Inviteflow (“Inviteflow”, “we”, “us”) provides an event-operations platform to ministries, embassies, associations, agencies and enterprises (the “Customer”). This policy explains how we collect, use and protect personal data.
1. Data we process
We process two categories of personal data: (a) workspace operators — the named individuals from the Customer's organisation who sign in to Inviteflow, and (b) event guests and speakers — the individuals the Customer chooses to manage inside their workspace.
2. Lawful basis
For workspace operators we rely on the performance of our contract with the Customer. For guest and speaker data, the Customer is the data controller; Inviteflow acts as data processor.
3. Where data is stored
Production data is stored in EU data centres with row-level security enforced at the database layer. Access by Inviteflow staff is role-restricted and logged.
4. Retention
Guest data is retained for the lifetime of the workspace and deleted within 30 days of workspace closure or written deletion request from the Customer.
5. Sub-processors
We use a limited set of vetted sub-processors for infrastructure, email delivery and observability. The current list is available on request to privacy@inviteflow.io.
6. Your rights
Workspace operators may request access, correction or deletion of their personal data by emailing privacy@inviteflow.io. Guests should contact the Customer (the organiser of the event) directly.
7. Contact
Questions about this policy can be sent to privacy@inviteflow.io.