Information We Collect

How We Use Your Information

• To provide and maintain our event management services
• To send WhatsApp invitations, reminders, and event updates
• To improve our platform and develop new features
• To ensure the security and integrity of our services
• To comply with legal obligations and protect our rights
• To analyze usage patterns and improve user experience (subject to your consent)
• To create AI-powered invitation designs and analyze contracts
• To connect event organizers with relevant suppliers
• To forward user inquiries and contact details to suppliers (including non-registered suppliers) at the user's request, acting solely as a technical communication intermediary

Legal Basis for Processing

We process your information based on:

• Contract performance - to provide the services you requested
• Consent - for analytics and marketing
• Legitimate interest - for service improvement and security
• Legal obligation - to comply with regulatory requirements

Israeli Law Compliance

We operate in accordance with the Protection of Privacy Law, 5741-1981, Privacy Protection (Data Security) Regulations, 5777-2017, and Amendment 13 to the Privacy Protection Law (August 2024).

Your rights as a data subject are enshrined in law and can be exercised at any time by contacting us.

Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy.

Exceptions where we may share information:

• With your explicit consent (e.g., sharing details with a supplier you chose)
• To comply with legal requirements or court orders
• To protect the safety and security of our users
• In connection with a business transfer or merger (with advance notice)
• With service providers acting on our behalf (see list below)
• To forward inquiries and contact details to suppliers (including those not registered on the platform) at the explicit request of the user, in order to facilitate communication
• In some cases, supplier information displayed on the platform is collected from publicly available sources
• Suppliers may request to stop receiving communications from Easy Events at any time by contacting support@easyevents.co.il, and we will respect such requests

Third-Party Services

We use third-party services to operate the platform. These services only receive access to necessary information:

• Google Firebase - user authentication, data storage, file storage, analytics
• Third-party messaging providers - WhatsApp and SMS message delivery (guest phone numbers are transferred to provider servers)
• Google Maps - address to coordinates conversion, map display
• Google Vertex AI - AI-powered invitation design creation and contract analysis
• Google Analytics - website usage analysis (ID: G-TW4G7H33WC)
• Google Cloud Scheduler/Tasks - background task scheduling
• Google Calendar - two-way appointment synchronization for suppliers who choose to connect their calendar (calendar.events scope)

Google API Services & Limited Use

When a supplier chooses to connect their Google Calendar from /supplier/settings, Easy Events requests OAuth access in order to keep appointment bookings synchronized between the platform and the supplier's calendar.

Scope requested: https://www.googleapis.com/auth/calendar.events

We create, read, update, and delete calendar events that are tagged with our private extendedProperties marker ("easyevents:appointmentId"). We do not read, store, transmit, or process events created outside of Easy Events.

Calendar data is used solely to mirror Easy Events appointment bookings into the supplier's calendar and to reflect supplier-side changes back into Easy Events. We do not use this data for advertising, profiling, or training generative AI / machine learning models, nor do we sell or transfer it to third parties.

Easy Events' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Suppliers can disconnect Google Calendar at any time from /supplier/settings inside the platform, or revoke Easy Events' access directly at https://myaccount.google.com/permissions. Disconnection deletes all stored OAuth tokens; previously synced events remain in the supplier's calendar.

Data Security

We implement appropriate technical and organizational measures to protect your personal information.

• Data encryption in transit (TLS/SSL) and at rest
• Role-based access controls (user, supplier, admin)
• Security monitoring, logging of login attempts, and detection of unauthorized content scraping (referrer domains and user-agent strings may be logged for security purposes)
• Secure daily backups with 14-day retention
• CSRF attack protection using tokens
• Login rate limiting to prevent attacks

Cookies and Tracking Technologies

We use cookies and similar technologies to operate the platform and enhance your experience.

Cookies we use:

• __session - authentication cookie (14 days, essential for operation)
• __csrf - CSRF attack protection (24 hours, essential for security)
• selectedEventId - remembering selected event (30 days)
• Google Analytics cookies (subject to your consent)

Local storage:

• language - language preference
• user_consent - privacy preferences
• analytics_consent - analytics consent

You can manage cookie preferences through your browser settings or through the consent banner on the website.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy.

• Active accounts: Retained until you delete your account
• Inactive accounts: We reserve the right to delete accounts after prolonged inactivity, with prior notice to the email on file
• Account deletion request: Completed within 30 days
• Session cookies: 14 days
• Backups: Retained for 14 days

Your Rights

In accordance with privacy laws and GDPR principles, you have the following rights:

• Right to access your personal information and receive a copy
• Right to correct inaccurate or incomplete information
• Right to delete your personal information ('right to be forgotten')
• Right to receive your data in a structured format
• Right to restrict processing of your information
• Right to object to processing for direct marketing
• Right to withdraw consent at any time (without affecting the lawfulness of processing prior to withdrawal)

To exercise your rights, contact us using the contact details at the bottom of this page.

Consent and Choice

By registering for the service, you agree to the collection and processing of your information as described in this policy.

• Analytics: You can choose to opt out of analytics tracking via the consent banner.
• Marketing: We will not send you marketing messages without your explicit consent.
• You can withdraw your consent at any time through account settings or by contacting us.

International Data Transfers

Your information is stored and processed on Google Cloud and third-party service provider servers located primarily in the United States. This data transfer is necessary for service delivery. We ensure our service providers meet strict security standards and international data protection requirements.

Safeguards include: data processing agreements, encryption, access controls.

Children's Privacy

Our services are intended for adults (18+) for event management. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When changes are made, we will display an in-app notification informing you of the update. Continued use of the platform after receiving this notification constitutes acceptance of the updated policy.

Contact Us

For privacy questions, requests to exercise your rights, or any other matter relating to this policy:

We aim to respond to inquiries within 30 days.