Trust & compliance

GDPR & data protection

Eventira is built for event teams across Europe, so data protection isn’t an afterthought. Here’s exactly how we handle personal data under the EU GDPR (2016/679) — and India’s DPDPA 2023.

EU / EEA-hosted GDPR-ready AES-256 encryption DPA available

Our role: controller vs. processor

When you run an event on Eventira, you are the data controller for your attendees’ data and Eventira is your processor — we process attendee data only on your documented instructions, solely to operate your event.

Eventira’s data controller (for our own website and account data) is Apoorva Agwan, Chief Executive Officer, Eventira Software Pvt. Ltd., Naupada, Thane, Maharashtra, India (CIN: U62090MH2025PTC461233). Reach us at admin@eventira.com.

Your rights

Under the GDPR you can exercise the following rights at any time — email admin@eventira.com and we’ll respond within one month:

  • Access — get a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — delete your account and data (see how to delete your account).
  • Restriction & objection — limit or object to certain processing.
  • Portability — receive your data in a portable format.

What we process & how long

For events, we process only what’s needed: name and email (required), and optionally phone, job title/organisation, professional interests/bio (for networking), and dietary/accessibility needs. No payment data is collected by Eventira. Attendee data is retained for up to 12 months post-event for networking, and deleted sooner on account deletion, erasure request, or your instruction.

Where your data lives & who we use

Your data is hosted in the EU/EEA. We use a small, vetted set of sub-processors, each bound by equivalent data-protection obligations. We give 30 days’ notice before adding or replacing any sub-processor.

Sub-processorPurposeLocation
DigitalOcean (cloud hosting)Infrastructure & data storageAmsterdam, Netherlands (EEA)
DigitalOceanTransactional email deliveryAmsterdam, Netherlands (EEA)
Eventira (in-house)Attendee networking & matchingIndia
Google AnalyticsWebsite analytics (consent-gated)EU/US (Consent Mode)

Breach notification & transfers

We maintain a tested breach-response procedure and will notify the controller within 72 hours of a confirmed personal-data breach, with full details. Where data is processed outside the EEA, we rely on appropriate safeguards (e.g. Standard Contractual Clauses) and acknowledge DPDPA obligations for Indian residents’ data.

Data Processing Agreement (DPA)

Running an event with us? We’re happy to sign a DPA. Download our standard template to review, or request a countersigned copy.

Eventira Data Processing Agreement
Standard template — GDPR & DPDPA. Fill in your organisation’s details and return, or ask us to countersign.
Download DPA (PDF)
To request a signed DPA, or for any privacy question, email admin@eventira.com. See also our Security and Privacy Policy.