Eventstreams
Back to pricing
Platform legal

Privacy Policy

Published 16 May 2026, 11:14

EVENTSTREAMS SYSTEMS LTD

Company Number: 17163075

167–169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom

Contact: hello@eventstreams.co

Last updated: 21 April 2026

---

1. INTRODUCTION

EventStreams Systems Ltd ("EventStreams", "we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.

This policy applies to all users of the EventStreams platform (the "Platform"), including Organisers, Contacts, and Attendees.

By creating an account or signing in to the Platform, you acknowledge that you have read and understood this Privacy Policy. Where our processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.

EventStreams is registered with the Information Commissioner's Office (ICO) as a data controller. For queries about this policy, contact us at hello@eventstreams.co.

---

2. WHO THIS POLICY APPLIES TO

This policy covers three categories of individuals whose data we process:

  • Organisers and Contacts — companies and individuals who register for an EventStreams account and their staff members who access the Platform ("you" in most of this policy).
  • Attendees — individuals who register for or attend Events hosted on the Platform.
  • Visitors — individuals who browse our public-facing pages without creating an account.

Where EventStreams processes Attendee data on behalf of an Organiser, the Organiser is the data controller and EventStreams is the data processor. Those arrangements are governed by a separate Data Processing Agreement (DPA).

---

3. DATA WE COLLECT

3.1 Account and Identity Data

When you create an account or are added as a Contact, we collect:

  • Name and email address
  • Password (stored in hashed form only)
  • Organisation name and role
  • Profile information you choose to provide
  • Two-factor authentication (2FA) credentials

3.2 Event and Content Data

When you create and manage Events on the Platform, we collect:

  • Event details (name, description, dates, location, format)
  • Attendee lists, registration forms, and responses
  • Uploaded files, images, and videos
  • Live stream recordings and video-on-demand content
  • Poll, Q&A, and chat content generated during Events
  • Venue information including geolocation data

3.3 Activity and Usage Data

When you are signed in to the Platform, we monitor and record your activity. This includes:

  • Pages visited, features accessed, and actions taken within the Console or Client applications
  • Session information including login timestamps, duration, and logout events
  • Feature usage patterns (e.g. which tools are used and how frequently)
  • In-Event interactions (polls submitted, chat messages sent, video views)
  • Errors, crashes, and debugging information linked to your session

This monitoring is necessary to deliver the service securely, detect misuse, troubleshoot issues, and improve the Platform. It is conducted on the legal bases of contract performance and legitimate interests (see Section 5).

3.4 Technical and Device Data

We automatically collect technical information when you access the Platform, including:

  • IP address and approximate geolocation (country/region)
  • Browser type, version, and operating system
  • Device identifiers
  • Referring URLs and navigation paths
  • HTTP request logs

3.5 Payment and Billing Data

When you subscribe to a paid Plan or process payments through the Platform:

  • Billing name, address, and email
  • Payment method details (processed and stored by Stripe — we do not store full card numbers)
  • Transaction history, invoices, and subscription status
  • Payout and financial data for Organiser accounts using Stripe Connect

3.6 Communications Data

Records of communications between you and EventStreams, including:

  • Support requests and responses
  • Emails and notifications sent through the Platform
  • Feedback and survey responses

3.7 Attendee Data (Processed on Behalf of Organisers)

Where Attendees register for an Event, we collect on the Organiser's behalf:

  • Name, email address, and registration details
  • Custom form responses as configured by the Organiser
  • Attendance and engagement data (check-in, session attendance, interaction logs)
  • Ticket purchase records

---

4. HOW WE COLLECT YOUR DATA

We collect personal data:

  • Directly from you when you register, configure your account, create Events, or contact us
  • Automatically when you use the Platform (session tracking, activity logs, server logs)
  • From your organisation when an admin adds you as a Contact
  • From Attendees when they register for your Events
  • From third-party services such as Stripe (payment confirmation), eNom (domain registration), and Xero (accounting sync)
  • From public sources where relevant to fraud prevention or verification

---

5. LEGAL BASES FOR PROCESSING

We process your personal data under the following legal bases as required by UK GDPR:

Processing ActivityLegal Basis
Creating and managing your accountContract performance
Delivering Platform features and Event toolsContract performance
Activity monitoring and session tracking when signed inContract performance; Legitimate interests (security, fraud prevention, service integrity)
Processing subscription paymentsContract performance; Legal obligation
Sending service and transactional emailsContract performance
Technical logging, debugging, and error trackingLegitimate interests
Security monitoring and fraud detectionLegitimate interests; Legal obligation
Analytics to improve the PlatformLegitimate interests
Compliance with tax, legal, and regulatory obligationsLegal obligation
Marketing communications (where applicable)Consent
Processing Attendee data on behalf of OrganisersContract performance (as processor)

Our legitimate interests: We have a legitimate interest in operating a secure, reliable, and improving SaaS platform. Activity monitoring when you are signed in is a core part of this — it enables us to detect unauthorised access, investigate incidents, resolve bugs, and understand how the Platform is used. We have assessed that this monitoring does not override your privacy rights given the business context in which you use the Platform and the safeguards we apply.

---

6. HOW WE USE YOUR DATA

We use your personal data to:

  • Provide, operate, and maintain the Platform and its features
  • Authenticate your identity and manage your account and sessions
  • Monitor activity during signed-in sessions for security, fraud prevention, and service improvement
  • Process payments, manage subscriptions, and issue invoices
  • Send service notifications, product updates, and support responses
  • Enforce these Terms and our Acceptable Use Policy
  • Investigate and resolve disputes, errors, and security incidents
  • Comply with legal and regulatory obligations
  • Analyse usage patterns to improve and develop the Platform

We do not sell your personal data to third parties. We do not use your data for automated decision-making that produces legal or similarly significant effects without human review.

---

7. ACTIVITY MONITORING WHEN SIGNED IN

When you are authenticated on the Platform, EventStreams records your in-session activity as described in Section 3.3. This is disclosed clearly so you can make an informed choice about using the Platform.

Specifically:

  • What we record: Actions taken in the Console or Client apps, including navigation, feature interactions, content creation, and event management activity. In-Event interactions such as chat, polls, and video engagement are also logged.
  • Why: To maintain service security, detect policy violations, resolve support requests, audit account activity, and improve the product.
  • How long: Activity logs are retained for up to 12 months, after which they are aggregated or deleted (see Section 11).
  • Who can see it: EventStreams staff with appropriate access controls. Organisers may also have access to Attendee-level activity data for their own Events.
  • Your rights: You may request access to your activity data at any time (see Section 12).

---

8. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to operate the Platform. These include:

  • Essential cookies — required for authentication, session management, and security (e.g. `es_` and `esi_` session cookies). These cannot be disabled without breaking the service.
  • Functional cookies — remember your preferences and settings.
  • Analytics cookies — help us understand how the Platform is used (where consent is obtained).

You can manage non-essential cookies through your browser settings. Disabling essential cookies will prevent you from signing in.

A full Cookie Policy is available on request.

---

9. THIRD-PARTY SERVICES AND DATA SHARING

To deliver the Platform, we share data with the following categories of third-party service providers acting as data processors on our behalf, or as independent controllers where indicated:

ProviderData SharedPurpose
Amazon Web Services (AWS)All platform dataCloud hosting, storage, email delivery, compute
StripeBilling and payment dataPayment processing and Connect payouts
MuxVideo content and viewer dataLive streaming, VOD, and video analytics
LiveKitVideo room participant dataLive video rooms and stage sessions
PusherReal-time message dataAttendee engagement channels
MapboxVenue location dataVenue mapping and geocoding
VercelFrontend request logsApplication hosting
eNomDomain registration dataDomain purchase and management
XeroInvoice and financial dataAccounting synchronisation
OpenAIQueries submitted to AI assistantAI chat and transcription features
ElevenLabsText submitted for voice generationAI voice generation
AviationstackFlight search queriesFlight lookup features
what3wordsVenue location queriesLocation autosuggest (where enabled)

We require all third-party processors to implement appropriate security measures and to process data only on our documented instructions.

We do not share your personal data with third parties for their own marketing purposes.

Legal disclosures: We may disclose personal data to law enforcement, regulators, or courts where required by applicable law or to protect the rights, safety, or property of EventStreams or others.

---

10. INTERNATIONAL DATA TRANSFERS

Our primary infrastructure operates in AWS eu-west-2 (London). However, some third-party providers listed in Section 9 (including Stripe, Mux, OpenAI, and ElevenLabs) process data in the United States or other countries outside the UK.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs) with relevant providers
  • Transfers to countries with UK adequacy decisions where applicable

You may request details of the specific safeguards in place for any transfer by contacting hello@eventstreams.co.

---

11. DATA RETENTION

We retain your personal data only for as long as necessary for the purposes described in this policy:

Data TypeRetention Period
Account and identity dataDuration of account, plus 30 days post-closure
Event and content dataDuration of account, plus 30 days post-closure
Activity and session logsUp to 12 months
Payment and billing records7 years (legal/tax obligation)
Technical and server logsUp to 90 days
Backup copiesUp to 30 days after deletion from live systems
Communications with EventStreams supportUp to 3 years

Where data must be retained for legal or regulatory reasons, we restrict access and use during the retention period.

---

12. YOUR RIGHTS UNDER UK GDPR

You have the following rights in relation to your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your data where there is no lawful reason for us to continue processing it.
  • Right to restriction — request that we limit processing of your data in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object — object to processing based on legitimate interests, including profiling.
  • Rights related to automated decisions — request human review of any significant automated decisions.
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, contact us at hello@eventstreams.co. We will respond within 30 days. We may need to verify your identity before processing your request.

---

13. CHILDREN'S PRIVACY

The Platform is not directed at children under 13, and we do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, contact us at hello@eventstreams.co and we will delete it promptly.

Attendees under 18 may attend Events, but registration must be completed by a parent or guardian or with their consent where required by applicable law.

---

14. SECURITY

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

  • Encryption of data in transit (TLS) and at rest
  • Access controls and role-based permissions
  • Two-factor authentication (2FA) for account access
  • Regular security reviews and monitoring
  • Incident response procedures

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at hello@eventstreams.co.

---

15. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email or by a prominent notice on the Platform at least 14 days before the change takes effect.

The updated policy will be published at the current URL with a revised "Last updated" date. Continued use of the Platform after the effective date constitutes acknowledgment of the updated policy.

---

16. COMPLAINTS

If you have concerns about how we handle your personal data, please contact us first at hello@eventstreams.co and we will endeavour to resolve the matter promptly.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Telephone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

---

17. CONTACT

For any questions about this Privacy Policy or to exercise your data rights:

EventStreams Systems Ltd

167–169 Great Portland Street, 5th Floor

London, W1W 5PF

United Kingdom

Email: hello@eventstreams.co

---

This Privacy Policy was last updated on 21 April 2026.

Auth v2.5.3