Privacy Policy

1. Who We Are

ConfDirector ("we", "our", "us") is a cloud-based conference and congress management platform that helps academic, scientific, and professional organizations run their events end-to-end — from call-for-papers through peer review, registration, payments, and certification. This Privacy Policy explains what personal data we collect when you use the platform, why we collect it, how we use it, and your rights over it.

2. Data We Collect

• Account dataFull name, email address, mobile number, institution/affiliation, country, and a profile photo if you choose to upload one. This is collected during registration or profile completion.
• Submission dataPaper titles, abstracts, full-paper files, keywords, author lists, and correspondence history you submit through the platform in your role as an Author.
• Review dataReview scores, comments, and recommendations you submit as a Reviewer or Scientific Committee member. Reviewer identities are kept confidential from authors unless the event explicitly uses an open-review model.
• Payment dataRegistration fee transactions, invoice details, and receipt records. Card and banking details are handled exclusively by our certified payment processors and are never stored on our servers.
• Usage dataLog files, browser type, IP address, pages visited, and feature interactions — used only for platform security, error diagnosis, and aggregate analytics.
• CommunicationsEmails and support messages you send to us, and automated notifications we send you (submission confirmations, decision letters, payment receipts).

3. How We Use Your Data

• Platform operationAuthenticating your account, routing you to the correct events and role panels, and delivering the features you requested.
• Event workflowsMatching submissions to reviewers, sending acceptance or rejection notifications, issuing certificates of attendance or presentation.
• Payments & complianceProcessing registration fees, generating invoices, and meeting financial record-keeping obligations.
• SecurityDetecting fraud, abuse, and unauthorized access; maintaining platform integrity.
• ImprovementAggregate, anonymized analytics to understand which features are most used and to prioritize development.
• Legal obligationsComplying with applicable laws, court orders, or regulatory requirements.

4. Legal Bases (GDPR)

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with equivalent data-protection law, we rely on the following legal bases: (a) Contract — processing your data to perform the agreement you enter into when you create an account or register for an event; (b) Legitimate interests — maintaining security, preventing fraud, and improving the platform; (c) Legal obligation — retaining financial records as required by law; (d) Consent — where we request it explicitly (e.g. optional marketing emails).

5. Data Sharing

We do not sell your personal data. We share data only:

• Event organizersConference managers and scientific committee members for the specific events you participate in can see your submission data and contact details to the extent their role requires.
• Payment processorsCertified third-party payment gateways receive only what is necessary to complete a transaction.
• Email service providersTransactional email providers send notifications on our behalf and have access to recipient addresses and message content solely for delivery.
• Legal authoritiesWhen required by law or to protect the rights, property, or safety of users or the public.

6. Data Retention

We retain your account data for as long as your account is active. Submission and review records are kept for at least 5 years to support post-event certification and dispute resolution. You may request earlier deletion (see Section 8). Financial records are retained for the minimum period required by applicable accounting regulations (typically 7 years).

7. Security

We apply industry-standard technical and organizational measures: encrypted data transmission (TLS), hashed passwords, role-based access control, and regular security assessments. No system is completely impenetrable; if a breach occurs that affects your personal data, we will notify you as required by applicable law.

8. Your Rights

• AccessRequest a copy of the personal data we hold about you.
• RectificationCorrect inaccurate or incomplete data — most data can be edited directly in your profile.
• ErasureRequest deletion of your account and associated data, subject to retention obligations described in Section 6.
• RestrictionAsk us to limit processing while a dispute is resolved.
• PortabilityReceive your data in a structured, machine-readable format.
• ObjectionObject to processing based on legitimate interests.
• Withdraw consentWhere processing relies on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, email us at privacy@confdirector.com. We will respond within 30 days.

9. Cookies

We use essential session cookies to keep you logged in, and optional analytics cookies (with your consent) to understand aggregate usage patterns. You can disable cookies in your browser settings, though some platform features require session cookies to function.

10. Children

The platform is intended for adults (18+) engaged in academic or professional activities. We do not knowingly collect personal data from children under 16. If you believe a child's data has been submitted, please contact us immediately.

11. Changes to This Policy

We may update this Policy periodically. Material changes will be notified by email or by a prominent notice on the platform at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.

12. Contact

Privacy questions and data-rights requests: privacy@confdirector.com General contact: support@confdirector.com