Privacy Policy
Last updated: May 10, 2026
1. Who We Are
iGamingEvents.ai ("we", "us", "our") is a B2B event calendar service for iGaming professionals, Contact: [email protected]
2. Data We Collect
When you create an account, we collect:
- Account data: Full name, professional email address, password (stored hashed), company name, job title, phone number, country
- Optional data: LinkedIn URL, referral source
- Usage data: Event reminders set, calendar sync preferences, hotel tip requests
- Payment data: Processed by Stripe — we do not store your card details. We store only your Stripe customer ID and subscription status.
- Technical data: IP address, browser type, device info (via analytics)
3. Legal Basis for Processing (GDPR Art. 6)
- Consent (Art. 6(1)(a)): You explicitly consent during registration
- Contract performance (Art. 6(1)(b)): To provide the calendar service you signed up for
- Legitimate interest (Art. 6(1)(f)): Analytics and service improvement
4. How We Use Your Data
- Provide and maintain the iGamingEvents.ai service
- Send event reminders and subscription-related emails
- Process payments via Stripe
- Generate AI-powered hotel and side-event tips
- Improve service quality and user experience
We do not sell, rent, or share your personal data with third parties for marketing purposes.
5. Data Sharing
We share data only with:
- Stripe: Payment processing (PCI-DSS compliant)
- Abacus.AI: Application hosting and email delivery
- OpenAI: AI-generated hotel tips (anonymized — only event location is shared, no personal data)
6. Your Rights (GDPR Art. 15–21)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure (“Right to be forgotten”): Delete your account and all associated data
- Data portability: Export your data in a machine-readable format
- Withdraw consent: At any time, without affecting the lawfulness of prior processing
To exercise these rights, use the self-service options in your account settings or email [email protected]. We respond within 30 days.
7. Data Retention
We apply the following retention periods:
- Active accounts: Data retained for the lifetime of the account
- Account deletion: All personal data (name, email, company, job title, phone, LinkedIn URL, saved events, reminders, suggestions) permanently deleted within 30 days of request
- Payment records: Stripe transaction IDs retained for 7 years per EU tax/accounting requirements (Directive 2006/112/EC)
- Email notification logs: Delivery metadata retained for 90 days, then deleted
- Server access logs: IP addresses and request logs retained for 30 days for security purposes, then anonymized
- Analytics data: Google Analytics data subject to Google's retention settings (set to 14 months)
- Inactive accounts: Accounts with no login for 24 months will receive a reactivation email. If no response within 30 days, the account is deleted per the policy above
8. Cookies
We categorize cookies as follows:
- Essential cookies (always active): Session authentication token (next-auth.session-token), CSRF protection token. These are strictly necessary for the service to function and cannot be disabled.
- Analytics cookies (consent required): Google Analytics (_ga, _ga_*) for aggregated, anonymized usage statistics. These are only loaded after you explicitly click "Accept" on the cookie banner. Selecting "Essential Only" blocks all non-essential cookies.
No advertising, remarketing, or third-party tracking cookies are used.
8a. Lawful Basis for Communications
- Event reminders: Legitimate interest (Art. 6(1)(f)) — you actively set reminders for events you chose
- Subscription/billing emails: Contract performance (Art. 6(1)(b)) — necessary for service delivery
- Service updates: Legitimate interest (Art. 6(1)(f)) — critical changes affecting your account
- Marketing/newsletter: Not currently sent. If introduced, will require explicit opt-in consent (Art. 6(1)(a))
9. Data Security
We implement industry-standard security measures including encrypted connections (TLS), hashed passwords (bcrypt), and secure hosting infrastructure. Access to personal data is restricted to authorized personnel only.
10. Changes
We may update this policy. Significant changes will be communicated via email to registered users.
11. Contact & Complaints
For privacy inquiries: [email protected]
You have the right to lodge a complaint with your local data protection authority.