Privacy policy

Last updated: 22 avril 2026

This policy describes how MyEvents360 collects, uses and protects its users' personal data, in accordance with the General Data Protection Regulation (GDPR).

1. Data controller

MyEvents360 — personal project in the process of being incorporated.
Contact: contact@myevents360.com

2. Data we collect

Account data

Email address (required, used for authentication)
Password (stored hashed, never in plain text)
Name or nickname
Profile picture (optional)
Favorite city (optional)

Event data

Title, description, date, location, category
Cover image
Invited members list
Shared photos and videos
Group chat messages
Questionnaire answers (where applicable)

Technical data

Device identifier (for push notifications)
Application error logs (anonymized)
IP address for API calls (kept temporarily for security)

No precise geolocation data is collected without an explicit user action (via the "Use my location" button when creating an event).

3. Purposes and legal bases

Providing the service (authentication, event management, messaging, media sharing) — legal basis: performance of the contract.
Sending push notifications about events — legitimate interest + system-level consent.
Content moderation (automatic detection of inappropriate content) — legitimate interest to ensure a safe environment.
Sending transactional emails (verification, password reset) — performance of the contract.
Service improvement (anonymized usage analysis) — legitimate interest.

4. Recipients and sub-processors

Data is shared only with the following technical providers, strictly as needed to run the service:

Supabase (database) — EU-based servers.
Cloudflare R2 (photo and video storage) — global CDN.
Cloudflare Pages (web hosting) — United States / global CDN.
Railway (API hosting) — United States.
Resend (transactional emails) — United States.
OpenAI (optional content moderation via the Moderation API) — United States. Used only if enabled by the publisher.
Expo Push / Apple APNs / Google FCM (push notifications).

For transfers outside the EU, MyEvents360 relies on the EU Commission's standard contractual clauses and, where applicable, adequacy decisions (Data Privacy Framework for the United States).

We never sell or rent your personal data to third parties.

5. Retention period

User account: until deleted by the user or after 3 years of inactivity.
Events and content: as long as the event exists, until deleted by the creator or the user concerned.
Technical logs: 60 days max.
Transactional emails: 12 months for traceability.

6. Your rights

Under the GDPR, you have the following rights over your data:

Right of access: obtain a copy of your personal data.
Right of rectification: correct inaccurate data.
Right of erasure: request deletion of your account and data ("right to be forgotten").
Right of portability: retrieve your data in a structured, readable format.
Right to object: object to certain legitimate-interest-based processing.
Right to withdraw consent: at any time, without affecting the lawfulness of prior processing.

To exercise these rights, contact us at contact@myevents360.com. We respond within one month.

You also have the right to lodge a complaint with a supervisory authority (in France, the CNIL).

7. Security

Data is protected by technical and organizational measures: HTTPS for all communications, hashed passwords (bcrypt), short-lived JWT tokens, at-rest encryption at storage providers, restricted access to production data.

8. User-generated content

Photos, videos and messages posted in an event are visible only to members of that event, according to the access settings chosen by the creator. MyEvents360 does not review this content except for reports or automated moderation.

9. Minors

The service is not intended for children under 15. Minors aged 15 to 18 must obtain consent from a parent or legal guardian before creating an account.

10. Changes

This policy may be updated. Any material change will be notified by email or in the app. The last-updated date is shown at the top of the document.