Privacy Policy

Attend-Go operates the websites and hosted services reachable at attend-go.com. For privacy questions about this Policy, email hi@mail.attend-go.com.

• Account & profile. When you register or sign in, we process identifiers and profile details needed to authenticate you and personalize your workspace (including name and email via our authentication provider and application database).
• Organization & team data. We store organization names, memberships, invitations, roles, workflows, integrations, billing references, and audit-style metadata tied to legitimate workspace administration.
• Attendance & attendee records. To run sessions, organizations may submit names, contact details (including phone or email where provided), attendee identifiers or external IDs, timestamps, attendance results, analytics summaries, uploaded photos or thumbnails, OCR-extracted fields you choose to capture, optional voice transcripts if you enable related features, and (where your organization enables face-assisted flows) biometrically derived face embeddings or similarity scores used to match individuals you have enrolled.
• Technical & security. We process IP addresses, device/browser details, timestamps, cookies or similar identifiers required for authentication, abuse prevention, and service reliability logs.
• Support & communications. When you email us or submit enterprise forms, we process the contents of those messages and related metadata to respond.

We use personal information to:

• Provide, secure, troubleshoot, and improve the platform;
• Create and manage workspaces, memberships, workflows, integrations, attendance sessions, analytics, exports you request,
• Maintain lawful security monitoring, fraud prevention, and capacity planning;
• Communicate transactional notices (for example invitations, resets, receipts) plus optional marketing when permitted;
• Fulfill contractual obligations such as invoicing.

Where biometric or inference technologies are employed, organizations are responsible for providing any required notices and acquiring any required consents for their learners, registrants, or employees under applicable law; we merely provide software they configure.

If GDPR or UK GDPR applies, we rely on a combination of contract, legitimate interests (for example detecting abuse, optimizing reliability, invoicing where applicable), and legal obligation, and where strictly necessary we rely on consent (for optional marketing analytics or discretionary processing you explicitly approve). When we process biometric categories on behalf of an organization that enables those features, the organization remains an independent controller for many obligations towards its individuals; please contact them first.

• Processors. We use vetted subprocessors—for example authentication/database hosting (Supabase), cloud infrastructure (often Vercel or similar hosts you deploy to), observability/logging, Stripe for payments if enabled, messaging providers configured in workflows, AI or speech providers invoked by features you activate, and OCR/vision libraries running on our backend when you invoke those endpoints.
• Instructions from your organization.Workspace admins can export data or connect integrations you approve; disclosures through those integrations are governed by integration settings plus the third party's policy.
• Compliance & safety. We may disclose limited information where required by law or to protect rights and security.
• Business transfers. If ownership changes, personal information may transfer subject to this Policy or materially similar protections communicated to users.

We apply industry-standard safeguards (encryption in transit, least-privilege access patterns, audited database policies like Row-Level Security templates, segmented environments, credential rotation disciplines). No method of transmission over the Internet is perfectly secure—please safeguard API keys inside your CI/CD and restrict organization roles thoughtfully.

Account data persists while active and briefly afterward for restoration or compliance. Logs with IP data are truncated on rolling schedules tuned for operations. Organizations may delete attendee records consistent with product capabilities; biometric embeddings persist only while an attendee profile referencing them persists unless you delete that profile. Stripe billing artifacts follow Stripe's timelines.

Our infrastructure vendors may store or process personal information globally. Where required we implement transfer mechanisms approved by regulators (standard contractual clauses etc.).

Depending on jurisdiction you may ask to access, rectify, erase, restrict, export, object to processing, manage marketing preferences, lodge a complaint with a supervisory authority, or appeal automated decisions tied to statutory rights. Email hi@mail.attend-go.com with describing your residency and request; we reply within timelines applicable law describes. Californians can ask for categories/sources of disclosure and opt-out of certain sales/sharing where those concepts legally apply (we don't sell personal information for monetary consideration in the classical sense—integration data flows operate per your configurations).

Authentication cookies/session storage keep you signed in. We may introduce analytics pixels later; where we do, we'll summarize them here and expose controls when legally required.

The workspace product is marketed to organizations—not children under COPPA thresholds. Organizations must not enroll individuals without lawful authority over their attendance data.

Some features automate recognition or OCR. Organizations should disclose what model of matching they perform, retention, fallback manual processes, human review avenues, confidence thresholds they accept, opt-out avenues, and regulatory filings they require locally. Individuals should contact their school or HR team first—we process on those entities' instructions whenever they upload profiles.

Material changes trigger an updated Effective date atop this Policy and optionally email notice. Continuing to use the services after Effective date communicates acceptance absent applicable legal objection rights.

Refer also to Terms & Conditions for contractual restrictions, disclaimers, and acceptable use commitments.