Privacy Policy

Overview

This Visitor Experience app supports attendees of the TUM Blockchain Conference 2025. We keep data collection minimal and use it only to authenticate you, remember your bookmarked sessions, and generate a personal calendar feed.

Data we collect

  • Email address: collected when you sign in using a magic link (Auth.js Email Provider via Gmail).
  • Bookmarked event IDs: the sessions you choose on the dashboard so we can save and generate your calendar feed.
  • Usage analytics: non-identifying metrics (e.g., page views) and client-side error events to improve reliability, via Google Analytics 4 when enabled.

How we use your data

  • Authentication: we use your email to send a one-time sign-in link and to maintain your session.
  • Personal calendar: we store your bookmarked event IDs and assign a private, non-guessable calendar ID to serve your ICS feed.
  • Product reliability: we record aggregated usage and exception events to detect issues. We do not log tokens.
Your ICS feed URL embeds a random identifier. Treat it like a secret; anyone with the URL can access your event list.

Cookies

We use an httpOnly session cookie managed by Auth.js to keep you signed in. In production, it is set with secure attributes. If Google Analytics is enabled, it may set additional cookies for measurement.

Data retention

  • Email and bookmarked events: we delete your email and your bookmarked event selections (including your calendar ID mapping) after the conference concludes, no later than 30 days post-event.
  • Analytics: retained by Google Analytics according to your browser settings and Google’s policies; we only use aggregated, non-identifying data.

Data sharing

  • Service providers: we use Firebase (Google) to store sessions/selections and Gmail (via Nodemailer) to send sign-in links.
  • Analytics: GA4 is used for aggregated usage metrics and error tracking when enabled.
  • Sales: we do not sell your personal data.

Security

  • Authentication via magic links; sessions stored in httpOnly cookies.
  • Server-side verification and access control; non-guessable calendar IDs for feeds.
  • Minimal logging; never logging tokens. Secrets are loaded from environment variables.

Your rights

You can request access to or deletion of your data at any time. For feed privacy, you may also stop sharing your ICS URL or request deletion early.

Contact

For privacy inquiries, please contact the conference organizers via the contact information published on the conference website.

Return to Home