1. Introduction
This Privacy Policy explains how Event Production Toolkit EPTK ("we", "us", "our") collects, uses, and protects your personal data when you use the eptk.cloud service ("the Service") or visit our website at eptk.cloud.
We are committed to protecting your privacy and processing your data in compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
Event Production Toolkit EPTK
PL 11, 00811 Helsinki, Finland
Email: support@eptk.cloud
3. Data We Collect and Processing Purposes
We collect and process different types of data depending on how you interact with the Service:
1. Landing Page Waitlist Signup
| Data | Purpose | Retention |
|---|---|---|
| Email address | To notify you when the Service launches or updates | Until launch or upon erasure request |
| Signup date | To track when you joined the waitlist | Same as email |
| Consent record | To prove agreement to processing | As required by law |
2. eptk.cloud SaaS Application
| Data Category | Specific Fields | Purpose |
|---|---|---|
| Account Data | Name, email address, profile photo, credentials | Authentication and account management |
| Workspace Data | Event schedules, budgets, team roles, logistics details, files | Providing event planning and management features |
| Billing Data | Subscription status, VAT ID / Business ID, payment tokens | Payment processing (handled securely by Stripe, Inc.) |
| Usage Data | Login timestamps, IP address, error logs, device information | Security, diagnostics, and application improvement |
| Location Data | Venue coordinates, active transport GPS coordinates | Providing logistics mapping and driver coordination features (only while transport is active) |
4. Legal Basis for Processing
We process your data based on:
- Contract performance (GDPR Art. 6(1)(b)): To provide the Service you subscribe to and manage your account.
- Legitimate interest (GDPR Art. 6(1)(f)): To ensure security, diagnose application issues, and improve our Service.
- Consent (GDPR Art. 6(1)(a)): For optional activities, such as receiving waitlist updates.
- Legal obligation (GDPR Art. 6(1)(c)): Tax, accounting, and anti-fraud regulations (e.g. billing retention).
5. Data Location and Sub-processors
All primary data processing and database hosting occur within the European Union (EU). We share data only with the following key service providers:
- Google Cloud: Cloud infrastructure, database, authentication, and enterprise-grade AI processing services via Google Enterprise Agent Platform / Vertex AI (data stored and processed strictly within the EU secure enterprise boundary). We guarantee that your personal and event data is never used by Google to train Google's generative models or logged for manual review. We reserve the right to use aggregated, anonymized, or de-identified data to train and improve our own proprietary machine learning models to enhance the Service.
- Stripe, Inc.: Billing and payment processing (PCI-DSS compliant, handles VAT/Business IDs and credit card processing).
- SendGrid: Transactional email notifications (e.g., account verification, password resets).
We do not sell or share your personal data with third parties for marketing purposes.
6. Data Retention
- Account Data: Retained while your account is active and deleted 30 days after account termination.
- Workspace Data: Retained as long as the workspace exists, and permanently deleted 30 days after workspace deletion.
- Usage & Server Logs: Anonymized server logs are stored for security diagnostics for up to 90 days.
- Billing records: Retained for 7 years as required by Finnish accounting law.
7. Your Rights (GDPR)
Under GDPR, you have the following rights regarding your personal data:
- Access – Request a copy of your personal data
- Rectification – Correct inaccurate or incomplete data
- Erasure – Request deletion of your data ("right to be forgotten")
- Restriction – Request a restriction of data processing
- Portability – Receive your data in a structured, machine-readable format
- Object – Object to processing based on legitimate interests
- Withdraw consent – Unsubscribe from waitlist or promotional emails at any time
To exercise any of these rights, contact us at: support@eptk.cloud. We will respond within 30 days.
8. Cookies and Analytics
Essential Cookies: The Service uses only essential technical cookies required for authentication and session management. We do not use third-party tracking, advertising, or behavioral profiling cookies.
Application Analytics: We use Google Analytics for Firebase and Google BigQuery to monitor application performance, analyze feature usage patterns, and optimize event workflows. This data is processed pseudonymously in an aggregated format within our secure Google Cloud database in the EU, and is never used or shared for marketing or behavioral advertising.
9. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuojavaltuutettu):
Website: tietosuoja.fi/en/home | Email: tietosuoja@om.fi
10. Changes to This Policy
We may update this Privacy Policy as the Service and product features develop. Significant changes will be communicated to registered users via the Service or email.
11. Contact
For privacy-related questions:
Email: support@eptk.cloud
Address: Event Production Toolkit EPTK, PL 11, 00811 Helsinki, Finland