Event-Isolated Data
Attendee data is scoped to the event where it was collected.
Protecting attendee data is not a compliance checkbox — it is a foundational commitment.
At myEventz.ai we believe that protecting attendee data is not a compliance checkbox — it is a foundational commitment. The following statement describes the technical and operational controls we have put in place to safeguard your data and the data of every attendee who interacts with our platform.
Attendee data is scoped to the event where it was collected.
Data is protected in transit, at rest, and within messaging flows.
Administrative and organizer access is protected by role controls and MFA.
Backup, recovery, and restore testing support reliable event operations.
All attendee data within the myEventz.ai platform is strictly scoped to the event for which it was collected.
A single user attending multiple events creates separate, isolated records — data from one event is never merged into another without explicit re-consent. We apply data minimisation principles throughout: our AI voice agents collect only the specific attributes defined in the configuration for each event and persona, nothing more.
Every database record is partitioned by Event ID. Cross-event queries are restricted at the application layer.
AI extraction targets only pre-approved attribute fields. New data types cannot be added without a formal configuration change.
All record deletions are captured in an immutable audit log, supporting Right to Erasure requests and data retention compliance.
Encryption protects API endpoints, webhook paths, voice audio, storage, and message content.
Preserved from the original statement and formatted for the web.
| Area | Protection Applied |
|---|---|
| In Transit | TLS encryption on all API endpoints and webhook ingestion paths. All voice audio is streamed over encrypted channels from device to our speech processing layer. |
| At Rest | All databases, object storage including audio, transcripts, and artifacts, and message content are encrypted at rest. Direct messages and bulletin posts are additionally encrypted at the application layer before storage. |
Access to the platform is governed by Role-Based Access Control and enforced at the API Gateway layer.
Multi-factor authentication is required for all administrative and organizer accounts. The following controls are active for every deployment:
Identity, authentication, AI data handling, messaging, consent, and secrets management.
| Control | Implementation |
|---|---|
| Multi-Factor Authentication | MFA enforced for all organizer and administrative access. Short-lived OTP challenges with automatic expiry. |
| JWT / OAuth 2.0 | All API clients authenticate via short-lived signed tokens. No long-lived passwords are transmitted on API calls. |
| PII Sanitisation Before LLM | Personally Identifiable Information is identified and hashed before any data is transmitted to external AI providers. Raw PII never leaves our infrastructure unmasked. |
| Encrypted Messaging | All direct attendee-to-attendee messages and social bulletin posts are encrypted at the application layer before database storage. |
| Consent-First AI Conversations | Explicit attendee consent is collected during onboarding before any AI voice conversation is recorded or processed. |
| Secrets Management | All API keys, credentials, and encryption keys are stored in a dedicated secrets manager. Secrets are environment-specific and are never shared across Dev, QA, and Production. |
We integrate with best-in-class providers for speech processing, cloud infrastructure, object storage, and AI models.
We integrate with best-in-class providers for speech processing, cloud infrastructure, object storage, and AI models.
Platform availability, recovery targets, backup frequency, storage, and restore testing are designed to support reliable event operations.
Platform uptime commitment
Maximum data loss window through incremental backups
Availability, recovery, backup, storage, and disaster recovery testing details.
| Area | Commitment |
|---|---|
| Target Availability | 99.99% platform uptime commitment |
| Recovery Point Objective (RPO) | 15 minutes — maximum data loss window through incremental backups |
| Backup Frequency | Full daily backups + incremental backups every 15 minutes |
| Backup Storage | Multi-region encrypted cloud storage — geographically distributed |
| Restore Testing | Quarterly disaster recovery drills to validate RTO/RPO targets |
Questions regarding our privacy and security practices may be directed to the myEventz.ai team. We are committed to responding to all security inquiries within 24 hours.
Please send the following information to myEventz.ai Support team so that we can delete your account:
your Invitation number, name and email address.