Privacy & Security Statement

Protecting attendee data is not a compliance checkbox — it is a foundational commitment.

FOR CLIENTS & EVENT ORGANIZERS Intelligence Labz Inc. — myEventz.ai Platform
Platform Commitment

Safeguarding the data behind every event experience

At myEventz.ai we believe that protecting attendee data is not a compliance checkbox — it is a foundational commitment. The following statement describes the technical and operational controls we have put in place to safeguard your data and the data of every attendee who interacts with our platform.

01

Event-Isolated Data

Attendee data is scoped to the event where it was collected.

02

Encrypted by Design

Data is protected in transit, at rest, and within messaging flows.

03

RBAC + MFA

Administrative and organizer access is protected by role controls and MFA.

04

99.99% Target Uptime

Backup, recovery, and restore testing support reliable event operations.

01

Data Architecture & Minimisation

All attendee data within the myEventz.ai platform is strictly scoped to the event for which it was collected.

A single user attending multiple events creates separate, isolated records — data from one event is never merged into another without explicit re-consent. We apply data minimisation principles throughout: our AI voice agents collect only the specific attributes defined in the configuration for each event and persona, nothing more.

Event-Isolated Storage

Every database record is partitioned by Event ID. Cross-event queries are restricted at the application layer.

Dynamic Attribute Mapping

AI extraction targets only pre-approved attribute fields. New data types cannot be added without a formal configuration change.

Soft-Delete Audit Trail

All record deletions are captured in an immutable audit log, supporting Right to Erasure requests and data retention compliance.

02

Data in Transit & at Rest

Encryption protects API endpoints, webhook paths, voice audio, storage, and message content.

Encryption Controls

Preserved from the original statement and formatted for the web.

Area Protection Applied
In Transit TLS encryption on all API endpoints and webhook ingestion paths. All voice audio is streamed over encrypted channels from device to our speech processing layer.
At Rest All databases, object storage including audio, transcripts, and artifacts, and message content are encrypted at rest. Direct messages and bulletin posts are additionally encrypted at the application layer before storage.
03

Identity, Access Control & PII Protection

Access to the platform is governed by Role-Based Access Control and enforced at the API Gateway layer.

Multi-factor authentication is required for all administrative and organizer accounts. The following controls are active for every deployment:

Access & PII Protection Controls

Identity, authentication, AI data handling, messaging, consent, and secrets management.

Control Implementation
Multi-Factor Authentication MFA enforced for all organizer and administrative access. Short-lived OTP challenges with automatic expiry.
JWT / OAuth 2.0 All API clients authenticate via short-lived signed tokens. No long-lived passwords are transmitted on API calls.
PII Sanitisation Before LLM Personally Identifiable Information is identified and hashed before any data is transmitted to external AI providers. Raw PII never leaves our infrastructure unmasked.
Encrypted Messaging All direct attendee-to-attendee messages and social bulletin posts are encrypted at the application layer before database storage.
Consent-First AI Conversations Explicit attendee consent is collected during onboarding before any AI voice conversation is recorded or processed.
Secrets Management All API keys, credentials, and encryption keys are stored in a dedicated secrets manager. Secrets are environment-specific and are never shared across Dev, QA, and Production.
04

Third-Party Vendor Oversight

We integrate with best-in-class providers for speech processing, cloud infrastructure, object storage, and AI models.

Integrated Providers

Critical platform providers

We integrate with best-in-class providers for speech processing, cloud infrastructure, object storage, and AI models.

ElevenLabs Google Cloud Platform Microsoft Azure OpenAI

All critical vendors are subject to:

  1. Quarterly review of vendor SOC 3 reports and security posture assessments.
  2. Contractual data processing agreements governing data residency and retention.
  3. Rate-limit adherence and content usage rights compliance.
  4. Periodic adversarial testing to validate resistance against prompt injection and data poisoning attacks.
05

Availability, Backup & Recovery

Platform availability, recovery targets, backup frequency, storage, and restore testing are designed to support reliable event operations.

Target Availability 99.99%

Platform uptime commitment

RPO 15 min

Maximum data loss window through incremental backups

Backup & Recovery Commitments

Availability, recovery, backup, storage, and disaster recovery testing details.

Area Commitment
Target Availability 99.99% platform uptime commitment
Recovery Point Objective (RPO) 15 minutes — maximum data loss window through incremental backups
Backup Frequency Full daily backups + incremental backups every 15 minutes
Backup Storage Multi-region encrypted cloud storage — geographically distributed
Restore Testing Quarterly disaster recovery drills to validate RTO/RPO targets
Security Inquiries

Questions about our privacy and security practices?

Questions regarding our privacy and security practices may be directed to the myEventz.ai team. We are committed to responding to all security inquiries within 24 hours.

Request for Account Deletion

Please send the following information to myEventz.ai Support team so that we can delete your account:
your Invitation number, name and email address.

Contact the myEventz.ai Team

This statement reflects controls active as of March 2026 and will be updated as our compliance programme matures.

Intelligence Labz Inc. — myEventz.ai Platform