Privacy Policy

1. Introduction

Welcome to EventWings ("we", "our", "us"). EventWings is a SaaS-based event management platform designed for colleges, institutions, and professional event organizers.

This Privacy Policy explains how we collect, use, store, share, and protect your information when you visit our website at eventwings.com or use our services. It also explains your rights regarding your personal data.

By using our website or services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our services.

This policy is published in compliance with applicable data protection laws, including the Indian Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 (DPDP Act), and other relevant regulations applicable to the jurisdictions in which we operate.

2. Information We Collect

A. Information You Provide Directly

When you fill out forms on our website (contact, demo request, early access, organizer registration), we collect:

• Full name
• Email address
• Phone number (when provided)
• Organization or institution name
• Designation or role
• Inquiry or message content
• Information submitted for early access or demo registration

B. Event Registration Data (Platform Use)

When EventWings is used to manage events, organizers may collect data from participants registering for those events. This may include:

• Participant names
• Email addresses
• Phone numbers
• Institutional identifiers (roll numbers, employee IDs, member numbers)
• Department, year, course, or organizational affiliation
• Ticket details and registration timestamps
• QR-based check-in records and attendance data
• Custom fields configured by organizers (dietary preferences, accommodation needs, t-shirt sizes, etc.)

Important: Event organizers are the data controllers for participant data they collect through their events. EventWings acts as a data processor on behalf of organizers and stores the data securely. Organizers remain responsible for the lawful basis of data collection, participant consent, and compliance with applicable privacy laws.

C. Payment Information

EventWings does not currently process payments, and no payment information is collected at this time. When paid events are introduced in future, payment information (such as card details or UPI identifiers) will be handled by trusted third-party payment gateways — EventWings will not store full payment card numbers or sensitive payment credentials on our servers, and will retain only transaction metadata (timestamp, amount, status) for accounting and dispute resolution. This policy will be updated before any payment processing begins.

D. Automatically Collected Information

When you use our website, a limited amount of technical information is recorded automatically as part of normal website operation:

• IP address (recorded when an organizer submits a signup application, and in standard server logs)
• Standard web server log data (request times, requested pages, HTTP status, browser user-agent string)
• Visit identifier — a randomly generated, opaque identifier stored in a first-party cookie (ew_visit_id, 30-day lifetime). It contains no name, email, or other personal detail on its own. It lets us understand how visitors move through our site on the path to registering for an event.
• Pages visited and referral source — which pages on our own site you view, and the page or external link that referred you to us, so we can understand and improve the journey from first visit to event registration.

This visit data is first-party only — collected by EventWings, used only by EventWings, and never sold or shared with third parties for advertising. If you later sign in and register for an event, we may link this visit activity to your account so the organizer and we can understand how registrations are reached. We do not use third-party advertising trackers and do not follow your activity across other websites.

E. Information from Third Parties

We may receive information about you from third parties such as:

• Google, when you choose to sign in using your Google account (we receive your name, email address, and profile picture)
• Institutional partners who have introduced or referred you
• Public sources (when verifying institutional affiliations)

3. How We Use Your Information

We use your information for the following purposes:

• Service delivery — provide and operate our event management platform
• Communication — respond to inquiries, send platform updates, deliver event-related notifications
• Account management — verify identity, manage organizer/participant access, prevent unauthorized use
• Understanding registration journeys — analyze how visitors navigate our site toward registering for events, so we and event organizers can improve the registration experience
• Security and fraud prevention — detect, investigate, and prevent fraudulent or harmful activity
• Legal compliance — fulfill legal obligations, enforce our terms, protect rights

We do not sell your personal information. We do not share your data with third parties for their independent marketing purposes.

4. Legal Basis for Processing

Where applicable privacy laws require a specific legal basis for processing personal data, we rely on one or more of the following:

• Consent — when you explicitly agree to specific processing
• Contractual necessity — to fulfill our obligations under our terms of service
• Legitimate interest — for security, safe operation of the platform, and understanding how registrations are reached, balanced against your privacy rights
• Legal obligation — when required by applicable law (tax records, audit requirements, regulatory reporting)

5. Email Communication

If you submit your email address, you may receive:

• Transactional emails (registration confirmations, ticket delivery, account and password-related emails)
• Service notifications (important platform updates, scheduled maintenance)
• Responses to your inquiries

We do not send marketing or promotional emails. Transactional and service emails are essential to providing the service and are sent only as needed. We do not send spam.

6. Sharing & Disclosure

We may share your information with:

• Event organizers — when you register for events, your registration data is shared with the relevant organizer
• Service providers — hosting and cloud infrastructure providers, and email delivery services, who process data on our behalf under confidentiality obligations
• Legal authorities — when required by law, court order, or to protect rights, safety, and property
• Business transfers — in the event of merger, acquisition, or asset sale (with notice to you)

We do not share your personal information for purposes incompatible with those described in this policy.

7. Cookies and Tracking Technologies

EventWings uses a small number of first-party cookies. We do not use advertising cookies or any cross-site tracking technologies.

• Session cookie (ci_session) — essential. Keeps you logged in and protects forms against cross-site request forgery (CSRF). It contains no personal data beyond a session identifier and expires when your session ends.
• Visit identifier (ew_visit_id) — analytics. A randomly generated, opaque value with a 30-day lifetime, used to understand how visitors navigate our site toward event registration. It is first-party only and is never shared with third parties for advertising.

The session cookie is essential — disabling it will prevent you from logging in and using the platform. The visit-identifier cookie is not essential: you can clear it or block cookies through your browser settings at any time, and the site will continue to work normally.

8. Data Storage & Security

We take reasonable measures to protect your data, including:

• HTTPS encryption for all data transmitted between your device and our servers
• Passwords stored only as salted cryptographic hashes — never in plain text
• Role-based access control, so users and administrators can access only what their role permits
• Audit logging of sensitive administrative actions
• Hosting on infrastructure that applies its own physical and network security controls

We continue to strengthen our security practices as the platform grows. While we use commercially reasonable efforts to protect your data, no online system can guarantee absolute security. You can help protect your data by maintaining a strong, unique password, keeping your contact information current, and reporting any suspected unauthorized access immediately.

9. Third-Party Services

We rely on a small number of trusted third-party services to operate our platform:

• Cloud hosting and infrastructure providers
• Email delivery services for transactional and service emails
• Google, for optional "Sign in with Google" authentication

When paid events are introduced in future, payment gateway providers will be added to this list, and this policy will be updated accordingly. These providers process data on our behalf and are expected to maintain confidentiality and apply appropriate security measures. We do not authorize them to use your data for their own purposes beyond what is necessary to provide their service to us.

10. Data Retention

We retain personal data for as long as necessary to:

• Provide services to you or the organization that uses EventWings
• Comply with legal, regulatory, or audit requirements
• Resolve disputes and enforce agreements

Specific retention periods:

• Inquiry submissions — 24 months from receipt
• Event registration data — retained per organizer's policy, typically 5-7 years for institutional events to support accreditation cycles
• Account data — retained while account is active, plus 90 days after deletion request
• Visit identifier and journey data — anonymous visit activity that is never linked to an account is deleted after 90 days; activity that has been linked to a registered participant is retained for as long as that participant record exists
• Transaction records — minimum 8 years per Indian tax law
• Audit and security logs — minimum 12 months

You may request data removal by contacting us. We will comply unless retention is required by law or to protect legitimate business interests.

11. Your Rights

Under applicable privacy laws (including the DPDP Act, GDPR, and others), you have the following rights regarding your personal data:

• Right to access — request a copy of the personal data we hold about you
• Right to correction — request correction of inaccurate or incomplete data
• Right to deletion — request deletion of your personal data (subject to legal retention requirements)
• Right to withdraw consent — withdraw consent for processing where we rely on consent as the legal basis
• Right to object — object to processing based on legitimate interest
• Right to data portability — receive your data in a portable, machine-readable format
• Right to grievance redressal — escalate complaints through our designated grievance officer

To exercise your rights, contact us at support@eventwings.com. We will respond within 30 days. We may need to verify your identity before processing your request.

12. International Data Transfers

EventWings is headquartered in India. If you access our services from outside India, your information may be transferred to, processed, and stored in India or in other countries where our service providers operate. We ensure appropriate safeguards are in place for any cross-border transfers, including:

• Data processing agreements with service providers
• Compliance with applicable cross-border transfer regulations
• Encryption of data in transit and at rest

13. Data Breach Notification

In the event of a data breach that affects your personal data, we will:

• Notify affected users without undue delay (typically within 72 hours of becoming aware)
• Notify relevant data protection authorities as required by applicable law
• Provide information about the nature of the breach, data affected, and steps you can take
• Take remedial action to prevent recurrence

14. Children's Privacy

EventWings is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18 without verifiable parental consent. If you believe a child has provided us with personal information without consent, please contact us, and we will take steps to delete the information.

For institutional events involving minors (school programs, college events for participants under 18), the institution is responsible for obtaining appropriate parental or guardian consent in accordance with applicable laws.

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or industry standards. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify users of material changes via email or platform notification (where appropriate)
• Provide a summary of significant changes in the notification

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

16. Grievance Redressal

In compliance with the Information Technology Act, 2000 and applicable rules, the Grievance Officer for EventWings can be reached at:

📧 support@eventwings.com
(Subject line: "Grievance — Privacy Policy")

We will acknowledge grievances within 24 hours and resolve them within 15 days, in accordance with applicable timelines.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

📧 support@eventwings.com
🌐 eventwings.com/contact

See also: Terms & Conditions