Privacy Policy

Effective Date: [INSERT EFFECTIVE DATE]

Last Updated: June 3, 2026

EvntIQ (“EvntIQ,” “Company,” “we,” “our,” or “us”) respects your privacy and is committed to protecting Personal Data processed through our websites, mobile applications, APIs, integrations, and related services (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, retain, and protect information relating to identified or identifiable individuals (“Personal Data”) when you access or use the Services.

This Privacy Policy is intended to comply with applicable privacy and data protection laws, including where applicable:

The EU General Data Protection Regulation (“GDPR”)
The UK GDPR and UK Data Protection Act
The California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”)
Other applicable international privacy and consumer protection laws

By using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to:

The EvntIQ website located at EvntIQ
EvntIQ mobile applications
Web dashboards and enterprise portals
APIs, integrations, and webhooks
Event lead capture and enrichment tools
AI powered conversation recording and transcription features
Team collaboration workspaces
Marketing and customer support communications

This Privacy Policy does not apply to:

Third party websites, applications, or services not controlled by EvntIQ
Data processed solely on behalf of enterprise customers where EvntIQ acts as a processor/service provider under separate agreements
Offline business activities not connected to the Services

2. Definitions

For purposes of this Privacy Policy:

“Account”: Means a registered EvntIQ user account.
“Administrator”: Means a customer representative authorized to manage an organization, workspace, or team account.
“AI Features”: Means artificial intelligence, machine learning, automated enrichment, transcription, summarization, lead scoring, recommendation, or analytics features offered through the Services.
“Business Customer”: Means an organization, employer, enterprise, or event organizer using the Services.
“Controller”: Has the meaning provided under applicable privacy laws and generally refers to the entity determining the purposes and means of processing Personal Data.
“Processor”: Has the meaning provided under applicable privacy laws and generally refers to an entity processing Personal Data on behalf of a Controller.
“Personal Data”: Means information relating to an identified or identifiable person.
“Sensitive Data”: Means any category of data classified as sensitive under applicable law.
“User”: Means any individual accessing or using the Services.

3. Categories of Information We Collect

We collect information directly from users, from connected systems, automatically through device interactions, and from third parties.

3.1 Information You Provide Directly

Depending on how you use the Services, we may collect:

Account and Registration Information

Name
Email address
Password credentials
Organization name
Job title
Phone number
Billing and subscription details

Lead and Contact Information

Names
Email addresses
Phone numbers
Company names
Job titles
Event attendance details
Business card images
Badge scan information
QR code scan data
Notes and lead qualifiers
CRM related information

User Generated Content

Uploaded files
Images
Documents
Custom forms
Notes and annotations
Team comments
Workspace content

Audio and Recording Information

When users enable AI recording or transcription features, we may collect:

Audio recordings
Voice data
AI generated transcripts
AI summaries
Follow up recommendations
Conversation metadata

Users are solely responsible for obtaining all required consent before recording, transcribing, storing, or sharing any conversation. EvntIQ does not authorize secret or unlawful recordings.

4. Information Collected Automatically

We automatically collect certain information when users access or interact with the Services.

4.1 Device and Technical Information

Device type
Operating system
Browser type
Mobile device identifiers
IP address
Session identifiers
Crash logs
Diagnostic information
Network information
App version

4.2 Usage and Analytics Data

Feature usage
Page views
Clickstream data
Login activity
Interaction timestamps
Session duration
Referral URLs
Workspace activity logs
Event engagement analytics

4.3 Geolocation Information

With appropriate permissions, we may collect approximate or precise geolocation information for:

Event location verification
Regional analytics
Time zone functionality
Fraud prevention
Mobile application features

Users may disable location permissions through device settings.

5. Information Collected Through Event Capture Features

5.1 Badge Scanning

The Services may scan attendee badges, QR codes, NFC tags, or registration credentials at conferences, trade shows, and events. Collected data may include:

Attendee name
Company information
Registration identifiers
Event metadata
Contact details

Event organizers and users are responsible for ensuring lawful collection and processing of attendee information.

5.2 Business Card OCR Scanning

Users may upload or scan business cards using OCR technology. Information extracted may include:

Name
Email address
Phone number
Company name
Address information
Website URLs

OCR and AI extraction may not always be accurate.

Users are responsible for reviewing extracted data before use.

5.3 Offline Lead Capture

The Services may temporarily store lead data locally on devices during offline operation.

Offline data may synchronize automatically when connectivity is restored.

Users are responsible for securing their devices and preventing unauthorized access.

6. AI Powered Features and Automated Processing

EvntIQ provides AI powered tools and automation features.

6.1 AI Processing Activities

AI systems may be used to:

Generate lead summaries
Create follow up recommendations
Transcribe recordings
Analyze notes
Score leads
Detect patterns
Recommend actions
Enrich lead profiles
Generate analytics and insights

6.2 AI Accuracy Disclaimer

AI generated outputs may contain inaccuracies, omissions, hallucinations, or incorrect recommendations. EvntIQ does not guarantee the accuracy, completeness, or reliability of AI generated content. Users are solely responsible for reviewing and validating AI generated outputs before relying upon them.

6.3 Third Party AI Providers

Certain AI features may rely on third party service providers, including large language model providers, transcription vendors, or machine learning infrastructure providers. Information submitted through AI features may be processed by such providers solely for providing Services to EvntIQ.

6.4 AI Training and Model Improvement

Unless otherwise agreed in writing or prohibited by applicable law:

Customer Content is not intentionally used to train generalized public AI models
De identified and aggregated usage data may be used to improve platform functionality, analytics, reliability, and security
Enterprise customers may be offered additional contractual controls regarding AI data usage

Restrictions on Google Workspace API data, including exclusions from generalized model training, are described in Google API Limited Use Disclosure and Google Workspace API Data below.

7. Mobile App Permissions

Depending on device settings and enabled functionality, EvntIQ may request access to:

7.1 Camera Access

Used for:

Badge scanning
QR scanning
Business card scanning
Image uploads

7.2 Microphone Access

Used for:

Voice recordings
AI transcription
Audio notes

7.3 Photo Library and Storage Access

Used for:

Uploading images
Importing documents
Saving exports
Attachment management

7.4 Notification Permissions

Used for:

Lead reminders
Team updates
Workflow alerts
Event notifications
Marketing communications where permitted

7.5 Location Permissions

Used for:

Event functionality
Regional services
Fraud prevention
Analytics

Users may disable permissions through device settings, though certain features may become unavailable.

8. How We Use Information

We use Personal Data for legitimate business and operational purposes, including:

Providing and operating the Services
Authenticating users
Managing accounts and subscriptions
Synchronizing CRM and integrations
Processing transactions
Delivering customer support
Facilitating collaboration
Operating AI features
Improving functionality and performance
Conducting analytics and reporting
Sending service notifications
Detecting fraud and abuse
Enforcing agreements
Maintaining platform security
Complying with legal obligations

9. Legal Bases for Processing

Where required by applicable law, we process Personal Data under one or more legal bases, including:

Consent
Contractual necessity
Legitimate interests
Legal obligations
Protection of vital interests

Legitimate interests may include:

Platform improvement
Fraud prevention
Security monitoring
Business analytics
Product development
Customer support

10. CRM Synchronization and Integrations

Users may connect third party platforms including:

Salesforce
HubSpot
Google Calendar
Gmail
Microsoft Outlook
Zapier
Slack

When integrations are enabled:

Data may be transferred between systems
Users authorize synchronization activities
Third party privacy policies apply to their respective services

EvntIQ is not responsible for third party handling of information once transmitted outside our Services.

See Google API Limited Use Disclosure and Google Workspace API Data below for how we use Google Calendar and Gmail.

Google API Limited Use Disclosure

EvntIQ’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

EvntIQ uses Google Workspace APIs only to provide user-authorized features inside the EvntIQ platform.

Google Calendar API access is used to allow users to create, view, update, and cancel event-related meetings and follow-up appointments from inside EvntIQ.

Gmail API access is used to allow users to send user-initiated emails from their connected Gmail account inside EvntIQ.

EvntIQ does not sell Google Workspace API data. EvntIQ does not use Google Workspace API data for advertising. EvntIQ does not use Google Workspace API data to develop, improve, or train generalized artificial intelligence or machine learning models.

EvntIQ only accesses Google Workspace data with the user’s consent and only for the features the user chooses to use.

Google Workspace API Data

If you connect your Google account to EvntIQ, EvntIQ may use Google Workspace APIs to provide features you authorize, including calendar scheduling and sending emails from your connected Gmail account.

EvntIQ uses Google Calendar access to create, view, update, and cancel event-related meetings and follow-up appointments that users initiate inside EvntIQ.

EvntIQ uses Gmail send access to send user-initiated emails from the EvntIQ dashboard. EvntIQ does not use this Gmail permission to read, search, modify, or delete your Gmail inbox.

EvntIQ may use third-party AI service providers, such as OpenAI, to provide product features such as conversation summaries, lead notes, sales insights, and suggested follow-up content. Google Workspace API data is not used to train EvntIQ-owned generalized AI models.

11. Enterprise Workspaces and Team Collaboration

Enterprise and team accounts may permit:

Shared workspaces
Shared lead databases
Team analytics
Administrative controls
Audit logs
User permissions
Activity monitoring

Administrators may:

Access workspace content
Configure permissions
Export data
Remove users
Review audit activity

Users acknowledge that organization administrators may have visibility into workspace activity and content associated with organizational accounts.

12. Marketing Communications

We may send:

Product announcements
Service updates
Security notices
Promotional communications
Event invitations
Marketing newsletters

Users may opt out of marketing communications using unsubscribe links or account settings. Operational and transactional communications may still be sent where necessary.

13. Cookies and Tracking Technologies

We use cookies and similar technologies including:

Cookies
SDKs
Pixels
Local storage
Web beacons
Analytics scripts

13.1 Types of Cookies

Essential Cookies

Necessary for authentication, security, and platform functionality.

Functional Cookies

Remember user preferences and settings.

Analytics Cookies

Help measure performance and usage patterns.

Advertising and Marketing Cookies

Used for campaign attribution, advertising analytics, and remarketing where permitted.

14. Analytics, SDKs, and Monitoring Technologies

We may use third party analytics and monitoring providers for:

Crash reporting
Error diagnostics
Usage analytics
Performance monitoring
Attribution analytics

These providers may collect device identifiers, IP addresses, usage information, and diagnostic data.

15. Do Not Track Signals

Some browsers transmit “Do Not Track” signals. Because there is not currently a universally accepted standard for responding to such signals, the Services may not respond to all Do Not Track requests. Users may manage cookie preferences through browser settings.

16. How We Share Information

We may disclose information:

To service providers and subprocessors
To enterprise customers and workspace administrators
To integration providers
To comply with legal obligations
To protect rights and security
In connection with mergers, acquisitions, or business transfers
With consent or at user direction

We do not sell Personal Data for monetary compensation.

17. Service Providers and Subprocessors

We may engage third party vendors for:

Cloud hosting
Authentication
AI processing
Analytics
Payment processing
CRM synchronization
Customer support
Infrastructure monitoring

Subprocessors may process Personal Data under contractual obligations designed to protect confidentiality and security.

18. International Transfers

Personal Data may be transferred to and processed in countries outside the user’s jurisdiction.

Where required, we implement safeguards including:

Standard Contractual Clauses
Data Processing Agreements
Transfer impact assessments
Other lawful transfer mechanisms

Users acknowledge that privacy laws may differ between jurisdictions.

19. Data Retention

We retain information only as long as reasonably necessary for:

Providing Services
Legal compliance
Security monitoring
Dispute resolution
Enforcing agreements

Retention periods may vary depending on:

Account status
Customer instructions
Legal obligations
Security requirements

Typical Retention Examples

Account information: retained while account remains active
Audit logs: retained for security and compliance purposes
CRM sync logs: retained for operational troubleshooting
AI transcripts and recordings: retained according to workspace settings or contractual terms
Deleted content backups: may persist temporarily in secure backups

20. Account Closure and Deletion Requests

Users may request deletion of accounts or Personal Data by contacting: support@evntiq.app

Deletion requests may be subject to:

Identity verification
Legal obligations
Fraud prevention requirements
Backup retention schedules
Enterprise customer instructions

Certain information may be retained where permitted or required by law.

21. Your Rights and Choices

Depending on jurisdiction, users may have rights including:

Access
Correction
Deletion
Restriction
Objection
Portability
Withdrawal of consent
Appeal rights

21.1 GDPR Rights

Individuals located in the EEA or UK may have rights under GDPR including:

Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to object
Right to data portability
Right to lodge complaints with supervisory authorities

21.2 California Privacy Rights

California residents may have rights including:

Right to know
Right to delete
Right to correct
Right to opt out of certain sharing
Right to limit use of sensitive information
Right against discrimination

California residents may submit requests through: [INSERT PRIVACY REQUEST METHOD]

22. Automated Decision Making and Profiling

AI features may assist with:

Lead scoring
Workflow prioritization
Recommendation generation
Analytics

These features are intended to assist users and should not be treated as fully automated legally binding decision making systems unless explicitly stated otherwise. Users remain responsible for reviewing AI generated recommendations.

23. Security and Protection of Information

We implement administrative, technical, organizational, and physical safeguards designed to protect information. Security measures may include:

Encryption in transit and at rest
Access controls
Role based permissions
Multi factor authentication
Audit logging
Security monitoring
Network protections
Secure API authentication
Webhook verification
Backup systems
Incident response procedures

No method of transmission or storage is completely secure.

Users are responsible for safeguarding credentials and devices.

24. Security Incident Response

We maintain procedures designed to identify, investigate, contain, and respond to suspected security incidents. Where required by law or contract, we may notify affected parties regarding qualifying data breaches.

25. User Responsibilities

Users agree to use the Services lawfully and responsibly.

Users are solely responsible for:

Obtaining lawful consent for recordings
Complying with privacy laws
Using lead data appropriately
Configuring permissions properly
Managing exported data securely
Avoiding unlawful surveillance or monitoring

26. Event Organizer Responsibilities

Event organizers and enterprise customers are responsible for:

Providing attendee notices
Obtaining necessary consents
Maintaining lawful collection practices
Configuring retention settings
Managing user access permissions

EvntIQ acts as a service provider or processor for many enterprise customer activities.

27. Public Forums and Community Features

If public forums, community areas, or collaborative spaces are offered:

Information submitted may become publicly visible
Users should avoid posting sensitive information
EvntIQ cannot control third party reuse of public content

28. Business Transfers

In connection with mergers, acquisitions, financing, restructuring, asset sales, or bankruptcy proceedings, information may be transferred as part of the transaction.

29. Law Enforcement and Legal Requests

We may disclose information where reasonably necessary to:

Comply with legal obligations
Respond to subpoenas or lawful requests
Protect rights and safety
Investigate fraud or abuse
Enforce agreements

30. Children’s Privacy

The Services are not directed to children under 16 years of age.

We do not knowingly collect Personal Data from children.

If we become aware of unauthorized collection of children’s information, we may delete such information.

31. Third Party Websites and Services

The Services may contain links to third party services.

We are not responsible for third party privacy practices or content.

Users should review applicable third party privacy policies.

32. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

Changes become effective when posted unless otherwise stated.

Material changes may be communicated through:

Website notices
Email notifications
In app messaging

Continued use of the Services after updates constitutes acknowledgment of the revised policy.

33. Contact Information

EvntIQ

[INSERT LEGAL ENTITY NAME]

[INSERT BUSINESS ADDRESS]

[INSERT COUNTRY]

General Privacy Contact: support@evntiq.app

Data Protection Officer: [INSERT DPO EMAIL]

Privacy Requests: [INSERT PRIVACY REQUEST URL OR EMAIL]

34. Additional Clauses EvntIQ Should Consider Adding Later

Depending on future product development and legal review, EvntIQ may consider adding:

Biometric information disclosures
HIPAA related language if health data becomes involved
Automated employment screening disclosures
AI governance framework disclosures
SOC 2 certification representations
ISO 27001 references
Data residency commitments
Government customer clauses
EU representative disclosures
Accessibility and disability accommodations
Telecom/SMS compliance disclosures
Children specific protections if education features are added

35. Potential Legal and Compliance Risks to Review With Counsel

EvntIQ should review the following with qualified legal counsel:

Multi party recording consent laws
International voice recording restrictions
AI hallucination liability exposure
Cross border transfer obligations
Data retention obligations by jurisdiction
Employee monitoring laws
Consent requirements at trade shows and conferences
Lead enrichment legality in certain jurisdictions
Web scraping and enrichment data sourcing risks
Marketing email compliance under CAN SPAM, CASL, and ePrivacy laws
Vendor AI processing agreements
Mobile SDK data sharing practices
California “sharing” definitions under CPRA
Data broker registration requirements if applicable

36. Recommended Operational Safeguards

To align platform operations with this Privacy Policy, EvntIQ should consider implementing:

Data Processing Agreements with enterprise customers
Vendor/subprocessor review procedures
AI governance and review workflows
Consent collection workflows for recordings
Configurable retention policies
Enterprise audit logging
Granular permission systems
Webhook signature verification
MFA enforcement for administrators
Secure offline data encryption
Incident response playbooks
Penetration testing
SOC 2 readiness controls
Privacy impact assessments
Data mapping and classification procedures
Employee security awareness training
Regional data processing controls
Admin export restrictions
AI output review disclaimers throughout product workflows