Privacy Policy
Effective date: April 27, 2026
Applies to: EventsFlo landing page at https://www.eventsflo.io
EventsFlo (“EventsFlo”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect personal data through the EventsFlo landing page, especially where the General Data Protection Regulation (“GDPR”) applies to individuals in the European Economic Area (“EEA”).
This Privacy Policy currently applies only to the EventsFlo landing page and related lead capture or update communications. It does not yet apply to the future full EventsFlo web application, which will be covered by a separate privacy policy when that product launches.
1. Controller information
EventsFlo is the data controller for the personal data collected through the landing page.
Company name: EventsFlo
Address: 88/3, Kurunduwatta Road, Pitakotte, Colombo, Sri Lanka
Website:
www.eventsflo.io
Contact email:
dimal.eventsflo@gmail.com
EventsFlo has not appointed a Data Protection Officer because it does not believe one is currently required for the landing page activities described in this Privacy Policy. EventsFlo has also not appointed an EU or EEA representative at this time.
2. Scope
This Privacy Policy applies to personal data collected when you visit the EventsFlo landing page, submit your details through forms, consent to analytics or session monitoring technologies, or communicate with us about the product.
This policy does not cover third-party websites, platforms, or services that may be linked from our website, including Supabase, Google, Microsoft, Resend, or Paddle. Those third parties process data under their own privacy notices when you interact with their services directly.
3. Personal data we collect
We collect only limited personal data through the landing page. The categories of personal data we collect are:
- First name
- Last name
- Email address
- Business name
We may also collect certain technical and usage information when you use the website, but only where permitted by applicable law and, for non-essential technologies, only after you provide consent. This may include information such as your IP address, browser type, device information, pages viewed, approximate location derived from IP, session activity, and interaction behavior collected through analytics and session monitoring tools.
4. How we collect data
We collect personal data in the following ways:
- Directly from you: when you submit a form on our landing page.
- Automatically: when you browse the landing page and consent to analytics or behavioral monitoring technologies.
- Through service providers acting on our behalf: for example, hosting, database storage, email delivery, analytics, or payment infrastructure providers.
5. Purposes of processing
We use your personal data only for the following purposes:
- To collect and manage interest in the EventsFlo product.
- To communicate with you about progress updates relating to EventsFlo.
- To operate, maintain, and improve the landing page.
- To understand website usage and improve performance and user experience, where consent is required and has been provided.
- To maintain the security, integrity, and reliability of the website.
- To comply with applicable legal obligations and respond to lawful requests.
- To prepare for future subscription sales infrastructure, although the landing page does not currently sell subscriptions.
We do not use the email addresses collected through the landing page for general marketing or promotional advertising. We use them only to send product progress and product-related updates that are aligned with the purpose for which the details were submitted.
6. Legal bases under GDPR
If GDPR applies to the processing of your personal data, we rely on the following legal bases:
| Processing activity | Personal data | Legal basis |
|---|---|---|
| Receiving and storing your form submission | Name, email, business name | Consent, where you voluntarily submit your details for updates; and pre-contractual or legitimate interest basis where applicable to respond to your interest in the product |
| Sending product progress updates | Name, email | Consent, based on your request to receive updates |
| Website analytics using Google Analytics | Online identifiers, device and usage data | Consent |
| Session and behavior analytics using Microsoft Clarity | Online identifiers, device and usage data, interaction data | Consent |
| Website security, troubleshooting, and fraud prevention | Technical and log data | Legitimate interests |
| Compliance with legal obligations | Relevant records and communications | Legal obligation |
Where we rely on consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Where we rely on legitimate interests, those interests are limited to operating and securing the landing page, responding to interest in the product, and maintaining basic business records in a proportionate way that does not override your fundamental rights and freedoms.
7. Cookies and similar technologies
EventsFlo uses cookies or similar technologies on the landing page, including Google Analytics and Microsoft Clarity. Because these tools are not strictly necessary for the operation of the website, they should only be activated for users in relevant European regions after valid consent has been obtained through a consent banner or similar consent mechanism.
You stated that EventsFlo already uses a consent-based setup. Users should be able to accept, reject, or later change their preferences for non-essential cookies and tracking technologies.
Google Analytics
We use Google Analytics to understand how visitors use the landing page, such as which pages are viewed and how visitors interact with the site. This helps us improve the website and user experience.
Microsoft Clarity
We use Microsoft Clarity to understand how visitors interact with the landing page through behavioral insights such as clicks, scrolling, and session patterns. This helps us identify usability issues and improve the site experience.
8. Data sharing and recipients
We do not sell personal data. We do not disclose your submitted lead details to third parties for their own marketing or independent commercial purposes.
However, we use certain processors and infrastructure providers to operate the landing page and related communications. These providers may process personal data on our behalf and only under appropriate contractual and operational controls.
| Provider | Purpose | Type of role |
|---|---|---|
| Supabase | Database and data storage | Processor |
| Resend | Email delivery for progress updates | Processor |
| Google Analytics | Website analytics | Processor or independent provider depending on configuration and applicable law |
| Microsoft Clarity | Website analytics and session insights | Processor or independent provider depending on configuration and applicable law |
| Paddle | Future payment processing for subscriptions if and when launched | Independent payment provider and/or processor depending on the transaction structure |
We may also disclose personal data where required by law, regulation, legal process, or a binding governmental request, or where necessary to establish, exercise, or defend legal claims.
9. International transfers
EventsFlo is based in Sri Lanka. Personal data collected through the landing page may therefore be accessed from Sri Lanka.
Your data is stored in Supabase infrastructure configured in the Frankfurt region. Even where data is stored in the European Union, some service providers may involve international access or support operations from outside the EEA. Where personal data is transferred outside the EEA or UK, we will seek to ensure that an appropriate transfer mechanism is used where required by applicable law, such as contractual safeguards.
10. Data retention
We retain the personal data collected through the landing page for up to 1 year from the date of collection, unless:
- a longer retention period is required by law,
- the data is needed for the establishment, exercise, or defense of legal claims, or
- you request deletion earlier and no exception applies.
At the end of the retention period, we will delete, anonymize, or securely isolate the data unless continued retention is legally justified.
11. Data security
We take reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include controlled access, secure storage infrastructure, and transport security where appropriate.
However, no method of transmission over the internet or method of electronic storage is completely secure. For that reason, while we take appropriate steps to protect your data, we cannot guarantee absolute security.
12. Your GDPR rights
If GDPR applies to you, you may have the following rights, subject to applicable legal limitations:
- The right to access the personal data we hold about you.
- The right to request correction of inaccurate or incomplete personal data.
- The right to request erasure of your personal data.
- The right to request restriction of processing.
- The right to object to processing based on legitimate interests.
- The right to data portability where applicable.
- The right to withdraw consent at any time where processing is based on consent.
- The right to lodge a complaint with a competent supervisory authority in the EU or EEA country where you live, work, or where an alleged infringement occurred.
To exercise your rights, please contact us at dimal.eventsflo@gmail.com. We may need to verify your identity before acting on your request.
13. Whether data provision is required
You are not legally required to provide your personal data to us. However, if you do not provide the requested name, email address, and business name fields, we may not be able to record your interest or send product progress updates.
14. Automated decision-making
We do not use the personal data collected through the landing page for decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant effects on individuals.
15. Children
The EventsFlo landing page is not intended for children. We do not knowingly collect personal data from children. If you believe that a child has provided personal data to us, please contact us so that we can review and delete it where appropriate.
16. Ownership and control of submitted data
As between EventsFlo and the individual who submits data through the landing page, the submitted data remains associated with and attributable to the person who provided it. EventsFlo acts as the sole controller of that landing page data for the limited purposes described in this Privacy Policy, and does not permit unrelated third parties to use the data for their own purposes.
17. Future paid subscriptions
EventsFlo does not currently sell software subscriptions through the landing page. If subscription sales are introduced in the future, Paddle is expected to be used as the payment provider. At that time, this Privacy Policy may be updated to include billing, transaction, tax, and payment-related processing details.
18. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we do, we will update the effective date at the top of this page. If changes are material, we may also provide additional notice on the website or by email where appropriate.
19. Contact
If you have questions about this Privacy Policy or want to exercise your rights, please contact:
EventsFlo
88/3, Kurunduwatta Road, Pitakotte, Colombo, Sri Lanka
dimal.eventsflo@gmail.com
© 2026 EventsFlo. All rights reserved. Privacy Policy