Privacy Policy

Welcome to Connecto ("we," "us," or "our"). We operate the website at https://getconnecto.app and the Connecto mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. Information We Collect

We collect the following categories of personal information:

1.1 Information You Provide

• Account Information: Name, email address, password, and profile photo when you create an account.
• Contact Information: Phone number and mailing address.
• Professional Information: Job title, company name, and LinkedIn profile URL.
• Payment Information: Credit card details, billing address, and transaction history when you make purchases.
• User-Generated Content: Messages, posts, comments, project submissions, and other content you create.
• Event-Related Data: Event registrations, attendance records, team memberships, and participation history.

1.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers, and mobile network information.
• Log Data: IP address, browser type, pages visited, time spent on pages, and access times.
• Location Data: Precise GPS location (with your consent), approximate location based on IP address, and background location data for proximity networking features.
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 7).

1.3 Information from Mobile App

Our mobile application may request access to:

• Camera: For profile photos and QR code scanning.
• Contacts: To help you find and invite friends to events.
• Calendar: To add events to your device calendar.
• Microphone: For voice features and video calls.
• Bluetooth/NFC: For badge scanning and proximity-based networking.
• Push Notifications: To send you event updates and messages.
• Background Location: To enable proximity networking features even when the app is not actively in use. You can disable this in your device settings at any time.

1.4 Mobile Advertising and Device Identifiers

Our mobile applications may collect:

• Advertising Identifier (IDFA/GAID): On iOS, we may collect your Identifier for Advertisers (IDFA) with your permission. On Android, we may collect your Google Advertising ID (GAID). These identifiers are used for analytics, measuring ad effectiveness, and serving personalized advertisements.
• Device Identifiers: Unique device identifiers for app functionality, security, and fraud prevention.
• App Usage Data: Information about how you interact with the app, including features used, screens viewed, and session duration.

2. How We Use Your Information

We use your personal information for the following purposes:

• Providing the Service: To create and manage your account, process event registrations, facilitate team formation, and enable networking features.
• Processing Payments: To process transactions and send related information, including purchase confirmations and invoices.
• Communications: To send service-related communications (confirmations, updates, security alerts) and, with your consent, marketing and promotional messages.
• Personalization: To personalize your experience and provide content and features relevant to your interests.
• Networking Features: To display your profile to other event attendees and facilitate connections between users.
• Analytics: To analyze usage patterns, improve our Service, and develop new features.
• Security: To detect, prevent, and address fraud, abuse, and security issues.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. How We Share Your Information

We may share your personal information with the following parties:

3.1 Service Providers

• Payment Processors: To process payments securely (e.g., Stripe, PayPal).
• Cloud and Hosting Providers: To store and process data (e.g., Cloudflare, AWS, Vercel).
• Analytics Services: To analyze usage and improve our Service (e.g., PostHog).
• Communication Services: To send emails and notifications (e.g., Resend).
• Authentication Providers: To enable social login options (e.g., Google, Apple).

3.2 Event Organizers

When you register for an event, we share your registration information with the organization hosting the event. This may include your name, email, professional information, and attendance data. Event organizers may use this information in accordance with their own privacy policies.

3.3 Event Sponsors

With your consent or as disclosed at the time of event registration, we may share your information with event sponsors. Sponsors may use your information for their own marketing purposes, including sending you promotional communications. You may opt out of sponsor communications by contacting the sponsor directly or by exercising your rights as described in Section 10.

3.4 Advertising Partners

We work with advertising networks to display relevant advertisements. These partners may collect information about your online activities across websites and apps to provide targeted advertising.

3.5 Other Users

Your profile information and event participation may be visible to other users of the Service to facilitate networking. You can control certain visibility settings in your account.

3.6 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect our rights, privacy, safety, or property.

3.7 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Data Retention

We retain your personal information as follows:

• Active Accounts: We retain your information for as long as your account is active or as needed to provide you the Service.
• Account Deletion: When you delete your account, we will delete or anonymize your personal information within 30 days, except as required for legal compliance.
• Payment Records: We retain payment and transaction records for up to 7 years for tax and legal compliance purposes.
• Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using TLS/HTTPS.
• Encryption of data at rest.
• Secure password hashing using industry-standard algorithms.
• Two-factor authentication (2FA) options for user accounts.
• Access controls limiting employee access to personal data.
• Regular security audits and assessments.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. International Data Transfers

Our servers are located in the United States. If you access our Service from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: We transfer personal data to the United States and other countries using appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Data processing agreements with our service providers that ensure adequate protection.

We use Cloudflare for edge computing, which means your data may be processed at edge locations globally to improve performance.

7. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

• Essential Cookies: Required for the Service to function (authentication, security, load balancing).
• Functional Cookies: Remember your preferences and settings.
• Analytics Cookies: Help us understand how users interact with our Service.
• Advertising Cookies: Used to deliver relevant advertisements and track ad campaign performance.
• Social Media Cookies: Enable social sharing features and integration with social platforms.

Mobile App Tracking: Our mobile app uses device identifiers and push notification tokens for functionality and analytics.

Your Choices: You can manage cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may affect the functionality of our Service. For mobile tracking, you can adjust settings in your device's privacy settings.

8. Mobile App Privacy (App Store & Play Store)

This section provides additional disclosures required by Apple App Store and Google Play Store policies.

8.1 Apple App Store - App Tracking Transparency

On iOS devices, we request your permission through Apple's App Tracking Transparency (ATT) framework before tracking your activity across other companies' apps and websites. This tracking is used for:

• Delivering personalized advertisements
• Measuring advertising effectiveness
• Sharing data with advertising partners

You can choose to allow or deny tracking. If you deny tracking, you will still see ads, but they may be less relevant to you. You can change your tracking preferences at any time in your device Settings > Privacy & Security > Tracking.

8.2 Apple App Store - Data Collection Summary

In accordance with Apple's App Store requirements, here is a summary of the data our iOS app collects:

8.3 Google Play Store - Data Safety

In accordance with Google Play's Data Safety requirements, here is information about our data practices:

• Data Collected: Personal info (name, email, phone, address), financial info (payment details), location, contacts, photos/videos, messages, app activity, device identifiers.
• Data Shared: We share data with event organizers, sponsors (for marketing), analytics providers, and advertising partners as described in Section 3.
• Data Encrypted: Yes, data is encrypted in transit and at rest.
• Data Deletion: You can request deletion of your data. See Section 8.4 below.
• Committed to Play Families Policy: Our app is not directed at children under 16.

8.4 Account and Data Deletion

Both Apple and Google require that we provide a way for you to delete your account and data. You have the following options:

• In-App Deletion: Go to Settings > Account > Delete Account in the mobile app. This will initiate deletion of your account and associated data.
• Web Deletion: Log in to your account at https://getconnecto.app, go to Account Settings, and select "Delete Account."
• Email Request: Send an email to connecto@ibyo.com with the subject "Account Deletion Request" from the email address associated with your account.

What happens when you delete your account:

• Your profile, event registrations, and user-generated content will be deleted within 30 days.
• Payment transaction records will be retained for 7 years as required by law.
• Anonymized analytics data may be retained.
• Data already shared with event organizers or sponsors is subject to their privacy policies.
• You will receive an email confirmation when your account is deleted.

8.5 Third-Party SDKs

Our mobile apps integrate third-party software development kits (SDKs) that may collect data. These include:

• Analytics SDKs: PostHog - collects usage data and device information for product analytics.
• Advertising SDKs: May collect device identifiers and usage data for personalized advertising.
• Authentication SDKs: Google Sign-In, Apple Sign-In - collect authentication credentials.
• Push Notification SDKs: Firebase Cloud Messaging, Apple Push Notification service - collect device tokens.
• Payment SDKs: Stripe - processes payment information securely.
• Crash Reporting SDKs: Firebase Crashlytics, Sentry - collect crash logs and device diagnostics.

Each SDK provider has its own privacy policy governing their data collection and use.

9. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at connecto@ibyo.com. If we discover that we have collected personal information from a child under 16, we will delete that information promptly.

10. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

10.1 General Rights

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information.
• Portability: Request a copy of your data in a portable format.
• Objection: Object to certain processing of your information.
• Restriction: Request restriction of processing in certain circumstances.
• Withdraw Consent: Withdraw consent where processing is based on consent.

10.2 For European Users (GDPR)

If you are in the EEA, UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including those listed above. Our legal bases for processing your data include:

• Performance of our contract with you (providing the Service).
• Your consent (for marketing communications, sponsor data sharing).
• Our legitimate interests (security, fraud prevention, analytics).
• Legal obligations.

You also have the right to lodge a complaint with your local data protection authority.

10.3 For California Residents (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request information about the categories and specific pieces of personal information we collect, use, and disclose.
• Right to Delete: Request deletion of your personal information.
• Right to Correct: Request correction of inaccurate information.
• Right to Opt-Out of Sharing: We share personal information with event sponsors for their marketing purposes. You have the right to opt out of this sharing.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

We do not sell your personal information. However, we do share personal information with sponsors as described in Section 3.3. To opt out of this sharing, please visit our "Do Not Share My Personal Information" page or contact us at connecto@ibyo.com.

California Shine the Light: California residents may request information about disclosure of personal information to third parties for direct marketing purposes by contacting us at connecto@ibyo.com.

10.4 For Users in Other Jurisdictions

Users in Brazil (LGPD), Canada (PIPEDA), Australia, and other jurisdictions with privacy laws may have similar rights. Please contact us to exercise your rights.

10.5 How to Exercise Your Rights

You can exercise your privacy rights by:

• In-App Settings: Access, correct, or delete your information through your account settings. You can delete your account directly in the app.
• Email Request: Contact us at connecto@ibyo.com with your request.

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you by email as soon as reasonably practicable. Where required by law (such as GDPR), we will also notify the relevant supervisory authorities within 72 hours of becoming aware of the breach.

12. Third-Party Links

Our Service may contain links to third-party websites, apps, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date.
• Sending an email notification to registered users.
• Displaying a prominent notice in our Service.

Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will respond to your inquiry within 30 days.