Effective: November 2025

Privacy Policy

1. Scope and Roles

This Privacy Policy applies to the Summit Portal platform (the "Portal") operated by In Parallel Oy ("we", "us", "our"), including all event portals, attendee features, and related services.

For personal data collected directly through the Portal (e.g. sign-in, browsing), In Parallel Oy is the controller. For data processed on behalf of event organisers ("Customer Content"), the organiser is the controller and In Parallel is the processor. A Data Processing Addendum ("DPA") forms part of each organiser contract.

2. The Data We Process

Depending on how you interact with the Portal, we may process:

  • Account & access data: name, email address, magic-link tokens, session identifiers
  • Event participation data: events you are registered for, session bookmarks, interest tags
  • Profile information you provide: LinkedIn URL or pasted LinkedIn profile text (used solely to extract professional interests for personalisation)
  • AI interactions: prompts and responses from the "Ask AI" chat, generated reports
  • Customer Content: session notes, transcripts, insights, action items, and speaker information provided by event organisers
  • Usage & telemetry: pages visited, features used, device type, browser, IP address, session IDs
  • Communication: messages sent via support or feedback channels

3. Purposes and Legal Bases

PurposeLegal basis (GDPR)
Providing portal access and event featuresPerformance of contract — Art. 6(1)(b)
Personalising content (interests, "For You" recommendations)Legitimate interest — Art. 6(1)(f)
AI-powered chat, reports, and insight generationLegitimate interest — Art. 6(1)(f)
Improving and developing the platformLegitimate interest — Art. 6(1)(f)
Analytics and optional cookiesConsent — Art. 6(1)(a)
Complying with legal obligationsLegal obligation — Art. 6(1)(c)
Protecting rights and preventing fraudLegitimate interest — Art. 6(1)(f)

4. Automated Decision-Making

We do not make decisions with legal or similarly significant effects solely based on automated processing. AI features (chat, recommendations) are provided as informational tools only.

5. LinkedIn Data

If you choose to provide your LinkedIn URL or paste your LinkedIn profile text, this data is processed solely to extract professional interests for the "For You" personalisation feature. We do not store the raw LinkedIn text after interests have been extracted, and we do not scrape or access LinkedIn on your behalf.

6. AI-Generated Content

The Portal uses AI to generate chat responses, session summaries, and personalised recommendations based on event content (session notes, insights, speaker information). AI-generated content is informational and may not be fully accurate. Prompts and responses are processed in real time and are not used to train AI models.

7. Third-Party Processors

We use trusted subprocessors to operate the Portal under written contracts meeting GDPR Article 28, including:

  • Cloudflare: hosting (Pages), edge compute (Workers), database (D1), object storage (R2)
  • Anthropic: AI language model for chat and content generation

An up-to-date subprocessor list is available upon request. Material subprocessor changes will be communicated to customers in advance.

8. International Data Transfers

Some subprocessors are based outside the EEA. For each transfer, we rely on one or more of: EU adequacy decisions, Standard Contractual Clauses, or the EU-U.S. Data Privacy Framework.

Customer Content is stored in the EU by default; alternative residency options may be available by agreement.

9. Security

Technical and organisational measures include: encryption at rest and in transit (TLS 1.2+), access controls, least-privilege principles, audit logging, and vulnerability management.

Authentication uses magic-link tokens sent via email — no passwords are stored.

10. Retention

Personal data is retained only as long as needed for its purpose or as required by law.

  • Account data: retained while your account is active or until you request deletion
  • Event participation data: retained for 12 months after the event, then deleted or anonymised
  • AI interactions: processed in real time and not permanently stored
  • Interest preferences: retained until you clear them or request deletion

When data is no longer needed, it is securely deleted or anonymised.

11. Your Rights (EEA/UK)

Under GDPR, you have the right to:

  • Access: obtain a copy of your data
  • Rectification: correct inaccurate data
  • Erasure: request deletion ("right to be forgotten")
  • Restriction: limit processing in certain cases
  • Portability: receive your data in a structured, machine-readable format
  • Object: object to processing based on legitimate interest
  • Withdraw consent: at any time for consent-based processing
  • Lodge a complaint: with your local supervisory authority

To exercise any right, contact us at info@in-parallel.com. We will respond within 30 days.

12. Data Protection Officer

Kristian Luoma — info@in-parallel.com

13. Contact

In Parallel Oy
Salomoninkatu 17 B 4
00100 Helsinki, Finland
info@in-parallel.com

14. Changes

We may update this policy from time to time. Material changes will be communicated via email or in-product notice. The "Effective" date at the top shows the latest version.