Data Security Policy

Version 1.1 — Reviewed September 2025

At Eventflow, protecting your data is one of our highest priorities. We work with event organisers around the world, and we know that safeguarding personal and organisational data is fundamental to building trust.

We are committed to meeting the standards of the UK GDPR and Data Protection Act 2018, and we continually review and improve our security practices to ensure your information stays safe.

Our Security Commitment

  • Cyber Essentials certified — independently verified against UK government–endorsed cybersecurity standards.
  • Encryption — all data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access controls — strict role-based access, multi-factor authentication, and regular reviews of staff access rights.
  • Backups and monitoring — system logs and backups are retained securely for 90 days to ensure availability and recovery.
  • Annual penetration testing — independent third-party testing is carried out every year.

Our Infrastructure

Eventflow uses leading cloud-based services to provide secure hosting, authentication, email delivery, and error monitoring. All suppliers are bound by Data Processing Agreements and required to meet GDPR standards.

Supplier Due Diligence

We carefully select and regularly review all service providers that process personal data on our behalf. This includes assessing their security certifications, data protection practices, and contractual commitments to ensure they meet the same high standards that we set for ourselves.

International Data Transfers

Some of our service providers process data outside the UK/EEA. We ensure transfers are lawful and protected by:

  • Standard Contractual Clauses (SCCs)
  • The UK’s International Data Transfer Addendum (IDTA)
  • Adequacy decisions where applicable

This ensures your data receives the same level of protection wherever it is processed.

Data Retention

  • Exhibitor data — deleted 30 days after an event ends (unless the organiser requests earlier deletion).
  • System logs and backups — retained for 90 days, then permanently erased.
  • Analytics data — anonymised and may be retained indefinitely to help us improve performance and reliability.

Staff Training

All Eventflow employees complete GDPR and security training at onboarding and receive refresher training every year. Staff access to personal data is strictly controlled, logged, and monitored.

Incident Response

If a data breach ever occurs, we will act quickly and transparently.

  • We follow a documented Incident Management Policy.
  • We notify organisers without delay and, where required, report to the Information Commissioner’s Office (ICO) within the statutory timeframes.

Your Rights

Under UK GDPR, you have the right to:

  • Access the data we hold about you
  • Request correction or deletion
  • Restrict or object to processing
  • Request portability of your data
  • Not be subject to decisions based solely on automated processing

To exercise your rights, please contact us at support@eventflowapp.com.

Policy Review

This policy is maintained by Eventflow Technologies Ltd. and reviewed annually in September to ensure it remains accurate and effective.

Eventflow Technologies Ltd
Registered Office: 4 Dukes Court, Bognor Road, Chichester, England, PO19 8FX
Trading Address: Unit 11, Trident Business Park, Selsey, West Sussex, PO20 9DY
Contact: support@eventflowapp.com

Cyclists competing at cycle event

Try for yourself

Experience Eventflow from your exhibitors’ point of view. No setup, no sales calls, no strings attached.

*Field required.

Thank you! We have received your demo request.
Oops! Something went wrong while submitting the form.
Eventflow logo
hello@eventflowapp.comFeature TourOnboardingAboutWhat is an Exhibitor Manual?Exhibitor Manual for Startups
Eventflow is a registered trademark of Eventflow Technologies Ltd, a company registered in England with company number 15392919. © 2025 Eventflow Technologies Ltd. All Rights Reserved.
Cyber Essentials Certified, ID: 4be4ba15-2b46-4c69-a347-204c2ba2e5d8
Privacy PolicyCookie PolicyData Security PolicyIncident Management PolicyService Availability PolicyCSR Policy