Privacy Policy

Privacy practices for Everlage websites, platform, tenant services, scanner apps, and related services

1. Scope

This Privacy Policy explains how Everlage, operated by DLTS, Israeli business no. 206979981, collects, uses, stores, shares, and protects personal data in connection with Everlage websites, SaaS platform, tenant websites, dashboards, APIs, scanner apps, communications, and related services.

Everlage serves two main roles. For information collected for our own website, sales, account administration, billing, support, security, and service improvement, Everlage acts as an independent controller where applicable. For attendee, ticket, registration, form, and event-operation data that Customers collect through their tenant, Everlage generally acts as a processor/service provider on behalf of the Customer.

2. Customer responsibility for event data

Each Customer decides what information to collect from attendees and how to use it. Customers must publish their own privacy policy before their public tenant site goes live. If you are an attendee, the relevant Customer’s privacy policy explains how the Customer uses your event data.

Everlage does not use attendee data from Customer tenants for its own unrelated marketing or commercial purposes unless separately permitted by law and contract.

3. Personal data we collect about Customers

When a business or organization creates or manages an Everlage account, we may collect:

• First and last name of account contacts and staff users.
• Business or organization name.
• Business registration number.
• Business address and company address.
• Email address and phone number.
• Plan, billing, subscription, usage, and support records.
• Login, authentication, role, security, and audit logs.
• Domain and DNS configuration details where a custom domain is connected.

4. Personal data processed through Customer tenants

Depending on the Customer’s configuration, Everlage may process attendee and event data such as:

• Name, email, phone, company, job title, address, or other contact details.
• Ticket, registration, badge, invitation, pass, QR code, check-in, attendance, and scan logs.
• Custom-form answers selected by the Customer.
• Uploaded files such as approvals, images, PDFs, documents, or other attachments.
• Marketing opt-in status and communication preferences.
• Event operational data such as session selections, meal preferences, group assignments, or access permissions.
• Payment status, order identifiers, and invoice/receipt references received from the Customer’s payment provider. Everlage does not process card data unless a specific integration requires limited technical handling under a separate written arrangement.

5. Sensitive data and minors

Customers may configure forms to collect information that could be sensitive under applicable law, such as identity numbers, age, guardian information, health-related event needs, dietary restrictions, images, or documents. Customers are responsible for deciding whether such collection is lawful, necessary, properly disclosed, and supported by valid consent or another lawful basis.

Everlage may provide operational features for parental approvals or events involving minors, but Everlage is not certified as a children’s privacy compliance platform. Customers are responsible for all laws and permissions relating to minors, including parental consent, age restrictions, retention, and child-safety obligations.

6. How we use personal data

Everlage uses personal data to:

• Provide, operate, secure, maintain, and improve the Services.
• Provision tenants, accounts, subdomains, custom domains, dashboards, and integrations.
• Send service, transactional, security, billing, trial, onboarding, and support communications.
• Authenticate users, send OTP/SMS verification where enabled, manage roles, and prevent unauthorized access.
• Generate tickets, QR codes, badges, reports, exports, and event-operation workflows on behalf of Customers.
• Process subscription billing, ticket-unit overages, and account administration.
• Troubleshoot bugs, monitor performance, prevent fraud, detect abuse, and protect system integrity.
• Comply with legal obligations, enforce agreements, and resolve disputes.

7. Marketing communications

Everlage may send marketing communications to business contacts where permitted by law. You may opt out of Everlage marketing messages at any time. Customers using Everlage marketing tools are responsible for obtaining and documenting valid consent or another lawful basis for their own messages.

The Everlage platform is designed not to send Customer marketing emails through the platform to attendees who did not opt in during purchase or registration, but the Customer remains responsible for its own legal compliance.

8. Payments

Event-ticket payments are processed through the Customer’s selected payment gateway or merchant account, including any gateway opened through an Everlage Pay partner. Everlage does not hold attendee funds and generally does not receive full payment-card details. Payment providers process payment information under their own terms and privacy policies.

Everlage processes Customer subscription and usage billing information for its SaaS fees.

9. Cookies and similar technologies

Everlage and Customer tenant sites may use cookies, local storage, pixels, SDKs, and similar technologies for login, security, preferences, analytics, performance, maps, weather, embedded content, and marketing where enabled. More details appear in the Cookie Policy.

10. Sharing personal data

We may share personal data with:

• The Customer that controls the relevant tenant or event.
• Authorized staff users within the Customer tenant.
• Service providers and subprocessors used to host, send email/SMS, secure, monitor, support, and operate the Services.
• Customer-connected payment providers, email providers, DNS/domain providers, or integrations as configured by the Customer.
• Professional advisers, authorities, courts, or regulators where legally required or necessary to protect rights and safety.
• A successor or acquirer in connection with a merger, acquisition, financing, restructuring, or sale of business assets, subject to appropriate protections.

11. Subprocessors and third-party services

Everlage currently uses AWS hosting in the Tel Aviv region, Amazon SES for email, Google services for maps/weather, and Vee accessibility tooling. Additional providers may be listed in the Subprocessors List. Customer-selected payment processors and SMTP providers may be independent providers chosen by the Customer.

12. International transfers

Everlage is operated from Israel and uses infrastructure in Israel and other locations as needed to provide the Services. Where applicable privacy laws require transfer safeguards, Everlage will use appropriate contractual, technical, and organizational measures, such as data processing agreements, standard contractual clauses, or equivalent safeguards.

13. Retention

We retain personal data for as long as needed to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, maintain backups, prevent fraud, and support Customer exports or deletion requests. Customer tenant data may be retained or deleted according to the Customer’s subscription status, DPA, backup cycles, and legal requirements.

14. Security

Everlage uses technical and organizational measures designed to protect personal data, including controlled access, tenant separation, encryption in transit, hosting security, monitoring, backups, and role-based permissions. No system is perfectly secure, and Customers are responsible for staff access, strong credentials, device security, and proper configuration.

15. Your privacy rights

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data, and to withdraw consent. Requests relating to event data controlled by a Customer should be directed to that Customer. Everlage may assist Customers in responding to such requests.

To contact Everlage about privacy matters, email [INSERT PRIVACY EMAIL].

16. Israeli law, GDPR, UK GDPR, and other privacy laws

Everlage aims to operate in a manner compatible with Israeli privacy law and, where applicable to Customers or data subjects, GDPR, UK GDPR, and similar privacy frameworks. The Customer is responsible for determining which laws apply to its events and attendees.

17. Changes

We may update this Privacy Policy from time to time. Material changes may be posted on the website or communicated through the Services. The “Effective date” above indicates the latest version date.