Privacy Policy

EventCorner Privacy Policy

How EventCorner processes data across the mobile app, organizer app, waitlist, and websites.

Document version: 2026-06-10. Effective June 10, 2026.

Controller and roles

Controller: NO-CODE POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ

Address: ul. Na Zaspę 45/2, 80-547 Gdańsk

Registry/tax identifier: KRS: 0001151051, REGON: 540702741

Privacy contact: hello@eventcorner.app

NO-CODE POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ is the controller for accounts, waitlist, service security, and its own product communication as the operator of EventCorner. For participant data of a specific event, the event organizer is the controller and NO-CODE POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ acts as a processor for the organizer app and backend.

Data categories

  • account and session: email, OTP codes, session tokens, sign-in state;
  • profile: name, headline, bio, tags, LinkedIn, profile photo;
  • events: memberships, roles, visibility, invite codes, active event;
  • activity: agenda likes, attendee favorites, survey responses, feedback;
  • organizers: invites, roles, event settings, audit logs;
  • technical: rate limiting, push tokens, errors, security metadata;
  • waitlist: email, optional name, source, and consent records.

Purposes and legal bases

  • service delivery, sign-in, and event participation: GDPR Art. 6(1)(b);
  • security, anti-abuse, rate limiting, and audit logs: GDPR Art. 6(1)(f);
  • legal obligations and GDPR request handling: GDPR Art. 6(1)(c);
  • marketing and newsletter: GDPR Art. 6(1)(a), only after separate consent;
  • event operation by an organizer: the legal basis defined by that organizer.

Visibility and sharing

Attendee profiles stay private unless the user chooses event visibility. Organizers see data needed to run the event. Attendees see only profile data shared through event visibility.

We use the providers listed in the Subprocessors section below. Where providers process data outside the EEA, we rely on their available transfer safeguards, including standard contractual clauses where required.

Retention

  • OTP codes: removed after expiry/use, no later than 24h;
  • sessions: valid for 30 days, expired sessions cleaned after 7 days;
  • rate limits: 30 days;
  • push devices: inactive entries after 90 days;
  • event participant and survey data: default 90 days after event end;
  • organizer invites: anonymized 90 days after expiry/revocation;
  • audit logs: 12 months, then actor and metadata anonymization;
  • waitlist: until consent withdrawal, conversion, or completion of the waitlist purpose.

Subprocessors

Subprocessor list version: 2026-06-10

ProviderPurposeLocation
Vercelweb application hosting, edge/network security, and deploymentsUSA / global
Convexapplication backend, database, server-side functions, and storageUSA / global
Resendtransactional email delivery, including OTP codesUSA / global
Expo / EASbuilds, distribution, and mobile/push services required by the Expo appUSA / global
Apple / Googlemobile app distribution and operating-system push servicesUSA / global

Changes to this list are published in this section. Questions can be sent to hello@eventcorner.app.

DPA and organizer data processing

DPA version: 2026-06-10

Party roles

NO-CODE POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, as the operator of EventCorner, is the processor and processes data only to provide the organizer app, mobile app, and backend. The organizer is the controller for participant data of a specific event.

Instructions and scope

  • accounts, invites, roles, and event access;
  • profiles, attendee visibility, and networking;
  • agenda, map, partners, surveys, feedback, and notifications;
  • security, audit, backups, and retention.

Security

The EventCorner operator applies access control, rate limiting, signed webhooks, retention, audit-log anonymization, and minimization of data returned by APIs.

Deletion and return

After an event ends, participant data is deleted or anonymized under the configured retention settings, by default after 90 days, unless a shorter period is agreed or a legal hold applies.

Incidents and subprocessors

The EventCorner operator notifies the organizer of a relevant incident without undue delay and uses subprocessors listed publicly.

Your rights

You may request access, export, rectification, deletion, restriction, objection, or portability. Marketing consent can be withdrawn at any time. The mobile app includes data export and account deletion, and requests can also be sent to hello@eventcorner.app.

Age

EventCorner is intended for adult B2B event participants, 18+.