Privacy is the product, not the policy.

Sensitive Data Protection

Sensitive attendee content is treated conservatively in preview and protected before account backup flows. We avoid claiming blanket end-to-end coverage for every event surface until implementation is fully uniform.

Minimal Data Collection

We collect what’s needed to run the service — your email for authentication, event membership for access, QR scans for the gamification you opted into. That’s it. No behavioral tracking, no advertising profiles, no cross-event data mining, no selling attendee data to sponsors.

Hosted on AWS (United States)

Cordivent runs on Amazon Web Services in the United States. Data is encrypted in transit, and hosted infrastructure follows standard AWS shared-responsibility practices. Additional enterprise controls should be confirmed during pilot scoping.

Compliance Posture

• CAN-SPAM: All emails include sender identity, physical address, and one-click unsubscribe.
• Privacy principles: Data minimization, purpose limitation, and explicit publish posture guide product decisions.
• Accessibility: Keyboard navigation, screen-reader support, and WCAG-oriented patterns are part of the core UI target.
• Global Privacy Control: Handled where applicable in the current policy posture.

Data Retention & Deletion

Security logs are retained for approximately 30 days. Event data retention depends on the account and pilot scope in use. Export and deletion controls exist in the account settings surface, with production retention details to be confirmed per deployment.