Conference Badge is compliant with the EU General Data Protection Regulation [GDPR].

Article 1. Subject-matter and objectives

  • This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

  • This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

  • The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.

— General Data Protection Regulation

Here are some of the processes and practices we have in place to protect our users’ data

Privacy by Design 32

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of personal data, username, password, transaction information and data stored on our servers.

Sensitive and private data exchanges between Conference Badge and its users happen over a TLS secured communication channel (also known as SSL) and is encrypted and protected with digital signatures. All personal data stored on our servers is encrypted at rest.


We’ve partnered with various providers to offer a reliable service. All of our partners have a great security track record, take personal data privacy seriously, and are fully compliant with GDPR. We have signed a Data Processing Agreement (DPA) with each of them.

To be fully transparent, here is the complete list of providers who come in direct contact with our users’ personal data:

Name Services Location GDPR compliance DPA signed with us
 Heroku Web servers, database US Read more
 AWS File hosting, CDN, secrets management US Read more
 Stripe Payment processing US Read more
 Missive Communications, support CA Read more
 Analytics Marketing analytics US Read more
 Logentries Log management US Read more
 Postmark Transactional emails US Read more
 Xero Accounting NZ Read more
 SendGrid Email marketing US Read more

Subscribe to this RSS feed to be notified of new subprocessors

Rights of the data subject 15 16 17 20 21

Our users have the right to access and export their personal data. Upon request, we will provide them with information about whether we hold any of their personal data. They may access (structured and machine readable format), correct, or request deletion of their personal data by contacting us at We will respond to and proceed with requests within 30 days.

Data Processing Agreement

Our users can request a data processing addendum with us by contacting

This document was last updated on December 16th, 2019