Privacy Policy
Last updated: May 2026
EventEdIQ ("we," "us," or "our") provides simple, affordable tools for event and association professionals, including proposal scoring and content planning (ContentIQ), schedule optimization (OperationsIQ), and data analysis (InsightsIQ). This Privacy Policy explains how we collect, use, and protect information when you use our services.
All conference data is stored persistently in a secure database to provide ongoing access to your proposals, scores, schedules, and version history. Data is retained for the duration of your service agreement.
1. Information We Collect
Account Information
When your organization is set up on EventEdIQ, we store:
- Email address and name (for each invited user)
- Organization name
- User role (admin or member)
Conference Data
When you use our tools, you may import or create conference-related data including:
Proposals (ContentIQ):
- Proposal titles, abstracts, and learning objectives
- Speaker names, email addresses, organizational affiliations, titles, and biographies
- Track/topic categories and session formats
- AI-generated scores and feedback
Scheduling (OperationsIQ):
- Session titles, speakers, and descriptions
- Room names and capacities
- Time slot information
- Schedule assignments and saved version history
Analytics (InsightsIQ):
- Conference data provided by you for analysis (varies by engagement)
- May include speaker information, session history, evaluations, attendance records, and survey responses
Data Imported from Third-Party Platforms
EventEdIQ can import proposal and session data from third-party conference management platforms. When you connect an import source, we fetch session and speaker data from that platform's API and store it in your EventEdIQ account. We do not maintain ongoing connections to these platforms after the import completes.
Website Contact
Our "Get Started" page links to a third-party scheduling service (HubSpot) for booking consultations. Any information you provide when booking is collected by HubSpot under their privacy policy, not ours. We do not collect contact information directly through our marketing website.
Cookies
EventEdIQ uses functional cookies only: authentication session tokens and UI preferences (such as sidebar state). We do not use cookies for advertising, tracking, or analytics purposes.
2. How We Use Your Information
Conference Data Processing
Your conference data is processed solely to provide the requested service:
- ContentIQ: Proposal content is sent to OpenAI to generate scores and feedback. The specific fields sent depend on your scoring configuration and may include titles, abstracts, speaker information, learning objectives, and other submission data you choose to score on
- OperationsIQ: Session and constraint data is processed by our scheduling algorithm entirely on our infrastructure, with no external data sharing
We do not use your conference data for any purpose other than delivering the service you requested. We do not use your data to train AI models.
Activity Logging
We log key user actions (such as saving a schedule version) for operational integrity and accountability. These logs include the user's email and the action taken.
3. Data Retention and Deletion
Conference Data
All conference data (proposals, scores, schedules, versions) is stored persistently in a secure database hosted on Supabase (PostgreSQL on AWS US-East). Data is retained for the duration of your service agreement.
- Deleted records are soft-deleted (marked with a timestamp) rather than immediately removed, allowing for recovery
- Upon termination of your agreement, conference data is deleted upon request unless you request an export
- You can request data export or deletion at any time by contacting us
Third-Party Retention (OpenAI)
When you use ContentIQ, proposal content is sent to OpenAI for AI scoring. Per OpenAI's API data usage policies, they may retain API inputs for a limited period for abuse monitoring.
Important: OpenAI does not use API data to train their models by default. We have not opted into any data sharing programs with OpenAI. Your proposal content is not used for model training.
See OpenAI's API Data Usage Policies for current details.
4. Third-Party Services
We use the following third-party services to operate EventEdIQ:
| Service | Purpose | Data Shared |
|---|---|---|
| Vercel | Application and API hosting | All data passes through Vercel infrastructure (SOC 2 Type 2) |
| Supabase | Database and authentication | All conference data, user accounts (SOC 2 Type 2) |
| OpenAI | AI scoring (ContentIQ only) | Proposal content selected for scoring (varies by client configuration) (SOC 2 Type 2) |
| Upstash | Rate limiting | Request metadata (IP-based counters, no PII stored) |
| Sentry | Error tracking | Application error context (stack traces, request metadata) |
| Resend | Transactional email (via Supabase SMTP) | Email address (for account invitations and password resets) |
| HubSpot | Consultation scheduling (marketing website only) | Name, email, and meeting details you provide when booking |
When you import data from external conference platforms, our servers fetch data from those platforms' APIs during the import. We do not send your EventEdIQ data back to those platforms.
We do not sell your data to third parties. We do not share your data with third parties for their marketing purposes.
Sub-Processor Changes
The sub-processor list above is current as of May 2026. We will update this page if we add new sub-processors. Clients with active agreements will be notified via email before we engage any new sub-processor that processes conference data.
5. Data Security
For details on our infrastructure, encryption, authentication, data isolation, monitoring, testing practices, and incident response procedures, see our Security page.
6. Your Rights
You have the right to:
- Request access to the data we hold about your organization
- Request correction of inaccurate data
- Request deletion of your data
- Request a full export of your data in a portable format
To exercise these rights, contact us at josh@eventediq.com.
For Users in the European Union
If you are located in the EU, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with your local data protection authority.
Legal basis for processing: For conference data processing, our legal basis is performance of a contract (providing the services you requested).
For California Residents
California residents have rights under the CCPA including the right to know what personal information we collect and the right to request deletion. We do not sell personal information.
7. Children's Privacy
EventEdIQ is designed for business use by conference organizers and is not directed at children under 16. We do not knowingly collect personal information from children.
8. International Data Transfers
Data is processed on servers located in the United States. Vercel (application hosting) uses its US-East region. Supabase (database) uses AWS US-East. If you are accessing our services from outside the US, your data will be transferred to and processed in the US.
For EU users, we rely on Standard Contractual Clauses (SCCs) as the legal mechanism for data transfers. Our infrastructure providers (Vercel and Supabase) maintain SCCs as part of their data processing terms.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date. We encourage you to review this policy periodically.
10. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
EventEdIQ
Email: josh@eventediq.com