Remarque : nos documents juridiques sont disponibles uniquement en anglais.

Privacy Policy

Dernière mise à jour : 2026-05-26

Openevent is a Swiss-made software platform for event businesses. We collect the personal data we need to run the platform, send you the things you've asked us to send you, comply with Swiss law, and keep the service secure. We do not sell personal data. We are transparent about every third party that processes data on our behalf, including the AI providers powering our AI Features. You have the right to access, correct, port, delete, and complain about your data at any time. This policy explains all of that in full.

For details on where data is stored, how it is encrypted, and which infrastructure partners process it, see our Trust Center. For the full table of cookies set on this site, see our Cookie Policy.

1. Who we are and what role we play

1.1 The controller

MORE LIFE Hospitality GmbH
c/o River Söllner, Bergstrasse 71, 8032 Zürich, Switzerland
Commercial register: CH-020.4.077.109-0 (Handelsregister des Kantons Zürich)
UID: CHE-169.807.993
Contact: info@openevent.io

In this policy, "Openevent", "we", "us" and "our" refer to MORE LIFE Hospitality GmbH, the company that operates the Openevent platform.

1.2 We play two different roles

Openevent processes personal data in two different capacities, and you should know which one applies to which data.

We are the controller for:

Personal data of visitors to openevent.io (you reading this page right now).
Personal data of people who sign up for an Openevent account to run their event business (the "Customer" under our Terms of Service) — their team members, billing contacts and login credentials.
Personal data of people who contact us through email, demo bookings, contact forms or social channels.
Personal data we process for our own purposes: marketing, sales, accounting, legal compliance and product analytics.

We are the processor for personal data that our Customers (event businesses using Openevent) upload into the platform about their own End Users — ticket buyers, attendees, members, contacts, suppliers, staff and other people they interact with.

When we act as a processor, the event business is the controller of that data, and our handling of it is governed by our Terms of Service(Section 19) and, on request, by a separate Data Processing Agreement (DPA). End Users with questions about their data held inside an event business's Openevent account should contact that business first.

1.3 What this policy covers

This policy covers our processing of personal data in our role as controller. It also explains, at a high level, how we process Customer Data as a processor — full details on that processor role are in our Terms of Service and the DPA.

2. What we collect

We only collect the data we actually need. Here is what that looks like, by category.

2.1 Account and identity data

Name, email address, password (stored as a one-way hash — we never see your password).
Organisation name, role/job title, country.
Profile photo and language preference, if you set them.
Time of account creation, last login, and basic activity logs.

2.2 Billing and tax data

Billing name, billing address, VAT/UID number where applicable.
Invoice history.
Stripe customer ID and a payment method token (we never see your full card number — that goes directly to Stripe).

2.3 Event and business data uploaded by Customers

Event details (titles, dates, locations, descriptions, capacity).
End User records you upload or that flow in through ticketing — names, emails, phone numbers, ticket purchases, attendance status.
Offers, invoices, contracts and other commercial documents you create.
Staff records, shifts, communication threads, internal notes.
Files you upload to the platform.

For this category, we act as a processor on behalf of the Customer.

2.4 Communication data

Emails you send to us (and we send to you) about your account, support, sales or marketing.
Demo bookings made through Calendly.
WhatsApp messages where you have chosen to contact us via WhatsApp.
Support chat transcripts.

2.5 AI Features data

The inputs you submit to AI Features — emails, messages, files, prompts, business context.
The outputs the AI generates for you.
Metadata about each AI request (timestamp, token usage, which model was used).

These inputs and outputs are processed by our AI Sub-Processors (currently Anthropic and OpenAI — see §5). Inputs and outputs are not used by those providers to train their general-purpose models. See §11.

2.6 Technical and usage data

IP address (truncated where practical), user agent, browser language, device type, operating system.
Pages visited, clicks, scroll depth, referrer, timestamps.
Performance and error telemetry (crash logs, slow-loading pages, API response times).
Session identifiers and security tokens.

2.7 Cookies and similar technologies

See §10 for a summary and our Cookie Policy for the full table.

2.8 What we do not collect

Special-category personal data (health, race, ethnic origin, religion, political opinions, trade-union membership, sexual orientation, genetic or biometric data). If a Customer uploads such data through the platform, they do so under their own legal basis and at their own risk — see Terms §19.
Personal data of children under 16 (see §14).
More personal data than we need for the purposes set out in §3.

3. Why we collect it and on what legal basis

We process personal data only where we have a lawful basis to do so. The table below pairs each purpose with its legal basis under the EU General Data Protection Regulation (GDPR) and the revised Swiss Federal Act on Data Protection (revFADP).

#	What we do with your data	Legal basis (GDPR / revFADP)
1	Create and manage your Openevent account; let you log in; give you access to the features you've subscribed to.	Performance of a contract (the Terms of Service).
2	Process payments, issue invoices, handle refunds and chargebacks.	Performance of a contract.
3	Comply with Swiss tax, accounting, anti-money-laundering and other legal obligations (including the 10-year retention rule under the Swiss Code of Obligations).	Legal obligation.
4	Send you transactional emails — account confirmations, password resets, invoices, security notices, important service announcements.	Performance of a contract.
5	Send you marketing emails about Openevent (newsletters, product updates) where you have signed up to receive them. You can unsubscribe in one click from any such email.	Consent (which you can withdraw at any time).
6	Reach out to business contacts at event businesses we believe may benefit from Openevent, by email, where this is permitted under Swiss and EU rules for B2B communications. Every such email contains a one-click unsubscribe.	Legitimate interests (B2B marketing), balanced against your interests.
7	Reply to your questions and provide customer support.	Performance of a contract / legitimate interest.
8	Operate and improve the platform — bug fixing, performance monitoring, error tracking, security incident response, fraud prevention.	Legitimate interests in running a secure and reliable service.
9	Understand how openevent.io is used in aggregate, with privacy-friendly analytics (no cross-site tracking, no profiling, see §10).	Consent (where the tool requires it under Swiss and EU rules) or legitimate interest (for strictly necessary, server-side measurements).
10	Power the AI Features (AI inbox, AI replies, AI assistants) by sending the inputs you give us to our AI Sub-Processors and returning the outputs to you.	Performance of a contract (you have asked us to provide AI Features as part of the Service) plus, for any optional features that require it, consent.
11	Defend our legal rights, enforce our Terms of Service, deal with disputes and claims.	Legitimate interest.
12	Comply with court orders, lawful requests from competent authorities, and obligations under applicable law.	Legal obligation.

If we ever rely on legitimate interests, you have the right to object — see §7.

4. Where we get personal data from

We get personal data from three sources:

Directly from you — you fill in forms, send us emails, sign up for an account, book a demo, upload data into the platform.
From your employer or organisation — if your colleague invites you to join an Openevent account as a team member.
From public sources or partners — for B2B marketing outreach, we may obtain professional contact details for people in event-business roles from public business directories, LinkedIn, your company website or reputable B2B data providers. We only use such data for legitimate, business-to-business outreach and we honour opt-out requests immediately.

5. Who else processes your data (sub-processors)

To run Openevent, we use a small number of carefully chosen sub-processors. We have data processing agreements in place with each of them and we have assessed their security and privacy posture. The current list:

Sub-processor	What they do	Where data is processed
Supabase	Primary database and file storage. Holds Customer Data plus our own account and billing records.	Zürich region — Switzerland.
Vercel	Web hosting and content delivery for openevent.io and the platform front-end. Logs IP addresses for security and performance.	EU regions for hosting; global edge network for content delivery (cached content only, no personal data stored at edge).
Stripe	Payment processing for any payments made on or through Openevent. You contract directly with Stripe. We never store your full card number.	Ireland (Stripe Payments Europe Ltd.) for European customers; United States for Stripe's global operations. Stripe is certified under the EU–US and Swiss–US Data Privacy Frameworks.
Anthropic (Claude API)	One of the AI providers powering our AI Features. Receives the inputs you submit to AI Features and returns the AI Output.	United States. Anthropic does not use API inputs or outputs to train its general-purpose models.
OpenAI	Alternate AI provider for AI Features, where used.	United States. OpenAI's API terms confirm that inputs and outputs are not used to train its general-purpose models.
Resend	Transactional email delivery (account confirmations, invoices, system notifications).	United States.
Hostpoint	Outbound and inbound email infrastructure for our team and operational mailboxes.	Switzerland.
Calendly	Embedded scheduling widget for booking demos with our team. Loaded only when you visit pages that use the widget (e.g. our pricing/demo page).	United States.
Google Analytics 4 (planned)	Privacy-friendly traffic and conversion analytics for openevent.io. Loaded only after you accept the analytics cookie category.	United States (with EU/Swiss data routing where supported by Google).
Meta (Facebook / Instagram) (planned, advertising)	Meta Pixel and Meta Conversions API, used to measure paid ad performance, build custom and lookalike audiences, and suppress ads to existing customers. Loaded only after you accept the marketing cookie category.	Ireland (Meta Platforms Ireland Ltd.) for European users, with onward transfers to the United States. Certified under the EU–US and Swiss–US Data Privacy Frameworks.
TikTok (planned, advertising)	TikTok Pixel and TikTok Events API, used to measure paid ad performance and build audiences. Loaded only after you accept the marketing cookie category.	Ireland (TikTok Information Technologies UK Ltd. / TikTok Technology Ltd.) for European users; primary EU/EEA and Swiss data storage in TikTok's European data centres (Project Clover).
LinkedIn Insight Tag (potential, advertising)	If we run B2B ads on LinkedIn, the Insight Tag will be used for the same purposes as the Meta Pixel.	Ireland (LinkedIn Ireland Unlimited Company), with onward transfers to the United States.

This list reflects the position at the date this policy was last updated. The authoritative, up-to-date list also appears on our Trust Center. We will update this policy when we add or remove a sub-processor that processes personal data; for material changes we will give advance notice per §16.

We may also use small operational tools (e.g. our help desk, our internal CRM and automation tools, our error-monitoring service) that process limited personal data such as support ticket content or error logs. The current operational list is available on request at info@openevent.io.

We do not sell personal data, and we do not share it with advertising networks except as described in §11A.

6. International transfers and our position on EU representation

6.1 Where your data lives

The platform's primary database is in Switzerland (Supabase Zürich region). Backups and analytics aggregates are also held in Switzerland or in the EU. The website and front-end are hosted on EU regions of our hosting provider.

Some sub-processors are based in the United States or operate globally. Where we send personal data to a country outside Switzerland and the EU/EEA, we rely on one or more of the following safeguards:

The EU–US Data Privacy Framework and the Swiss–US Data Privacy Framework, where the sub-processor is certified.
EU Standard Contractual Clauses, together with the Swiss FDPIC addendum, where required.
Additional technical and organisational measures — encryption in transit and at rest, access controls, contractual restrictions on use.

6.2 Our position on the GDPR Article 27 EU Representative

GDPR Article 27 requires controllers established outside the EU/EEA who offer goods or services to EU residents to designate an EU representative. MORE LIFE Hospitality GmbH is established in Switzerland (not the EU/EEA), so the rule applies to us in principle.

Article 27(2) provides an exemption where the processing is occasional, does not include large-scale processing of special-category data, and is unlikely to result in risk to the rights and freedoms of natural persons. Today, our processing of EU residents' data is limited in scale, involves no special-category data and presents low risk. On that basis we currently rely on the Article 27(2) exemption.

We will appoint an EU representative as our EU activities expand, and update this policy and our Trust Center when we do.

If you are an EU resident and you want to exercise a data protection right, write to us directly at info@openevent.io. We treat your request exactly as we would for a Swiss resident and we will respond within the GDPR statutory timeframe.

7. Your rights

Whether you are a Swiss resident (revFADP) or an EU/EEA resident (GDPR) — or anyone else — you have the rights below. To exercise any of them, write to info@openevent.io from the email address connected to your account, or include enough information for us to identify you.

Right of access — get a copy of your data and information on how we process it.
Right to rectification — ask us to correct inaccurate or incomplete data.
Right to erasure ("right to be forgotten") — ask us to delete your data, subject to our legal retention obligations.
Right to restriction — limit how we use your data in specific situations.
Right to data portability — receive your personal data in a structured, commonly used, machine-readable format.
Right to object — object to processing based on legitimate interest. For direct marketing, your objection always wins.
Right to withdraw consent — at any time, with no effect on the lawfulness of processing carried out before the withdrawal.
Right not to be subject to a solely automated decision with legal or similarly significant effects. See §11.
Right to lodge a complaint with a supervisory authority. See §13.

We will respond to your request within one month as required by the GDPR (and equivalently within 30 days under the revFADP). We may extend this once by a further two months for complex requests; if we do, we will tell you why within the first month.

We may need to ask you for additional information to confirm your identity before acting on a request.

8. How long we keep data

We keep personal data only as long as we need it for the purposes set out in §3, or as required by applicable law.

Data category	Retention
Account data	Lifetime of your account, plus up to 90 days after account closure for restore requests, then permanent deletion or anonymisation.
Customer Data (uploaded into the platform)	Lifetime of the Customer's account, plus the export and grace window described in our Terms of Service §13. After that, deletion or anonymisation.
Invoices, accounting records, tax documents	10 years, as required by Article 958f of the Swiss Code of Obligations.
Marketing contact data	Until you unsubscribe, or 24 months of inactivity, whichever comes first.
Support tickets and communication history	24 months after closure of the support ticket.
Server and application logs	Typically 30 to 90 days; longer where we are investigating a security incident.
AI Features inputs and outputs	Stored as part of the conversation or workflow you used them in. Inputs are sent to AI Sub-Processors per their no-training, zero-retention or short-retention API policies.
Backups	Up to 35 days rolling, after which they are overwritten.
Data kept in connection with a legal claim or investigation	For as long as required to deal with the claim or investigation.

9. How we keep data secure

We apply technical and organisational security measures appropriate to the sensitivity of the data and the risks involved. These include:

Encryption in transit (TLS 1.2+) for all data moving between your device and our servers.
Encryption at rest for our primary database and file storage.
Access controls — role-based access, principle of least privilege, mandatory multi-factor authentication for our team's access to production systems.
Vendor due diligence — security and privacy assessments for every sub-processor before onboarding.
Audit logging of administrative access to production systems.
Incident response — we will notify affected customers and, where required, supervisory authorities within the legal timeframes (72 hours under GDPR, comparable under revFADP).
Secure development — code review, dependency monitoring, security testing.

For the latest detail on infrastructure, certifications and security commitments, see our Trust Center.

No system is perfectly secure. If you believe you have found a vulnerability, please email info@openevent.io and we will respond promptly.

10. Cookies and similar technologies

Cookies are small files placed on your device when you visit a website. We use them as little as we can get away with. The full table of cookies set on openevent.io is in our Cookie Policy. A short summary:

Category	Purpose	Consent required?
Strictly necessary	Sign-in sessions, security tokens, load balancing, your cookie-banner choice itself.	No
Functional	Language preference, dismissed banners, embedded Calendly widget.	Yes — opt-in
Analytics	Aggregate traffic and conversion analytics. Currently planned: Google Analytics 4.	Yes — opt-in
Marketing & advertising	Measure paid ad campaigns, suppress ads to existing customers, build custom or lookalike audiences. Currently planned: Meta Pixel (Facebook / Instagram), TikTok Pixel, potentially LinkedIn Insight Tag.	Yes — opt-in

When you first visit openevent.io, our cookie banner lets you accept all categories, reject all non-essential categories, or customise per category. Your choice is stored and you can change it at any time via the "Cookie settings" link in the site footer.

11. AI Features and automated decisions

Some parts of the Openevent platform — for example the AI inbox, the AI reply suggestions and the AI assistants — use large language models provided by Anthropic and OpenAI to read inputs you submit and generate outputs.

When you use an AI Feature, the relevant input is sent over the public internet to the AI provider's API, processed by the model, and the output is returned to us and then to you. Neither Anthropic nor OpenAI is permitted to use your inputs or our outputs to train their general-purpose models.

AI Output is presented to the human Openevent user as a suggestion. A human reviews, edits and decides whether to send, save or act on it. The AI Features do not, on their own, take any action that has legal or similarly significant effects on a person without human review. If we ever introduce a feature that does take a solely automated decision with legal or similarly significant effects, we will flag it clearly, explain the logic and consequences, give the user the right to obtain human review, and rely on a lawful basis under GDPR Article 22 / revFADP Article 21.

As a practical matter, we recommend that you do not paste highly sensitive content (national identification numbers, payment card numbers, medical information, special-category data) into AI prompts.

11A. Online advertising

We may run paid advertising campaigns on third-party platforms — currently planned: Meta (Facebook, Instagram) and TikTok, and potentially LinkedIn. To measure how well those ads work and to make sure they're shown to the right people, we use two complementary tools on each platform: a browser-side pixel and a server-side conversions / events API.

What we share with the ad platforms:

Conversion events— e.g. "this visitor reached the pricing page", "this visitor booked a demo", "this visitor signed up". The event, the page it happened on, the timestamp and basic technical context.
Hashed identifiers — where you have given us your email address (for example by booking a demo), we may share a one-way hashed version of that email so the platform can match it to a known account on their side. We do not share the email in plain text.
Audience signals— anonymous segments such as "visitors who looked at the hotels industry page in the last 30 days" so we can show relevant ads to similar audiences.

What we do not do:

We do not share Customer Data, End User attendee data, AI Features inputs or any data from inside the platform application (app.openevent.io) with ad platforms.
We do not sell personal data to anyone, including ad platforms.
We do not run ads inside the Openevent platform itself.

Your controls:

Cookie banner— marketing pixels load only after you accept the "Marketing & advertising" cookie category. Reject this category and no pixel fires on your visit.
Withdraw consent at any time— click "Cookie settings" in the footer and switch the category off.
Each ad platform's own controls — Meta, TikTok and LinkedIn each let you adjust ad personalisation and opt out of behavioural ads in your account settings on their respective platforms.

We rely on consent as our lawful basis for placing marketing and advertising cookies and for sharing personal data with ad platforms (Article 6(1)(a) GDPR; equivalent under revFADP).

12. Marketing communications

We send three kinds of messages to humans:

Service messages — confirmations, password resets, invoices, system notices. You receive these because you have an account and they are necessary to provide the service.
Marketing newsletters and product updates — you receive these only if you have signed up to receive them (opt-in). Every such email contains a one-click unsubscribe link.
B2B sales outreach— emails sent to a professional, business-context email address of someone in an event-business role, where we have a legitimate interest in introducing Openevent. Every such email identifies us clearly, explains why you're receiving it, and contains a one-click unsubscribe.

If you are an individual consumer and you receive a message from us, you can always reply STOP, unsubscribe via the link, or write to info@openevent.io.

13. Where to complain

If you believe we have not handled your personal data lawfully, please tell us first — we would rather fix it than be reported. Email info@openevent.io.

You also have the right to lodge a complaint with a supervisory authority.

Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch.
EU/EEA: Your local data protection authority. Directory at edpb.europa.eu.
United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk.

14. Children

Openevent is a business platform and is not intended for use by children. We do not knowingly collect personal data from anyone under 16. If you believe that a child has provided us with personal data, contact us at info@openevent.io and we will delete it.

If you are a Customer and your event involves attendees under 16, you remain the controller of that data and you are responsible for the legal basis (typically parental consent) under your own privacy policy and applicable law.

15. Links to third-party sites

openevent.io links out to third-party websites. When you follow such a link, the destination site's own privacy policy applies. We are not responsible for what those sites do with your data.

16. Changes to this policy

We may update this policy from time to time. The version number and "Last updated" date at the top always reflect the current version.

Minor edits (typos, clarifications, adding a new sub-processor of the same kind): we update the date and the version number.
Material changes (a new category of data, a new purpose, a new transfer mechanism, a change to your rights): we will notify you in advance by email or in-product banner, at least 30 days before the change takes effect.

If you continue to use Openevent after a change takes effect, you are deemed to accept the updated policy. If you don't, you can stop using the service and exercise your rights under §7.

17. Contact

For any question about this policy, your data, or your rights:
Email: info@openevent.io
Postal: MORE LIFE Hospitality GmbH, c/o River Söllner, Bergstrasse 71, 8032 Zürich, Switzerland

We aim to acknowledge every privacy enquiry within 5 working days and resolve it within the statutory timeframes set out in §7.