, property, or safety.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.
• With Your Consent: We may share information for other purposes when you give us explicit permission.

We implement industry-standard technical and organizational security measures to protect your information, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Regular security assessments and penetration testing.
• Access controls with multi-factor authentication for internal systems.
• Continuous monitoring and incident response procedures.

While we strive to use commercially acceptable means to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained while your account is active and for up to 30 days after deletion request.
• Event Data: Retained for the duration of the event lifecycle plus 12 months for analytics and audit purposes.
• Log Data: Automatically purged after 90 days.
• Payment Records: Retained as required by applicable tax and financial regulations.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal obligations.
• Portability: Request your data in a structured, machine-readable format.
• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@inflowra.com. We will respond within 30 days.

We use cookies and similar technologies for the following purposes:

• Essential Cookies: Required for platform functionality (authentication, session management).
• Analytics Cookies: Help us understand how you use our Services (e.g., PostHog) to improve performance.
• Preference Cookies: Remember your settings and preferences for a better experience.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our Services.

Our Services may contain links to or integrate with third-party services that are not operated by us. We are not responsible for the privacy practices of these services. We encourage you to review their privacy policies. Third-party integrations we use include:

• Cloud hosting and infrastructure providers.
• Payment processing platforms.
• Analytics and performance monitoring tools.
• Email delivery services.

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@inflowra.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you through the platform or by email. The “Last updated” date at the top of this policy indicates when it was last revised. Continued use of our Services after the update constitutes acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: