Privacy Policy

This Privacy Policy describes how EventZero collects, uses, stores, discloses, and protects personal information in connection with our website and platform ("Service").

This Policy applies to all websites, web applications, and online services operated by EventZero that link to it, including our primary platform at eventzero.io.

By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use the Service.

We use collected information to:

• Provide, operate, and maintain the Service;
• Process payments and manage subscriptions;
• Respond to inquiries and support requests;
• Improve platform functionality and performance;
• Send service-related communications (not marketing, unless separately consented to);
• Comply with legal obligations and enforce our agreements.

We do not sell personal information to third parties.

When you connect a third-party integration (for example, Cvent), EventZero stores encrypted credentials or tokens solely to authenticate API requests required to provide the Service.

• Credentials are stored exclusively in Amazon Web Services (AWS) Secrets Manager, encrypted using AWS Key Management Service (KMS) (AES-256).
• Access is limited by AWS Identity and Access Management (IAM) roles under the principle of least privilege.
• Credentials are never visible in plaintext or logs.
• Credentials are deleted upon account termination or upon request, subject to backup retention (typically ≤30 days).

We use carefully selected subprocessors to host our infrastructure and support delivery of the Service. A current list of subprocessors is available at eventzero.io/subprocessors.

We require each subprocessor to implement appropriate technical and organisational security measures. For EU and UK customers, subprocessor arrangements comply with Article 28 of the GDPR and UK GDPR respectively.

We may also disclose information:

• To professional advisers or service providers acting on our behalf, under appropriate confidentiality obligations;
• When required by applicable law, court order, or valid legal process;
• To regulatory or government authorities where we are obligated to do so;
• In the event of a merger, acquisition, or asset transfer, where the receiving entity will be bound by this Policy or a substantially equivalent one.

All data processed through the EventZero platform is hosted and stored in the United States using Amazon Web Services (AWS) data centres. We do not replicate or store Customer Data in other regions.

EventZero retains personal information and Customer Data for as long as necessary to provide the Service and meet our contractual and legal obligations. Retention periods vary depending on the type of data and the purpose for which it was collected.

Account and contact data (such as account holder names, business email addresses, and support communications) is retained for the duration of the customer relationship and for a period of 7 years following account termination, in accordance with applicable legal and contractual requirements.

Customer Data submitted to the platform (such as event logistics data, flight records, and emissions figures) is retained in de-identified or aggregate form and does not contain personal information about individual end users. EventZero retains this data to provide the Service and for platform analytics and improvement purposes.

Integration credentials and tokens are deleted upon account termination or upon verified request, and are not retained beyond 30 days following termination.

We use functional and analytics cookies to operate and improve our websites and platform.

• Functional cookies are necessary for the operation of the Service and cannot be disabled without affecting platform functionality.
• Analytics cookies help us understand how the Service is used and improve performance.

Where required by law (including for EU and UK visitors), we obtain consent for non-essential cookies through our cookie consent banner. You may also adjust your browser settings to block or delete cookies at any time; however, some features of the Service may not function properly if cookies are disabled.

For full details, including a list of cookies used and how to manage them, see our Cookie Policy at eventzero.io/cookies.

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, misuse, or alteration, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256);
• Network isolation and firewalls within AWS;
• Role-based access control and multi-factor authentication;
• Regular vulnerability scanning and security monitoring;
• Daily encrypted backups with tested restoration procedures.

More information is available in our Security Overview at eventzero.io/security.

While we implement commercially reasonable security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Our Service is directed solely to businesses and is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact legal@eventzero.io and we will take prompt steps to delete it.

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Material updates will be communicated to existing customers via email or in-app notification at least 14 days before taking effect. Non-material updates (such as clarifications or corrections) will be posted on our website with an updated "Last Updated" date. Continued use of the Service after the effective date of a material update constitutes acceptance of the updated Policy.

Where changes affect the basis on which we process your personal data, we will seek fresh consent where required by applicable law.

For all privacy-related inquiries, requests, or complaints: