Privacy Policy

How we collect, use, and protect your information.

Effective Date: April 6, 2026

1. Introduction

Confanum ("we," "us," or "our") operates the Confanum platform, including our website at confanum.com, the Confanum admin dashboard, and the Confanum mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

We collect information in the following ways:

Information You Provide Directly

• Account registration details (name, email address, organization name)
• Contact form submissions (name, email, phone number, company, event details)
• Demo request information
• Event and convention data you enter into the admin dashboard (schedules, guest information, vendor details, FAQ content)
• Payment and billing information (processed securely through third-party payment processors)
• Communications you send to us (support requests, feedback)

Information Collected Automatically

• Device information (device type, operating system, browser type)
• Usage data (pages visited, features used, session duration)
• IP address and approximate geographic location
• Cookies and similar tracking technologies

Information from Third Parties

• Authentication data from Firebase (when you sign in)
• Payment confirmation from payment processors

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and send related communications
• Create and manage your account
• Respond to your inquiries and provide customer support
• Send administrative notifications (service updates, security alerts)
• Analyze usage patterns to improve the platform's features and performance
• Detect, prevent, and address technical issues or fraudulent activity
• Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With third-party vendors who assist us in operating the Service, including:
  • Amazon Web Services (AWS) — cloud hosting, email delivery (SES), file storage (S3), content delivery (CloudFront)
  • Firebase (Google) — authentication, push notifications (FCM), crash reporting
  • Stripe, Square, and PayPal — payment processing (we do not store full payment card numbers)
  • Redis / ElastiCache — performance caching
  • Calendly — demo scheduling
• Event Attendees: Information you publish through the platform (event schedules, guest profiles, vendor listings) is made available to your event's attendees through the mobile app
• Legal Requirements: When required by law, regulation, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you have given us explicit permission

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using TLS/SSL
• Secure authentication through Firebase
• Access controls and role-based permissions
• Regular security assessments
• Secure data storage with trusted cloud infrastructure providers

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods include:

• Account data: Retained while your account is active and for up to 12 months after account closure to allow for reactivation or data export requests
• Event data: Retained for the duration of each event and for 24 months afterward, unless you request earlier deletion
• Payment records: Retained for 7 years as required by tax and financial regulations
• Server logs and analytics: Retained for up to 12 months, then aggregated or deleted
• Marketing communications: Retained until you unsubscribe; unsubscribe records are retained indefinitely to honor your preference

We may also retain certain information as required by law, to resolve disputes, or to enforce our agreements. When data is no longer needed, we securely delete or anonymize it.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete information
• Deletion: Request that we delete your personal information. You can do this immediately from inside the mobile app (Settings > Delete My Account) or by emailing privacy@confanum.com. Full step-by-step instructions are on our Delete Your Account page. We process all deletion requests within 30 days.
• Portability: Request a copy of your data in a portable format
• Opt-Out: Unsubscribe from marketing communications at any time

To exercise any of these rights, please contact us at the email address listed below.

8. Cookies

We use cookies and similar technologies to:

• Keep you signed in to your account
• Remember your preferences
• Understand how you use the Service
• Provide security features (CSRF protection)

You can control cookie preferences through your browser settings. Disabling cookies may affect the functionality of the Service.

9. Third-Party Services

The Service may contain links to third-party websites or integrate with third-party services (such as payment processors, analytics providers, and calendar booking tools). This Privacy Policy does not apply to those third-party services, and we encourage you to review their privacy policies.

10. Children's Privacy

The Confanum admin dashboard is designed for use by event organizers and their authorized staff, all of whom must be at least 18 years old. The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13.

We recognize that conventions and events may be attended by minors. Event organizers who use the Service are responsible for ensuring their events comply with applicable child protection laws, including obtaining any required parental consent for data collection from minors at their events. If you believe we have inadvertently collected information from a child under 13, please contact us and we will promptly delete it.

11. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. We rely on Standard Contractual Clauses approved by the European Commission (where applicable) and other appropriate safeguards to ensure that your information receives an adequate level of protection.

12. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it
• Right to Delete: You may request that we delete personal information we have collected from you, subject to certain legal exceptions
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Categories of Personal Information Collected: Identifiers (name, email, IP address), commercial information (transaction records, subscription details), internet activity (usage data, session logs), and professional information (organization name, job title).

To exercise your California privacy rights, contact us at privacy@confanum.com. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) provides you with additional rights. Confanum Event Services, Inc. is the data controller for information collected through the Service.

Legal Basis for Processing: We process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to provide the Service you have requested (account management, event tools, payment processing)
• Legitimate Interest: Processing necessary for our legitimate business interests (analytics, security, service improvement), balanced against your rights
• Consent: Processing based on your consent (marketing communications, optional cookies). You may withdraw consent at any time
• Legal Obligation: Processing necessary to comply with applicable laws

Your GDPR Rights: In addition to the rights listed in Section 7, you also have the right to: restrict processing of your personal data, object to processing based on legitimate interest, lodge a complaint with your local data protection authority, and withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise your rights, contact us at privacy@confanum.com. We will respond within 30 days.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective Date" at the top. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Confanum
Email: privacy@confanum.com
Website: www.confanum.com