Legal

Privacy Policy

1. Introduction

Podiia ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event management platform.

2. Data Controller

MMBC CONSULTING UG (haftungsbeschränkt) & Co. KG
Aroser Allee 84, 13407 Berlin, Germany
Email: hello@podiia.app

3. Information We Collect

We collect information that you provide directly to us:

  • Account Information: Email address, name, profile photo (optional)
  • Event Data: Event details, descriptions, images, dates, locations
  • Attendee Data: Names, email addresses, RSVP status, check-in timestamps, custom registration fields
  • Usage Data: Pages visited, features used, time spent on the platform (collected via privacy-friendly analytics)
  • Payment Information: Processed by our payment provider (Stripe), we do not store full credit card details

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process event registrations and manage attendee lists
  • Send transactional emails (magic links, event confirmations, reminders)
  • Generate QR codes for event check-in
  • Provide customer support and respond to inquiries
  • Analyze usage patterns to improve user experience
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: To provide the Service you've signed up for
  • Legitimate Interest: To improve the Service, prevent fraud, and ensure security
  • Consent: For marketing communications (you can opt out at any time)
  • Legal Obligation: To comply with applicable laws and regulations

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service Providers: Supabase (hosting, database), Resend (email delivery), Stripe (payment processing) — all GDPR-compliant
  • Event Organisers: If you register for an event, your registration data is shared with the event organiser
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

7. Data Storage and Security

All data is stored in the European Union (Frankfurt, Germany) on Supabase infrastructure. We implement industry-standard security measures including encryption in transit (TLS) and at rest, row-level security policies, regular backups, and access controls. However, no method of transmission over the internet is 100% secure.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Event data is retained for 2 years after the event date unless you request earlier deletion. After account deletion, data is permanently removed within 30 days, except where retention is required by law.

9. Cookies and Third-Party Services Loaded by the Browser

We use only technically necessary cookies. No tracking or advertising cookies are deployed.

  • Session cookie: One essential HTTP-only cookie set by Supabase to keep you signed in. It is deleted when you log out or your session expires. No consent is required as it is strictly necessary for the service to function.
  • Google Fonts: This website loads typefaces from fonts.googleapis.com. When your browser requests a font, Google receives your IP address and browser information. Google's use of this data is governed by Google's Privacy Policy. The legal basis is our legitimate interest in providing a consistent visual experience (Art. 6(1)(f) GDPR).
  • Google Maps embeds: Event pages may display an embedded Google Map for venue location. If a map is shown, your browser contacts Google's servers and Google receives your IP address. This occurs only on pages where a map is displayed. Google's use of this data is governed by Google's Privacy Policy.

We do not use analytics cookies, advertising cookies, or any other third-party tracking.

10. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us at privacy@podiia.app

11. International Data Transfers

All data is stored and processed within the European Union. If you access the Service from outside the EU, your data will be transferred to and processed in the EU under GDPR protections.

12. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use after such notification constitutes acceptance of the updated policy.

14. Contact and Complaints

For privacy-related questions or to exercise your rights, contact us at privacy@podiia.app

You also have the right to lodge a complaint with your local data protection authority.

Last updated: May 19, 2026