Privacy Policy

How we collect, use, and protect your data

Last updated: July 2026

1. Who we are

Canapii Ltd is an event management technology company registered in England and Wales (company number 13234100). Our registered address is Reading, United Kingdom. We provide a platform that enables event organisers to manage registration, check-in, badge printing, virtual and hybrid event delivery, and attendee engagement.

Canapii Ltd is the data controller for the personal data collected through our website (canapii.com) and marketing activities. When we process data on behalf of event organisers using our platform, we act as a data processor under a Data Processing Agreement.

2. What data we collect

We collect the following categories of personal data:

  • Identity data: name, job title, company name
  • Contact data: email address, phone number, postal address
  • Account data: login credentials, account preferences, role permissions
  • Event data: registration details, attendance records, session preferences, badge information
  • Technical data: IP address, browser type, device information, time zone, access logs
  • Location data: approximate location derived from your IP address, and — in our mobile apps only, and only where you grant permission — precise and approximate device location, including in the background. See section 3 for full details.
  • Usage data: pages visited, features used, interaction patterns within the platform
  • Communication data: correspondence with our team, support tickets, feedback

3. Location data and mobile app permissions

This section applies to the Canapii mobile app and to the event apps we publish on behalf of event organisers. Location access is always optional. The app asks for your permission before it accesses any location data, and every other feature continues to work if you decline.

Where you grant permission, we access location data as follows:

  • Precise and approximate location (while using the app): to detect when you arrive at or leave an event venue, room, or exhibition zone that the organiser has defined, so the app can deliver the notification and content the organiser has set up for that zone.
  • Background location: if you choose to allow location access all of the time, the app continues to monitor those event zones while it is closed or not in use, so that arrival and departure notifications still reach you during the event. You can decline background access and still use the app.
  • Photo metadata: photos you take or select through the app may contain the location where they were captured. This is embedded by your device, not collected separately by us.
  • Approximate location from IP address: used for security, fraud prevention, and to set your time zone. This applies to our website and platform as well as our apps.

Your device evaluates event zones locally. When you enter or leave a zone, we record that event — the zone, whether you entered or left, its coordinates, and a timestamp — and send it to the event organiser who defined it. We do not track or store a continuous history of your movements.

We do not sell your location data, and we do not share it with third parties for advertising, profiling, or any purpose unrelated to running the event you are attending. Location events are retained under the same rules as other event data, set out in section 8.

You can withdraw location permission at any time in your device settings — on Android under Settings → Apps → Permissions → Location, and on iOS under Settings → Privacy & Security → Location Services. Withdrawing permission stops location-based notifications and does not affect any other part of the app.

4. How we use your data

We use your personal data to deliver and improve our services, including:

  • Providing and managing your account and access to the platform
  • Processing event registrations and delivering event experiences
  • Generating badges and managing on-site check-in
  • Delivering location-based event notifications where you have granted location permission
  • Sending service communications, including event confirmations and platform updates
  • Improving our platform through analytics and usage patterns
  • Responding to enquiries and providing customer support
  • Complying with legal obligations and protecting our legitimate interests

We will only send marketing communications where you have given explicit consent or where we have a legitimate interest to do so, and you can opt out at any time.

6. Data sharing

We do not sell your personal data. We share data only with:

  • Event organisers: when you register for an event, your registration data is shared with the organiser who manages that event
  • Service providers: trusted third-party processors who help us deliver services (hosting, email delivery, payment processing), all bound by data processing agreements
  • Legal requirements: where required by law, court order, or regulatory authority

All third-party processors are vetted for compliance and operate under contracts that require them to protect your data to the same standard we do.

7. International transfers

Our platform infrastructure is hosted on Amazon Web Services (AWS). Where data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office and the European Commission.

8. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Account data is retained for the duration of your relationship with us plus a reasonable wind-down period. Event data is retained according to the organiser's data retention policy, typically no longer than 24 months after the event. Technical and usage data is retained for up to 12 months for analytics and security purposes.

When data is no longer required, it is securely deleted or anonymised.

9. Your rights

Under the UK GDPR, you have the following rights:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate or incomplete data
  • Erasure: request deletion of your data where there is no compelling reason to continue processing
  • Restriction: request that we limit how we use your data
  • Portability: request your data in a structured, machine-readable format
  • Objection: object to processing based on legitimate interests or direct marketing
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us atinfo@canapii.com. We aim to respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

10. Cookies

Our website uses cookies and similar technologies to improve your browsing experience, analyse site traffic, and understand usage patterns. We use essential cookies required for the site to function, and optional analytics cookies that are only set with your consent via our cookie banner.

You can manage your cookie preferences at any time through your browser settings or our cookie consent tool.

11. Contact us

If you have questions about this privacy policy or how we handle your data, please contact us:

Canapii Ltd
Reading, United Kingdom
Email:info@canapii.com
Phone: +44 118 228 1385

Canapii Ltd is ISO 27001 certified, demonstrating our commitment to information security management best practices. Our certification covers the processes, systems, and controls used to deliver our event management platform.