# Privacy policy — JustOneEvent

Canonical source: <https://www.justoneevent.com/privacy>

## Data collected

- **Organiser account**: email, name, password (Argon2id hash), preferred locale, optionally organisation, public slug, country code.
- **Events**: title, description, location, date, capacity, image, time zone.
- **Participant registrations**: email, name, phone (optional), status (confirmed / cancelled / waitlisted), QR-code, scan timestamp.
- **Technical logs**: admin source IPs (audit), Stripe webhooks.

## Sub-processors

- **Microsoft Azure** (hosting, France Central)
- **Stripe** (payments, international transfers covered by SCC)
- **Google Maps API** (address autocomplete, optional)
- **IONOS** (transactional email SMTP relay, EU-hosted)

## GDPR rights

- **Access / portability**: JSON or CSV export from /dashboard/settings
- **Erasure**: account deletion from the dashboard (cascade purge of events + registrations; audit logs retained 12 months for accounting obligations)
- **Inactivity**: accounts with no login > 24 months are auto-purged (notice email at D-30, D-7)

## DPO contact

contact@justoneevent.com