In The Event Of

Privacy Policy

Effective Date: 10 March 2026

Last Updated: 10 March 2026

Your Privacy at a Glance

  • You control your data. Export or delete your information anytime.
  • Bank-level security. Encryption at rest and in transit protects your information.
  • Transparent use. We only use your data to provide our services and improve your experience.

1. About This Privacy Policy

In the Event Of Pty Ltd (ABN 38687352647) ("we", "us", "our", or "In the Event Of") is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, and store your personal information when you use our services, including our website at https://intheeventof.co and related services (collectively, the "Services"). It should be read together with our Terms of Service.

By using our Services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

2. What Personal Information We Collect

We may collect the following categories of personal information:

Account Information

Your name, email address, password, and account preferences.

Location Information

Your current country, state, or region (collected via IP address or information you provide).

Profile Information

Any additional information you choose to provide in your user profile.

Service Usage Information

Information gathered in relation to how you use our products and services, including digital footprints you choose to track, categories of services you interact with, and brands you add to your account.

Connected Inbox and Scan Data

If you connect Gmail or Outlook, we collect the connection details, mailbox metadata, scan session history, and the derived footprint records we create when our scanners identify account signups, service relationships, security notices, or breach-related emails.

Technical Information

Device information, IP address, browser type, operating system, and usage data collected through cookies and similar technologies.

Communication Information

Any feedback provided from you to us in relation to our products and services, correspondence with us, and newsletter subscription preferences.

Security and Audit Information

Login history, security events, consent records, and audit logs to maintain the security and integrity of our Services.

3. Types of Personal Information

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in a material form or not.

Sensitive Information is a subset of personal information that includes information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, criminal record, health information, genetic or biometric information. We do not generally collect sensitive information unless you voluntarily provide it, and we will only use it as permitted by law.

4. How We Collect Your Personal Information

Direct Collection

We collect personal information directly from you when you:

  • Create an account or register for our Services
  • Update your profile or account settings
  • Add digital footprints or brands to track
  • Contact us for support or provide feedback
  • Subscribe to our newsletter
  • Participate in surveys or promotions

Automatic Collection

We automatically collect certain information when you use our Services through cookies, analytics tools, and log data. See the Cookies and Tracking Technologies section below for full details.

Third-Party Sources

We may receive information from third-party services you connect to your account, such as Gmail, Outlook, Spotify, or PayPal, with your explicit consent. We also display licensed breach data from Have I Been Pwned and may load brand logos from third-party logo providers when you view brand or breach records.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store certain information when you interact with our Services. Cookies are small text files stored on your device that help us provide and improve our Services.

Types of Cookies We Use

  • Essential Cookies (Permanent): Required for authentication, security, and basic functionality. These cookies cannot be disabled without affecting the Services.
  • Analytical Cookies (180 days): Help us understand how you use our Services through tools like PostHog and Google Analytics. These help us improve performance and user experience.
  • Marketing Cookies (180 days): Used with your consent to deliver relevant content and track marketing campaign effectiveness through services like LinkedIn.

Third-Party Services

Our cookies and tracking technologies may be provided by:

Managing Cookies

You can control and manage cookies through your browser settings:

  • Chrome: Settings → Privacy and security → Cookies and other site data
  • Firefox: Options → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions

Please note that blocking essential cookies may prevent you from using certain features of our Services.

6. Email Account Integration and Scanning

When you connect Gmail or Outlook to our Services, we request read-only access so we can help you discover accounts linked to that inbox and surface relevant security signals.

  • Your email address and basic account profile details
  • Mailbox metadata such as sender, recipient, subject, timestamps, and message identifiers
  • Limited message content where needed to identify account signups, service providers, or security and breach-related notices
  • Scan status, connection health, and the footprint records generated from those scans

How We Use Connected Inbox Data

We use this information to:

  • Authenticate your identity and provide secure access to your account
  • Run inbox scans and build your digital footprint map
  • Identify account signups, service relationships, and breach-related or security notifications
  • Display scan results, connection status, and follow-up actions inside the application
  • Communicate with you about your account or connector status

No Sale of Inbox Data

We do not sell connected inbox data. We only disclose it to service providers or subprocessors where required to operate the Services, or where required by law.

Storage and Protection

Your connector data, tokens, scan state, and derived footprint records are stored securely in our systems and protected with encryption in transit and at rest, access controls, and audit logging.

Retention

We retain connected inbox data for as long as your account is active or as needed to provide the Services. You may disconnect Gmail or Outlook at any time from your account settings.

Your Control

You can revoke our access to Gmail through your Google Account Permissions page, revoke Outlook access from your Microsoft account permissions, or disconnect the connector within your account settings.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

7. How We Use Your Personal Information

We use your personal information for the following purposes:

  • Provide Services: To deliver, maintain, and improve our Services, including helping you manage your digital footprints and complete life event journeys.
  • Authentication and Security: To verify your identity, secure your account, prevent fraud, and protect against unauthorised access.
  • Personalisation: To customise your experience based on your location, preferences, and usage patterns.
  • Analytics and Improvement: To analyse how our Services are used and to improve functionality, user experience, and develop new features.
  • Customer Support: To respond to your enquiries, provide technical support, and address your concerns.
  • Communications: To send you service-related notifications, updates, and (with your consent) marketing communications.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • Consent Management: To record and honour your consent preferences and privacy choices.

8. Disclosure of Personal Information

We may disclose your personal information to:

Service Providers

Third-party service providers who assist us in operating our Services, such as hosting providers (Supabase), analytics services (PostHog), error tracking (Sentry), email services (Resend), payment processor Stripe, and brand logo providers including Brandfetch and icon.horse. These providers are contractually or technically limited to the functions they perform for us.

Breach Data Sources

When we display breach monitoring information, some breach data is sourced from Have I Been Pwned (HIBP) under its applicable licence and terms.

Business Partners

In the future, we may share consented personal information with enterprise partners who subscribe to receive validated, user-consented data updates. This will only occur with your explicit consent and in accordance with our consent framework.

Legal Requirements

Government agencies, law enforcement, or other third parties when required by law, court order, or to protect our rights, property, or safety, or that of others.

Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will notify you of any such change and provide you with choices regarding your personal information.

With Your Consent

To any other third parties with your explicit consent or at your direction.

9. Overseas Disclosure

Your personal information may be stored and processed in countries outside of Australia, including but not limited to the United States and the European Union, where our service providers (such as Supabase, PostHog, and Sentry) maintain their servers and infrastructure.

When we disclose personal information to overseas recipients, we take reasonable steps to ensure that the recipients do not breach the APPs in relation to that information. This includes:

  • Only using service providers that implement appropriate security measures and privacy protections
  • Ensuring contractual obligations are in place to protect your personal information
  • Selecting providers that comply with internationally recognised privacy frameworks

By using our Services, you consent to the disclosure of your personal information to overseas recipients as described in this Privacy Policy.

10. International Users and GDPR

While our Services are primarily governed by Australian privacy law, we recognise that users may access our Services from other countries, including the European Union.

For EU/EEA Users: If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) may apply to our processing of your personal data. Under GDPR, you have additional rights including:

  • The right to lodge a complaint with your local supervisory authority
  • The right to data portability in a machine-readable format
  • Enhanced rights to object to processing and automated decision-making

The legal basis for processing your personal data includes:

  • Contract Performance: Processing necessary to provide our Services to you
  • Consent: Where you have given explicit consent (e.g., marketing communications, Google integration)
  • Legitimate Interests: For analytics, security, and service improvement
  • Legal Obligations: To comply with applicable laws

To exercise your GDPR rights, please contact us using the details in the Contact Information section.

11. Data Security

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, disclosure, alteration, or destruction. Our security measures include:

  • Encryption: Data is encrypted both in transit (using TLS/SSL) and at rest in our databases.
  • Access Controls: Strict access controls and authentication requirements, including Row Level Security (RLS) policies in our database.
  • Security Monitoring: Continuous monitoring for security threats and suspicious activities.
  • Audit Logging: Comprehensive audit trails of data access and modifications with correlation IDs for end-to-end traceability.
  • Secure Token Management: OAuth tokens are encrypted and stored securely with server-side exchange using PKCE.
  • Regular Security Reviews: Periodic security assessments and updates to our infrastructure and practices.
  • Employee Training: Staff are trained on privacy and security best practices.

Notifiable Data Breaches

In the event of a data breach that is likely to result in serious harm to you, we will:

  • Notify you directly as soon as practicable
  • Notify the Office of the Australian Information Commissioner (OAIC)
  • Provide details about the breach, the information involved, and steps you should take
  • Take immediate action to contain the breach and prevent further unauthorised access

We maintain an incident response plan and conduct regular security drills to ensure we can respond quickly and effectively to any security incident.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining best-practice security standards.

12. Data Retention and Destruction

We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods

  • Active Accounts: Personal information is retained while your account is active.
  • Inactive Accounts: Personal information is retained for 7 years after your last account activity.
  • Audit Logs: Security and consent audit logs are retained for 7 years for legal and compliance purposes.
  • Marketing Communications: Newsletter subscription data is retained until you unsubscribe.

Account Deletion

You may request deletion of your account and personal information at any time through your profile settings or by contacting us. Upon receiving a deletion request:

  • We will delete or anonymise your personal information within 30 days
  • Some information may be retained in backup systems for up to 90 days
  • Certain records may be retained as required by law or for legitimate business purposes (e.g., transaction records, audit logs)

Secure Destruction

When personal information is no longer required, we destroy or de-identify it in a secure manner to prevent unauthorised access or use.

13. Your Privacy Rights

Under the Privacy Act and the APPs, you have the following rights regarding your personal information:

  • Right to Access: You may request access to the personal information we hold about you. We will provide you with a copy of your information in a commonly used format.
  • Right to Correction: You may request correction of any inaccurate, incomplete, or out-of-date personal information we hold about you.
  • Right to Erasure: You may request deletion of your personal information, subject to certain exceptions under law (e.g., records we are required to retain).
  • Right to Data Portability: You may request a copy of your personal information in a structured, machine-readable format (JSON or CSV).
  • Right to Object: You may object to certain processing of your personal information, including direct marketing.
  • Right to Restrict Processing: You may request that we limit how we use your personal information in certain circumstances.
  • Right to Withdraw Consent: Where we rely on your consent to process personal information, you may withdraw that consent at any time.

You can exercise many of these rights directly through your account settings here, or by contacting us using the details provided in the Contact Information section below.

14. Accessing and Correcting Your Information

Self-Service Access

You can access and update most of your personal information directly through your account settings. You can also export your data in JSON or CSV format at any time from your profile page.

Requesting Access

To request access to personal information that is not available through your account settings, please contact us using the details in the Contact Information section. We will respond to your request within a reasonable period (generally within 30 days) and provide the information in a form that is generally understandable.

Fees

We will not charge you for making a request to access or correct your personal information. However, we may charge a reasonable fee if your request is complex, repetitive, or requires significant resources to fulfil. We will advise you of any applicable fee before processing your request.

Refusing Access

In some limited circumstances, we may refuse your request to access or correct personal information. If we do so, we will provide you with written reasons for the refusal (unless unreasonable to do so) and information about the complaint mechanisms available to you.

15. Marketing Communications

We will only send you direct marketing communications if you have consented to receive them. Marketing communications may include:

  • Email newsletters about our Services and updates
  • Information about new features or improvements
  • Special offers or promotions

Opting Out

You can opt out of receiving marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your communication preferences in your account settings
  • Contacting us using the details in the Contact Information section

Even if you opt out of marketing communications, we will still send you essential service-related notifications about your account, security alerts, and important policy updates.

16. Anonymity and Pseudonymity

Where practicable, we will give you the option of not identifying yourself or using a pseudonym when dealing with us. However, in most cases, we will need to collect personal information (including your name and email address) to provide our Services.

You can browse certain areas of our website without creating an account, but you will need to provide personal information to:

  • Create an account and access our Services
  • Manage digital footprints and life event journeys
  • Connect third-party accounts (Google, Spotify, PayPal)
  • Receive customer support

17. Age Restriction

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately using the details in the Contact Information section. We will take steps to delete such information from our systems as soon as possible.

By using our Services, you represent and warrant that you are at least 18 years of age.

18. Complaints Process

If you believe that we have breached the APPs or your privacy rights, you may lodge a complaint with us.

How to Lodge a Complaint

Please submit your complaint in writing to our Privacy Officer using the contact details provided in the Contact Information section below. Your complaint should include:

  • Your contact details
  • A description of the conduct you believe breaches the APPs or your privacy
  • Any relevant details or evidence

Our Response

We will:

  • Acknowledge receipt of your complaint within 7 days
  • Investigate your complaint and provide a response within 30 days
  • If we need more time, we will inform you and provide an expected resolution timeframe
  • Provide you with our decision and reasons in writing

External Complaints

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

Mail: GPO Box 5218, Sydney NSW 2001

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make changes:

  • We will update the "Last Updated" date at the top of this Privacy Policy
  • For material changes, we will notify you by email or through a prominent notice in our Services
  • The updated Privacy Policy will be posted on this page

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

20. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer:

In the Event Of Pty Ltd

Privacy Officer: Hamish Felton

Email: hello@intheeventof.co

Website: https://intheeventof.co

Postal Address: 3853 G, 470 St Kilda Rd, Melbourne VIC 3004, Australia

ABN: 38687352647

We aim to respond to all enquiries within 5 business days.

Manage Your Privacy Settings

Related Pages

Terms of ServiceSecurity OverviewFrequently Asked Questions