← Back to Home

    Privacy Policy

    Effective Date: March 14th, 2026

    1. Who We Are

    EventIQ ("EventIQ," "we," "our," "us") is an event communication and RSVP operations platform operated by Event IQ Labs Private Limited, a company incorporated under the laws of India.

    • Brand Name: EventIQ
    • Legal Entity: Event IQ Labs Private Limited
    • Registered Address: 211B Mahveer Ridge, Begur - Koppa Road, Akshayanagar, Bangalore - 560068
    • Primary Contact: company@event-iq.in
    • Grievance Officer: Mohit Baid, reachable at mohit@event-iq.in

    For the purposes of applicable data protection law, EventIQ acts as a Data Fiduciary with respect to personal data we collect directly from our customers (event managers and event owners who use our platform). When we process personal data of guests and recipients on behalf of our customers, we act as a Data Processor under the instructions of the relevant customer, who remains the Data Fiduciary for that data.

    2. Scope of This Policy

    This Privacy Policy applies to all personal data processed by EventIQ through our website (event-iq.in), our platform dashboard, our WhatsApp-based communication services, and any related tools or services we provide.

    This policy covers two categories of individuals:

    • Customers — event managers, event owners, and their team members who create accounts, manage events, upload guest lists, and initiate communications through our platform.
    • Guests and Recipients — individuals who receive WhatsApp messages, invitations, reminders, or other communications sent through our platform on behalf of our customers, and who may interact with those messages (for example, by submitting RSVP responses or engaging in two-way chat).

    Where our practices differ between these two groups, we identify those differences below. This Privacy Policy should be read together with our Terms of Service.

    3. Data We Collect

    We collect and process the following categories of personal data:

    a. Customer Account Data

    Information you provide when creating and managing your EventIQ account, including your name, email address, phone number, company or organisation name, role, and account credentials.

    b. Event and Guest Management Data

    Information uploaded or entered by customers for the purpose of managing events and communications, including guest names, phone numbers, event details, guest categories, table assignments, and any other fields defined by the customer. This data is provided to us by customers and we process it on their behalf.

    c. Communication and Messaging Data

    The content of WhatsApp messages sent and received through our platform, message delivery and read status, RSVP responses, two-way chat transcripts, and associated metadata such as timestamps and message identifiers.

    d. IVR Call Data

    When IVR-based opt-in is used, we process phone numbers, call timestamps, and consent responses recorded during the call.

    e. Support and Operational Records

    Records of your interactions with our support team, operational logs, error diagnostics, and service-related correspondence.

    f. Usage and Device Data

    Technical information collected automatically when you use our website or platform, including IP addresses, browser type and version, device identifiers, operating system, session duration, pages viewed, and referring URLs.

    g. Optional Identity Data

    Government-issued identification documents or numbers, collected only in cases where a customer elects to collect such data for a specific, required purpose (such as venue access verification). This data is collected and processed under the customer's instructions and subject to the enhanced safeguards described in Section 6.

    We do not collect data beyond what is necessary for the purposes described in this policy.

    4. How We Use Your Data

    We use personal data for the following purposes:

    • Service delivery: To operate the EventIQ platform, process event communications, deliver WhatsApp messages, manage RSVPs, and enable two-way chat on behalf of our customers.
    • Account management: To create and maintain customer accounts, authenticate users, and manage access permissions.
    • Customer support: To respond to enquiries, troubleshoot issues, and provide technical assistance.
    • Platform security: To detect and prevent fraud, abuse, unauthorised access, and other security threats, and to maintain audit trails.
    • Same-event analytics: To provide customers with delivery reports, RSVP summaries, and communication performance metrics for their own events. We do not aggregate data across different customers or across different events for analytics purposes.
    • Legal compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
    • Platform improvement: To monitor platform performance, identify technical issues, and improve service reliability.

    We do not use your data for:

    • Selling, renting, or trading personal data to third parties for their marketing or commercial purposes.
    • Cross-event or cross-customer data aggregation or profiling.
    • Training artificial intelligence or machine learning models.
    • Advertising, ad targeting, or behavioural tracking.
    • Any purpose unrelated to the delivery and improvement of EventIQ's event communication services.

    5. WhatsApp Business API and Meta Platform

    5.1 Platform Usage

    EventIQ uses the official WhatsApp Business API (WABA), provided through Meta Platforms, Inc., to send and receive WhatsApp messages on behalf of our customers. All WhatsApp communications are subject to Meta's terms of service, business policies, and platform enforcement actions. WhatsApp messaging availability, throughput, and delivery depend on Meta approvals, template controls, policy requirements, and platform enforcement decisions.

    5.2 Opt-In and Consent

    Under Meta's WhatsApp Business Policy, recipients must provide opt-in consent before receiving WhatsApp messages. EventIQ facilitates opt-in collection through IVR (Interactive Voice Response) workflows where instructed by customers. Customers are responsible for ensuring that valid opt-in consent has been obtained from each recipient before initiating messaging campaigns through our platform. Customers must maintain records of opt-in consent and make them available upon request.

    5.3 Opt-Out and Unsubscribe

    Recipients may opt out of receiving further WhatsApp messages at any time through the following mechanisms:

    • On WhatsApp: By sending a reply containing keywords such as "STOP," "UNSUBSCRIBE," or "OPT OUT" to the WhatsApp number from which they received messages. Our platform automatically detects these keywords and processes the opt-out request.
    • Off WhatsApp: By contacting us at company@event-iq.in with the subject line "Opt-Out Request," including the phone number to be removed.
    • Via customer support: By requesting opt-out through any communication channel with our support team.

    Opt-out requests are processed promptly, and no further messages will be sent to the opted-out number for that event or customer unless fresh opt-in consent is obtained. We maintain records of all opt-out requests.

    5.4 Data Use Restrictions for WhatsApp Data

    Personal data obtained through or in connection with WhatsApp Business API interactions is used solely to support the messaging service and related event communication functions. We do not use WhatsApp-derived data for unrelated commercial purposes, advertising, or profiling.

    5.5 Sensitive Data Prohibition

    Customers must not use EventIQ's WhatsApp messaging services to transmit sensitive personal data, including but not limited to payment card numbers, bank account details, government-issued identification numbers, health information, or passwords. EventIQ does not process payment transactions and does not store payment card information.

    5.6 Data Isolation

    Guest and recipient data uploaded by one customer is strictly isolated from other customers' data. No customer can access, view, or obtain data belonging to another customer. We do not share, aggregate, or cross-reference recipient data across customers.

    6. Identity (ID) Data Lifecycle

    • ID data is collected only when a customer chooses to collect it for a specific, required purpose (such as venue access verification or regulatory compliance).
    • ID data is processed only for that stated purpose and is not used for any other reason.
    • ID data is permanently deleted promptly after the relevant purpose is completed.
    • Retention beyond completion occurs only where required by applicable law.
    • ID data is collected only through secure platform workflows with appropriate safeguards.

    7. Legal Basis for Processing

    We process personal data on the following legal grounds, as applicable under the Digital Personal Data Protection Act, 2023, and other relevant law:

    • Consent: Where you have provided your consent to the processing of your personal data for one or more specific purposes. You may withdraw your consent at any time by contacting us at company@event-iq.in. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal but may affect our ability to continue providing certain services.
    • Contractual necessity: Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract — for example, to operate your EventIQ account and deliver the services you have requested.
    • Legitimate uses: Where processing is reasonably expected by the data principal in connection with the provision of the service, or is necessary for the purposes of our legitimate operational interests (such as platform security, fraud prevention, and service improvement), provided that such interests are not overridden by your rights and freedoms.
    • Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject, including obligations under Indian law, court orders, or regulatory requirements.

    For guest and recipient data processed on behalf of our customers, the customer (as Data Fiduciary) is responsible for establishing the appropriate legal basis for processing. EventIQ processes such data as a Data Processor under the customer's instructions.

    8. Data Sharing and Third Parties

    We may share personal data with the following categories of recipients:

    • Cloud infrastructure and hosting providers: We use cloud hosting services located in India to store and process data. These providers operate under contractual data processing agreements that restrict their use of personal data to the services they provide to us.
    • Meta Platforms, Inc. (WhatsApp Business API): To deliver WhatsApp messages, certain data (including recipient phone numbers and message content) is transmitted to Meta's WhatsApp infrastructure. This processing is governed by Meta's terms and WhatsApp's privacy policy.
    • Customer-designated recipients: When a customer initiates a message campaign, the message content is delivered to the designated recipients via WhatsApp.
    • Professional advisors: Legal counsel, auditors, or consultants engaged by EventIQ, subject to professional confidentiality obligations.
    • Regulatory and legal authorities: Government agencies, regulators, law enforcement, or courts where disclosure is required by applicable law, legal process, or enforceable governmental request.

    We do not:

    • Sell, rent, or trade personal data to any third party.
    • Share guest or recipient data between different customers.
    • Provide personal data to data brokers or advertising networks.
    • Transfer personal data to any third party for purposes unrelated to our service delivery.

    All third-party service providers engaged by EventIQ are subject to contractual obligations requiring them to process personal data only as instructed by us and to maintain appropriate security safeguards.

    9. Data Retention

    We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, as described in this policy, or as required by applicable law. Our general retention practices are as follows:

    Data CategoryRetention Period
    Customer account dataDuration of account + 12 months after closure
    Event and guest management dataDuration of event + 90 days
    WhatsApp message content and metadataUp to 12 months from date of message
    IVR call dataUp to 12 months
    Operational and system logsUp to 12 months
    Identity (ID) dataDeleted promptly after purpose completion (Section 6)
    Support and communication recordsUp to 24 months from date of interaction

    Upon expiration of the applicable retention period, personal data is permanently deleted or irreversibly anonymised. Customers may request earlier deletion of their content and guest data at any time by contacting company@event-iq.in. We will process deletion requests within thirty (30) days, subject to any overriding legal retention obligations.

    When a customer account is terminated or closed, we will delete or anonymise all associated personal data within ninety (90) days, except where retention is required by law.

    10. Security

    We implement reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include:

    • Encryption of data in transit using TLS/SSL protocols.
    • Encryption of data at rest for sensitive data categories.
    • Role-based access controls limiting data access to authorised personnel on a need-to-know basis.
    • Regular review of access permissions and security configurations.
    • Audit logging of access to personal data and administrative actions.
    • Secure software development practices including regular dependency and vulnerability assessment.
    • Incident detection and response procedures.

    While we take commercially reasonable steps to protect your data, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

    11. Your Rights

    Under the Digital Personal Data Protection Act, 2023, and other applicable law, you have the following rights regarding your personal data:

    • Right of Access: You may request confirmation of whether we process your personal data and obtain a summary of such data.
    • Right to Correction: You may request correction of inaccurate or incomplete personal data.
    • Right to Erasure: You may request deletion of your personal data, subject to any overriding legal retention obligations.
    • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
    • Right to Nominate: You may nominate another individual to exercise your rights on your behalf in the event of your death or incapacity, as provided under the DPDP Act.
    • Right to Grievance Redressal: You have the right to lodge a complaint regarding our processing of your personal data.

    How to Exercise Your Rights

    Send your request to company@event-iq.in with the subject line "Data Rights Request." Please include sufficient information to verify your identity and specify the right(s) you wish to exercise. We will acknowledge your request within seven (7) days and fulfil it within thirty (30) days, unless an extension is necessary due to the complexity of the request, in which case we will notify you.

    For Guests and Recipients

    If you are a guest or recipient whose data has been uploaded by a customer, you may contact us directly using the details above. Where your request relates to data controlled by a customer, we will either process the request ourselves or direct you to the relevant customer, as appropriate.

    Escalation

    If you are not satisfied with our response, you may escalate your complaint to the Grievance Officer identified in Section 17. You also have the right to file a complaint with the Data Protection Board of India, once constituted, in accordance with the DPDP Act.

    12. Children's Privacy

    EventIQ services are designed for business and event operations and are not directed at individuals under the age of eighteen (18) years. We do not knowingly collect or process personal data from children.

    If guests under the age of 18 are included in event guest lists uploaded by customers, the customer is responsible for ensuring that verifiable parental or guardian consent has been obtained in accordance with the Digital Personal Data Protection Act, 2023, before submitting such data to our platform.

    If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that data promptly. If you believe that a child's data has been submitted to our platform without proper authorisation, please contact us at company@event-iq.in.

    13. Cookies and Tracking Technologies

    Our website uses cookies and similar technologies to ensure proper functionality and improve your experience. The categories of technologies we use include:

    • Strictly necessary cookies: Required for the website to function correctly, such as session management and security tokens. These cannot be disabled.
    • Analytics cookies: Used to understand how visitors interact with our website, including page views, session duration, and navigation paths. We use these to improve website performance and usability.

    We do not use advertising cookies, retargeting pixels, or cross-site tracking technologies. You may manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our website.

    14. Data Breach Notification

    In the event of a personal data breach that is likely to cause harm to data principals, we will:

    • Notify the Data Protection Board of India (or such other authority as may be designated) in the form and manner prescribed under the Digital Personal Data Protection Act, 2023, and any rules made thereunder.
    • Where required by law or where we determine it is appropriate, notify affected data principals without unreasonable delay, providing information about the nature of the breach, the data involved, and the steps taken to mitigate its impact.
    • Notify affected customers promptly so they can fulfil any notification obligations to their own data principals.

    We maintain internal incident response procedures designed to detect, investigate, contain, and remediate data breaches in a timely manner.

    15. Cross-Border Data Transfers

    EventIQ stores and processes personal data primarily on servers located in India. However, in the course of providing our services, certain personal data may be transmitted to or accessible by service providers located outside India, including:

    • Meta Platforms, Inc. — WhatsApp message delivery and API operations may involve data processing in jurisdictions where Meta operates its infrastructure.

    Where personal data is transferred outside India, we ensure that such transfers comply with the Digital Personal Data Protection Act, 2023, including any restrictions on transfers to countries or territories notified by the Central Government. We implement appropriate contractual and technical safeguards to protect personal data during and after such transfers.

    We do not transfer personal data to any jurisdiction that has been restricted by the Central Government under Section 16(1) of the DPDP Act.

    16. Policy Updates

    We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes to this policy, we will:

    • Update the "Last Updated" date at the top of this page.
    • Notify registered customers by email or through an in-platform notification at least fifteen (15) days before the changes take effect, where practicable.
    • Make the prior version of the policy available upon request.

    Your continued use of EventIQ services after the updated policy takes effect constitutes your acknowledgement of the changes. We encourage you to review this policy periodically.

    17. Contact and Grievance Redressal

    For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

    • Email: company@event-iq.in
    • Subject Line: "Privacy Enquiry" (for general questions) or "Data Rights Request" (for rights requests)
    • Postal Address: 211B Mahveer Ridge, Begur - Koppa Road, Akshayanagar, Bangalore - 560068

    Grievance Officer

    In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, we have appointed the following Grievance Officer:

    • Name: Mohit Baid
    • Email: mohit@event-iq.in

    The Grievance Officer will acknowledge your complaint within seven (7) days and resolve it within thirty (30) days from the date of receipt.

    If you are not satisfied with the resolution provided by our Grievance Officer, you may escalate your complaint to the Data Protection Board of India in accordance with the procedures established under the DPDP Act.