1. WHO WE ARE

AFL Solutions SRL ("we", "us", "our"), with registered office at Via Angelo Bargoni 78F, Rome (RM), 00153, Italy, operates Earendel Platform — a comprehensive event and conference management SaaS.

Data Protection Lead: While we are committed to protecting your privacy and complying with all relevant regulations, AFL Solutions SRL is not required to appoint a Data Protection Officer (DPO) under the GDPR, because our core activities do not involve large-scale monitoring or processing of sensitive personal data.

For any questions or requests regarding your data, please contact AFL Solutions SRL at aflsolutions@legalmail.it.

2. WHAT INFORMATION WE COLLECT

Account Information:
  • Title, Name, Email, (optional: Institution, country, ORCID)
  • Account settings
  • Passwords (bcrypt+salt)
Event Data (Organizers/Attendees):
  • Profile info provided in registration forms
  • Abstracts, papers, submissions, schedule entries
  • Communication and support requests
Payment Data:
  • Note: We do not process or store payment cardholder data. Payment is handled exclusively by Stripe; see Stripe Privacy Policy.
Usage Data:
  • Log data (IP address, browser type, OS, device, access times, URLs visited)
  • Actions in the app (e.g., creation of events, updates)
  • Diagnostic and analytics data via AWS and Grafana Cloud
Cookies & Tracking:
  • Session cookies (login/auth purposes)
  • Analytics cookies (aggregate usage only; no profiling)

3. HOW WE USE YOUR INFORMATION

  • Provide, maintain, and improve the Platform
  • Authenticate users and secure access to your data and dashboard
  • Facilitate event creation, management, and ticketing
  • Communicate with you about account, updates, or support
  • Monitor and analyse usage/troubleshoot issues (using AWS, Grafana Cloud)
  • Comply with legal obligations (e.g., tax, security response)

4. LEGAL BASIS FOR PROCESSING

We process data only when:

  • Needed to perform our contract (provision of SaaS service)
  • Based on consent (where required, e.g., marketing)
  • Needed to comply with legal obligations (accounting, tax, security)
  • Our legitimate interests (security, app improvement), where such interests do not override your privacy

5. HOW WE STORE AND SECURE DATA

  • All infrastructure resides in the EU (Ireland, eu-west-1 AWS region)
  • All communication is encrypted via HTTPS
  • Data is stored in AWS RDS (private VPC, non-public, encrypted at rest)
  • Files are stored in private S3 buckets
  • User passwords are bcrypt-hashed and salted
  • Application and infrastructure logs are centralized in Grafana Cloud (EU region)
  • Access to user data is tightly restricted; only authorized personnel with necessity and least privilege may access production systems (with full audit trails)
  • All secrets are managed and encrypted in AWS Secrets Manager

6. DATA RETENTION POLICY

  • Account and event data are retained as long as your account is active or as needed for service/legal reasons
  • Upon account deletion, data is erased from production databases within 30 days, except where legal/regulatory retention or dispute resolution requirements apply
  • Log data may be retained for security and audit for up to 90 days

7. SHARING AND DISCLOSURE

We do not sell or rent personal data.

Data may be shared only with:

  • Service providers (e.g., AWS, Stripe, Grafana Cloud) solely for delivery and operation of the Platform
  • Legal authorities if required for compliance, law enforcement, or for rights/safety protection

All providers are vetted for security and data protection and bound by contractual obligations to safeguard data.

No data is transferred outside the EU other than to providers with adequate protections (e.g., Standard Contractual Clauses, where applicable). [AWS and Grafana Cloud endpoints are configured to stay within the EU.]

8. YOUR RIGHTS (EU/UK GDPR)

You have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion ("right to be forgotten")
  • Object to or restrict processing
  • Data portability (receive your data in a commonly used format)
  • Withdraw consent (where we rely on consent).

To exercise any of these rights, please contact AFL Solutions SRL at aflsolutions@legalmail.it.

9. COOKIES

We use cookies for authentication and aggregate analytics. Where legally required (e.g., for analytics cookies), we will obtain your consent via our website banner.

10. CHILDREN

Earendel Platform is not intended for children under 16. We do not knowingly collect personal data from children under this age.

11. DATA BREACH NOTIFICATION

In the unlikely event of a data breach, we will notify all affected users and relevant authorities as required under GDPR and applicable laws.

12. CHANGES TO THIS POLICY

We reserve the right to update this Policy periodically. In the event of significant changes, we will notify our users through email or a notice on the Platform.

13. CONTACT

Questions, requests, or concerns regarding data privacy should be directed to: AFL Solutions SRL at aflsolutions@legalmail.it

AFL Solutions SRL
Via Angelo Bargoni 78F, Rome (RM), zip code 00153, Italy
VAT: 16273151007

List of Sub-Processors

  • Amazon Web Services (AWS), EU (Ireland)
  • Stripe (payments, see Stripe Privacy Policy)
  • Grafana Labs (cloud logs/monitoring, EU Cloud region)
  • [Add any newsletter/email delivery platform if used]