I am Coming - Event RSVP Management Platform

Data Governance

Last updated: April 6, 2025

1. Overview

At I am Coming (IaC), we are committed to responsible data stewardship. This Data Governance Policy outlines how we manage, protect, and utilize data across our platform to ensure compliance with relevant regulations and best practices.

2. Data Classification

We classify data based on sensitivity and regulatory requirements:

  • Public Data: Information that is freely available and poses no risk if disclosed
  • Internal Data: Information for internal use that is not particularly sensitive
  • Confidential Data: Sensitive information including personal data and account credentials
  • Restricted Data: Highly sensitive information subject to strict regulatory requirements

3. Data Storage and Retention

We store data in secure environments and maintain it only as long as necessary for the purposes for which it was collected, or to comply with legal obligations. Our retention periods are:

  • Account data: For the duration of your account plus 30 days after deletion
  • Event data: For the duration of the event plus 90 days after completion
  • Payment information: As required by financial regulations
  • Usage data: Up to 12 months for analytics and service improvement

4. Data Access Control

We implement strict access controls based on the principle of least privilege. Only authorized personnel with a legitimate business need can access certain types of data, and all access is logged and periodically reviewed.

5. Data Processing

We process data in accordance with applicable laws and regulations, including but not limited to GDPR, CCPA, and other privacy regulations. We maintain data processing records and conduct regular assessments of our data processing activities.

6. Data Protection

We employ technical and organizational measures to protect data, including:

  • Encryption of data at rest and in transit
  • Regular security assessments and penetration testing
  • Employee training on data protection and security
  • Incident response procedures

7. Data Subject Rights

We respect and facilitate the rights of data subjects as required by applicable regulations, including rights to:

  • Access their personal data
  • Correct inaccurate data
  • Delete their data (right to be forgotten)
  • Restrict or object to processing
  • Data portability

8. Data Breach Management

We have procedures in place to detect, report, and investigate data breaches. In the event of a breach affecting personal data, we will notify affected individuals and relevant authorities as required by law.

9. Changes to This Policy

We may update our Data Governance Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Information

For questions regarding our data governance practices, please contact our Data Protection Officer at dpo@iamcoming.com.