EventLens by Expoconnect
Kembali

Privacy Policy

Last updated April 07, 2026

This Privacy Notice for EventLens ("we," "us," or "our"), an AI-powered face recognition photo platform operated by ExpoConnect, describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

  • Visit our website at https://eventlens.expoconnect.id/ or any website of ours that links to this Privacy Notice
  • Use EventLens to find and download photos of yourself from events you have attended, captured by event organizers
  • Engage with us in other related ways, including any marketing or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

Summary of Key Points

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. This includes the selfie you upload to find your photos and biometric face features extracted from it.

Do we process any sensitive personal information? EventLens processes biometric data (facial features) extracted from your selfie strictly to match you to photos at events you have attended. We do not process other categories of sensitive personal information such as racial or ethnic origins, sexual orientation, religious beliefs, or health information.

Do we collect information from third parties? We do not collect personal information from third-party sources for marketing purposes. We work with payment processors and cloud infrastructure providers strictly as data sub-processors.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We process your information only when we have a valid legal reason to do so.

In what situations and with which parties do we share personal information? We share information with the event organizer hosting the event you attend (so they can confirm your attendance and downloads) and with infrastructure sub-processors (our cloud infrastructure provider and Xendit, our payment processor).

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us at [email protected]. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the Privacy Notice in full below.

1. What Information Do We Collect?

Personal information you disclose to us

In short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

  • names
  • email addresses
  • passwords (stored hashed; we never see your plaintext password)
  • selfie photographs (used to find your matched event photos)
  • biometric data extracted from selfies (facial features encoded as a mathematical representation by our Face Recognition System)

Sensitive Information. Aside from the biometric face data described below, we do not process other categories of sensitive personal information.

Biometric and Selfie Data

In short: We process your selfie and the biometric data extracted from it solely to match you to photos at events you have attended.

When you upload a selfie, our service extracts facial-feature data using our Face Recognition System. This biometric data is stored only within an event-scoped face collection and is automatically deleted 30 days after the event ends. Your selfie image is stored in encrypted cloud storage in the Singapore region and is deleted on the same 30-day schedule.

We do not sell, rent, lease, or otherwise share biometric data with third parties for any commercial or marketing purpose. We do not use your biometric data to identify you outside of the EventLens face-matching feature. Cloud infrastructure providers process this data on our behalf as sub-processors under standard data-processing terms.

You may request deletion of your selfie and biometric data at any time by contacting us at the email address listed in Section 10.

Payment Data

We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by Xendit. You may find their privacy notice at https://www.xendit.co/en-id/privacy-policy/. EventLens never receives or stores your full payment instrument details.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In short: Some information, such as your Internet Protocol (IP) address and browser or device characteristics, is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

The information we collect includes:

  • Log and Usage Data. Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, settings, and information about your activity in the Services (date/time stamps, pages and files viewed, searches, and other actions you take such as which features you use), and device event information (system activity, error reports, and hardware settings).

2. How Do We Process Your Information?

In short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts.
  • To match attendees to event photos using face recognition technology and deliver matched photos to the rightful attendee.
  • To process payments for premium downloads and to issue invoices and refunds.
  • To send transactional service messages (e.g., payment receipts, account security alerts).
  • To evaluate and improve our Services, products, and your experience.
  • To identify usage trends and detect, prevent, and respond to fraud or abuse.
  • To comply with applicable law and respond to lawful requests.

3. When and With Whom Do We Share Your Personal Information?

In short: We share information in the specific situations described below and only with the parties listed.

We may need to share your personal information in the following situations:

  • Event Organizers. The event organizer hosting an event you attend can see that you searched their event, the number of photos matched to you, and (for paid events) the number of photos you have downloaded. Event organizers do not receive your selfie or biometric data.
  • Sub-processors. We share information with infrastructure sub-processors strictly as required to operate the Services, including our cloud infrastructure provider (which provides compute, storage, authentication, and face recognition) and Xendit (which processes payments). Each of these processes data on our behalf under standard data-processing terms.
  • Legal Obligations. We may disclose your information where required to do so by law or in response to valid requests by public authorities.

We do not sell your personal information.

4. What Is Our Stance on Third-Party Websites?

In short: We are not responsible for the safety of information you share with third parties that we link to or who may advertise on our Services.

The Services may link to third-party websites, online services, or mobile applications and/or contain content from third parties that are not affiliated with us. Accordingly, we do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party websites, services, or applications.

The inclusion of a link towards a third-party website, service, or application does not imply an endorsement by us. We cannot guarantee the safety and privacy of data you provide to any third-party websites. Any data collected by third parties is not covered by this Privacy Notice. You should review the policies of such third parties and contact them directly to respond to your questions.

5. How Long Do We Keep Your Information?

In short: Most event-related data, including selfies, biometric face data, and matched photos, is automatically deleted 30 days after the event ends.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. In particular:

  • Selfies, biometric face data, matched-photo records, and event photos are automatically deleted 30 days after the end of each event.
  • Account information (name, email) is retained for as long as your EventLens account is active. Upon account termination, we will delete or anonymize this information within three (3) months unless retention is required by law.
  • Payment and invoice records are retained as required by Indonesian tax and accounting law.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

6. Do We Collect Information From Minors?

In short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

If you become aware of any data we may have collected from children under age 18, please contact us at [email protected].

7. What Are Your Privacy Rights?

In short: You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us using the contact details provided in Section 10.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: EventLens currently does not send promotional emails. If we introduce marketing communications in the future, you will be able to unsubscribe from them at any time using an unsubscribe link in the emails or by contacting us using the details provided in Section 10. We will still communicate with you for service-related messages (payment receipts, account security alerts, and similar).

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

  • Contact us using the contact information provided in Section 10.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

If you have questions or comments about your privacy rights, you may email us at [email protected].

8. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized.

As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

9. Do We Make Updates to This Notice?

In short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

10. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may email us at [email protected] or contact us by post at:

ExpoConnect
Wisma Keiai, Jl. Jenderal Sudirman No.3
Jakarta, DKI Jakarta 10220
Indonesia

11. How Can You Review, Update, or Delete the Data We Collect From You?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information.

You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please contact us at [email protected].