Privacy

This privacy policy explains what personal data we collect when you visit event-flow.ai or request access to the private beta, how we use it, and what rights you have under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

The short version: we collect as little as possible, we use it only for the purpose you gave it to us, we don't sell or share it for marketing, and you can ask for it back or have it deleted at any time.

1 · who we are (data controller)

The data controller responsible for processing personal data on this website is:

Till Antonio Mahler
Digital Music Systems
Am Berlin Museum 12
10969 Berlin, Germany
Email: hello@event-flow.ai

For privacy questions or requests under GDPR, write to hello@event-flow.ai. We respond within 30 days.

2 · what we collect, and why

Beta access form. When you request beta access on this site, we collect: the name and kind of your venue, promoter or collective, your name and role, how many nights per week you run, what you currently use to manage operations, your reason for applying, and your email address. For abuse prevention we also record your IP address and browser user agent at submission time, and we store your consent record. This data is stored in our database hosted by Supabase in the EU (Frankfurt) and used solely to evaluate your request and contact you about beta access. Your email is confirmed through a double opt-in before we treat the signup as active.

Legal basis: Art. 6(1)(b) GDPR, processing necessary for steps prior to entering into a contract, and Art. 6(1)(a) GDPR (consent) for the email contact. Retention: we keep beta records while your request is active plus 24 months, so we can re-contact you if a future cohort opens. You can request deletion at any time.

Server logs. Our hosting provider (Vercel Inc., USA) and CDN (Cloudflare Inc., USA) automatically log standard web request data: IP address, user agent string, requested URL, response status, timestamp. These logs are retained for security and operational purposes and are not used for marketing or profiling. Legal basis: Art. 6(1)(f) GDPR, legitimate interest in the security and operational integrity of our services.

Analytics. We use Vercel Web Analytics on event-flow.ai, and only with your consent: the first time you visit, a notice asks whether we may count your visit, and if you decline, analytics never loads. Your choice is stored locally in your browser (localStorage, not a cookie) so we do not ask again. The analytics itself is cookieless, does not track you across sites, and does not collect personally identifiable information. Vercel processes only aggregate, anonymized request data (URL, referrer, browser, country) to give us page-view and unique-visitor counts. Legal basis: Art. 6(1)(a) GDPR, consent.

Cookies. This website does not use cookies for tracking or advertising purposes. Strictly necessary cookies may be set by our hosting infrastructure for security or session management; these are not used for analytics or marketing.

3 · who we share data with (subprocessors)

We share data only with the service providers we use to operate eventflow. Each is contractually bound to GDPR-compliant data processing agreements: Supabase (database hosting, EU region Frankfurt), Vercel Inc. (USA, website hosting and analytics), Cloudflare Inc. (USA, DNS, CDN and edge infrastructure), and Twilio SendGrid (transactional email, EU data residency). Where data transfers to non-EU countries occur, they are protected by EU Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework where applicable.

We do not sell, rent, or share personal data with third parties for advertising or marketing purposes.

4 · your rights under gdpr

Under GDPR, you have the right to: access the personal data we hold about you (Art. 15), rectify inaccurate data (Art. 16), erase your data (Art. 17), restrict processing in certain circumstances (Art. 18), data portability (Art. 20), object to processing based on legitimate interest (Art. 21), withdraw consent at any time where consent is the legal basis, and lodge a complaint with a supervisory authority (in Germany: the Berliner Beauftragte für Datenschutz und Informationsfreiheit).

To exercise any of these rights, email hello@event-flow.ai. We respond within 30 days.

5 · children

Eventflow is a B2B service for music venues and promoters. We do not knowingly collect personal data from anyone under 16. If you believe a child has submitted information through this site, contact us and we will delete it.

6 · changes to this policy

We may update this privacy policy from time to time as the product and operations evolve. Material changes will be reflected in the "last updated" date on this page. For active beta participants, we will email notification of significant changes.