Privacy Policy
Last updated: 28 February 2026
The short version: We collect only what we need to match you with the right people at events. We never sell your data, never show ads, and never build public profiles. You can export or delete everything at any time.
1. Who We Are
Event Medium ("we", "us") operates eventmedium.ai, an AI-powered networking platform that matches professionals at events using signal triangulation. Our data controller contact is privacy@eventmedium.ai.
2. What We Collect
| Data | Source | Purpose |
|---|
| Name, email | Sign-up (OAuth or email) | Account identity, communications |
| Company, avatar | OAuth provider (if available) | Profile context |
| Canister profile: stakeholder type, themes, intent, offering, geography, deal details, focus text | Your conversations with Nev (AI concierge) | Matching algorithm inputs |
| Event registrations | Your selections | Scoping matches to events you attend |
| Match decisions | Accept / decline actions | Double-blind matching flow |
| Nev conversations | Chat messages | Building and refining your canister |
| Post-meeting feedback | Debrief conversations with Nev | Improving match quality |
3. How We Use Your Data
We process your data under GDPR Article 6(1)(b) — performance of a contract (providing the matching service you signed up for) and Article 6(1)(f) — legitimate interest (improving match quality). Specifically:
- Matching: Your canister data is used to compute match scores with other users at the same event. This is done server-side — your raw profile is never shared with other users.
- Anonymity: Matches are presented anonymously. Neither party sees the other's identity, company, or profile details until both explicitly opt in ("reveal").
- AI processing: Nev (our AI concierge) uses Anthropic's Claude API to process your conversations. Your messages are sent to Anthropic's API for real-time response generation. Anthropic does not use API inputs for model training.
- Analytics: We generate anonymized, aggregated analytics for event organisers (theme distribution, stakeholder mix, match rates). These never contain personal information.
4. What We Never Do
We never sell your data. We never show advertising. We never build public profiles or searchable directories. We never share your identity with other users without your explicit double-blind consent. We never use your data to train AI models.
5. Data Sharing
We share data only with:
- Anthropic (Claude API): Your Nev conversation messages, for real-time AI responses. Governed by Anthropic's API data policy — inputs are not used for training.
- Resend: Your email address, for transactional emails (sign-in codes, match notifications). No marketing emails without consent.
- Railway: Infrastructure provider hosting our database and application. SOC 2 compliant.
We do not share data with advertisers, data brokers, or any other third parties.
6. Data Retention
- Account data: Retained while your account is active. Deleted immediately upon account deletion.
- Session tokens: Expire after 30 days.
- Magic link codes: Expire after 10 minutes and are deleted on use.
- Match data: Retained for match quality improvement while your account is active. Deleted on account deletion.
- Nev conversations: Retained while your account is active for canister refinement. Deleted on account deletion.
7. Your Rights
Under GDPR and applicable data protection laws, you have the right to:
- Access — See all data we hold on you. Available at Your Data.
- Portability — Export your complete data as a machine-readable JSON file.
- Erasure — Permanently delete your account and all associated data. Immediate, irreversible, no questions asked.
- Rectification — Update your canister by talking to Nev or contact us for account corrections.
- Object — Contact us to object to specific processing activities.
- Withdraw consent — Where processing is based on consent, withdraw at any time.
Exercise any right at eventmedium.ai/privacy.html or email privacy@eventmedium.ai.
8. Security
- Passwords hashed with bcrypt (12 rounds)
- Session tokens: cryptographically random 256-bit
- Database connections encrypted with TLS
- Infrastructure hosted on Railway (SOC 2 compliant)
- No public APIs expose user profile data
- Admin dashboard uses only anonymized, aggregated data
9. Cookies
We use a single localStorage entry (auth_token) for session management. We do not use tracking cookies, analytics cookies, or any third-party cookies.
10. International Transfers
Our infrastructure is hosted on Railway, which may process data in the United States. Anthropic's Claude API processes conversation data in the United States. These transfers are governed by the respective providers' data processing agreements and standard contractual clauses.
11. Children
Event Medium is designed for professional networking and is not intended for use by anyone under 16. We do not knowingly collect data from children.
12. Changes
We may update this policy to reflect changes in our practices. We will notify active users by email of material changes. The "last updated" date at the top indicates the most recent revision.
13. Contact
For any privacy questions, data requests, or complaints:
Email: privacy@eventmedium.ai
Data settings: eventmedium.ai/privacy.html
You also have the right to lodge a complaint with your local data protection authority.