EasyConferenceHub

Privacy Policy

Last updated: February 16, 2026 · Version 2.0

1. Data Controller

EasyConferenceHub ("we", "our", or "us") is the data controller for your personal information. We are registered in England and Wales. For data protection queries, contact our Data Protection Officer at dpo@easyconferencehub.com.

2. Information We Collect

Information you provide

  • Account data: Name, email address, password
  • Profile data: Phone, organisation, affiliation, title, bio, country, subject area, expertise, profile photo
  • Submission data: Paper titles, abstracts, keywords, uploaded papers, author details
  • Review data: Review ratings, comments, and recommendations
  • Registration data: Conference registrations, event selections, custom question answers
  • Payment data: Payment method choice; card details are processed directly by Stripe and never stored on our servers

Information collected automatically

  • IP address and browser type: Collected for security, fraud prevention, and to verify consent records. Session IP data is retained for the duration of your session only. IP addresses stored with consent records are retained as part of the audit trail to demonstrate valid consent under GDPR Article 7.
  • Device information
  • Session data for authentication
  • Cookies — see our Cookie Policy

3. Lawful Basis for Processing

Under UK GDPR Article 6, we process your data on the following bases:

  • Contract (Art. 6(1)(b)): To provide the conference management service you registered for, including processing submissions, facilitating reviews, and managing registrations.
  • Legitimate interests (Art. 6(1)(f)): To improve our platform, ensure security, prevent fraud, and collect IP addresses for session management and security monitoring.
  • Consent (Art. 6(1)(a)): For optional analytics cookies and non-essential communications. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): To retain payment records as required by UK tax law (HMRC).

4. How We Use Your Information

  • Provide and maintain the conference management platform
  • Process paper submissions, reviews, and decisions
  • Send notifications about your submissions, reviews, and registrations
  • Process conference registration payments
  • Maintain the double-blind review process
  • Respond to support requests

5. Information Sharing & Sub-processors

We do not sell your personal information. We share data with the following parties:

  • Conference organisers: To manage conference activities (registrations, submissions)
  • Reviewers: Paper content only, maintaining author anonymity in double-blind reviews
  • Stripe, Inc. (USA) — Payment processing. Stripe acts as an independent data controller for payment data. Stripe Privacy Policy
  • Email service provider: To deliver transactional notification emails
  • Legal authorities: When required by UK law

6. Data Hosting & International Transfers

Your data is hosted on a dedicated server located in the European Union, subject to EU data protection law. The server is managed by our team and shared only with other applications operated by our company — no third-party tenants have access to the infrastructure.

The EU has been granted adequacy status by the UK under the UK GDPR, meaning your data benefits from equivalent protection when processed in the EU. Where we transfer personal data to sub-processors outside the EU/UK (e.g. Stripe in the USA), we ensure appropriate safeguards are in place, including the UK International Data Transfer Agreement (UK IDTA) or the party's participation in recognised data protection frameworks.

7. Data Security

We implement appropriate technical and organisational measures including: TLS encryption for data in transit, bcrypt password hashing, encrypted storage of payment credentials and sensitive fields, role-based access controls, and database-backed session management.

8. Data Retention

  • Account data: Retained while your account is active. Deleted upon account deletion request.
  • Submissions and reviews: Retained for 3 years after the conference ends, then anonymised or deleted.
  • Payment records: Retained for 6 years after the transaction as required by HMRC.
  • Server logs: Retained for 90 days, then automatically purged.

9. Your Rights Under UK GDPR

You have the following rights, which you can exercise directly in your account settings or by contacting us:

  • Right of access (Art. 15): Download your data from Profile → Data & Privacy → Export.
  • Right to rectification (Art. 16): Edit your profile information at any time.
  • Right to erasure (Art. 17): Delete your account from Profile → Data & Privacy → Delete Account. Reviews will be anonymised to preserve academic integrity.
  • Right to data portability (Art. 20): Export your data in JSON format from your profile.
  • Right to object (Art. 21): Manage email notification preferences from your profile settings.
  • Right to withdraw consent: Withdraw cookie consent via the cookie banner, or notification consent via your preferences page.

We will respond to any data subject request within 30 days. Contact dpo@easyconferencehub.com.

10. Children's Privacy

Our services are designed for academic and professional users and are not directed to individuals under 16. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email and by posting the updated policy with a new version number and date.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

13. Contact Us

For any questions about this Privacy Policy or to exercise your data rights:

Data Protection Officer:dpo@easyconferencehub.com

General enquiries:privacy@easyconferencehub.com

© 2026 EasyConferenceHub. All rights reserved.