Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you use ContactSolution, we collect information that you provide directly to us:

• Account Information: Name, email address, company name
• Event Information: Event names, dates, descriptions, attendee data
• Contact Information: Names, email addresses, phone numbers, company details, social media links for attendees and contacts
• Payment Information: Processed securely through Stripe (we do not store full credit card numbers)

1.2 Information Collected Automatically

We automatically collect certain information when you use our service:

• Usage Data: Pages viewed, features used, time spent, QR code scans
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, referring URLs

2. How We Use Your Information

We use the information we collect to:

• Provide Our Service: Create and manage events, generate digital contact cards, deliver wallet passes
• Improve Our Service: Analyze usage patterns, develop new features, fix bugs
• Communicate With You: Send service updates, security alerts, respond to inquiries
• Ensure Security: Detect and prevent fraud, abuse, and security incidents
• Comply With Legal Obligations: Respond to legal requests, enforce our terms

3. Data Sharing and Disclosure

3.1 Service Providers

We share your information with trusted third-party service providers who assist us in operating our service:

• Amazon Web Services (AWS): Cloud hosting and infrastructure
• Stripe: Payment processing
• SendGrid/Amazon SES: Email delivery
• Apple/Google: Wallet pass delivery

3.2 Data Controllers

For event data, the event organizer is the data controller and ContactSolution is the data processor. Event organizers are responsible for:

• Obtaining proper consent from attendees
• Complying with applicable privacy laws (GDPR, CCPA)
• Handling data subject requests for their attendees

3.3 We Will NEVER:

• Sell your personal information to third parties
• Share your contact information with advertisers
• Use your data to train AI models without explicit consent

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• Access Controls: Role-based access, two-factor authentication, least-privilege principles
• Infrastructure: Secure cloud hosting with AWS, regular security updates
• Monitoring: Continuous security monitoring and incident response procedures

5. Data Retention

We retain your information for as long as your account is active or as needed to provide our services:

• Active Data: Retained while your account is active
• Event Data: Retained for 90 days after event end date (unless exported by organizer)
• Backup Data: Retained for 30 days in encrypted backups
• Legal Requirements: Some data may be retained longer to comply with legal obligations

6. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data (fulfilled within 30 days)
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Export your data in a structured, machine-readable format
• Opt-Out: California residents can opt out of "sale or sharing" of personal information
• Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at privacy@outreachpass.com or use our self-service data export/deletion tools in your account settings.

7. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze site usage and performance
• Prevent fraud and abuse

You can control cookies through your browser settings. Note that disabling cookies may affect service functionality.

8. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. We ensure adequate protections through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements (DPAs) with all service providers
• Compliance with GDPR requirements for international transfers

9. Children's Privacy

ContactSolution is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Data Breach Notification

In the event of a data breach that affects your personal information:

• We will notify you within 72 hours of discovering the breach (GDPR requirement)
• Notification will include the nature of the breach, data affected, and steps being taken
• We will notify relevant supervisory authorities as required by law

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new policy on this page with an updated "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice in the application

Your continued use of ContactSolution after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices:

• Email: privacy@outreachpass.com
• Security Issues: security@outreachpass.com
• Data Subject Requests: privacy@outreachpass.com

13. Supervisory Authority

If you are located in the European Economic Area (EEA) or United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal data unlawfully.