Privacy Policy

Account information

When you create an EventoGate account we collect your name, email address, and a hashed password. If you subscribe to a paid plan we also collect billing information, which is processed and stored by our payment provider (Stripe) — we do not store raw card details.

Event and attendee data

Data you submit through the API — event details, attendee names, email addresses, and any custom fields you configure — is stored on your behalf. You are the data controller for this information; we act as a data processor.

Usage data

We collect information about how you interact with the platform: pages visited, API calls made, features used, and error logs. This data is used to improve the service and diagnose issues.

Cookies

We use strictly necessary cookies to maintain your authenticated session. We do not use advertising or tracking cookies. A cookie preference banner is not shown because we only set cookies that are essential to the service.

We use the information we collect to: provide, maintain, and improve the EventoGate platform; process payments and send receipts; send transactional emails (registration confirmations, password resets, billing notices); respond to support requests; and comply with legal obligations. We do not sell your data or your attendees' data to third parties.

Service providers

We share data with a limited number of sub-processors who help us operate the service: Stripe (payments), AWS (infrastructure and storage), and Resend (transactional email). Each sub-processor is bound by a data processing agreement and may only use data as instructed by us.

Legal requirements

We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of EventoGate, our users, or the public.

Business transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email before your data becomes subject to a different privacy policy.

We retain your account data for as long as your account is active. If you close your account, we delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (typically up to 7 years for billing records). Attendee data associated with your events is deleted on the same schedule as your account data.

Depending on your location, you may have the right to access, correct, port, or delete your personal data; restrict or object to certain processing; and withdraw consent where processing is based on consent. To exercise any of these rights, contact us at privacy@eventogate.com. We will respond within 30 days. If you are in the European Economic Area or United Kingdom, you also have the right to lodge a complaint with your local data protection authority.

We use industry-standard measures to protect your data: TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits. We are working towards SOC 2 Type II certification. Despite these measures, no system is completely secure. If you discover a security vulnerability, please report it responsibly to security@eventogate.com.

EventoGate is operated from Malaysia and uses infrastructure hosted in AWS regions. If you are located in the European Economic Area, your data may be transferred to and processed in countries outside the EEA. Where this occurs, we rely on the EU Standard Contractual Clauses to ensure adequate protection.

EventoGate is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@eventogate.com and we will promptly delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the 'last updated' date at the top of this page. Continued use of the service after the effective date constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or how we handle your data, please contact us at privacy@eventogate.com or write to: EventoGate, Kuala Lumpur, Malaysia.