ConBuddy.
Sign in

// Legal

Privacy Policy

Last updated: April 2026

ConBuddy is a social tool for tech conference attendees. This policy explains what data we collect, why we collect it, and what we do (and don’t do) with it. Plain English, no legal fog.

What we collect

When you create an account and use ConBuddy, we collect:

  • Account data — your email address and password (hashed, never stored in plain text).
  • Profile data — name, handle, job title, city, vibe, bio, avatar photo, and any social links you choose to add.
  • Content — posts, replies, reactions, and direct messages you send.
  • Usage data — which events you attend, bookmarks, friend connections, and notification preferences.

We do not collect precise location data, device fingerprints, or track you across other websites.

How we use it

Your data is used to:

  • Operate and display your profile and badge.
  • Deliver posts, replies, and direct messages to the right people.
  • Send you in-app notifications you’ve opted into.
  • Moderate content and enforce community guidelines.

We do not sell your data. We do not use it for advertising. We do not share it with third parties except the infrastructure providers listed below.

Infrastructure & third parties

ConBuddy runs on:

  • Supabase — database and file storage (your avatar lives here).
  • Vercel — hosting and edge functions.
  • Resend — transactional email (sign-up confirmation, password reset).

Each of these providers processes your data only to deliver the service. They operate under their own privacy policies and data processing agreements.

Your rights

You can, at any time:

  • Edit or delete your profile data from Settings.
  • Delete your account — reach out and we will erase your data within 30 days.
  • Export your data — contact us and we’ll prepare a copy.
  • Opt out of non-essential notifications in Settings ’ Notifications.

If you are in the EU/EEA, you have additional rights under GDPR including the right to object to processing and to lodge a complaint with a supervisory authority.

Data retention

We keep your data for as long as your account is active. Deleted posts and replies are removed within 7 days. Direct messages are retained until both parties delete their accounts. When you delete your account, we erase your personal data within 30 days. Aggregated, anonymised analytics (e.g. post counts) may be retained indefinitely.

Security

Passwords are hashed with bcrypt. All data is transmitted over TLS. Access to production data is restricted to authorised personnel. We follow responsible disclosure — if you find a vulnerability, email us before going public.

Children

ConBuddy is not directed at children under 16. If you believe a child has created an account, contact us and we will delete it promptly.

Contact

Questions or requests: reach out via the report flow inside the app, or email. We aim to respond within 48 hours.