1.Who are we?
MassEvent is an event social network that acts as a platform
connecting users wishing to discover and participate in events and
organizations creating these events, wishing to gain visibility and
reach as many people as possible, benefit from event management
assistance, feedback collection and statistics analysis. This platform
is developed by Sheron Millien (EURL -
Self-employed).
Contact:
- Email: contact@massevent.fr
2.Data we collect
2.1.Account and profile data
-
Identity: name, username, email, phone number
-
Profile: profile picture, description, gender, date
of birth, thematic preferences and event categories
-
Location: complete address (street, city, postal
code, country), GPS coordinates (latitude/longitude)
-
Authentication: hashed password, email/phone
verification tokens
-
Preferences: preferred event themes and categories
2.2.Activity data
-
Events: creations, participations, likes, comments,
views, shares, bookmarks
-
Content: messages, posts, photos, feedback,
comments
-
Social interactions: friends, organization follows,
friend requests
-
Searches: event, organization, user search history
2.3.Technical data
-
Logs: IP address, User-Agent, timestamps, actions
performed
- Device: mobile device information
-
Location: GPS coordinates (with explicit prior
consent)
2.4.Payment data
-
Stripe: connected account identifiers,
transactions, receipts
-
⚠️ Important: No credit card data is stored on our
servers. Payment processing is handled by Stripe, a PCI-DSS
certified service.
3.Why do we collect this data?
| Purpose |
Data concerned |
Legal basis |
| Account management |
Identity, profile, authentication |
Contract execution |
| Main service |
Events, participations, interactions |
Contract execution |
| Location |
GPS coordinates, address |
Consent |
| Payments |
Stripe data, transactions |
Contract execution |
| Security |
Logs, IP, User-Agent |
Legitimate interest |
| Customer support |
Messages, history |
Contract execution |
| Analytics |
Anonymized usage data |
Legitimate interest |
4.Legal basis
-
Contract execution: Data necessary for platform
operation
-
Consent: GPS location, push notifications,
non-essential cookies
-
Legitimate interest: Security, fraud prevention,
service improvement
-
Legal obligation: Billing data retention (10 years)
5.Retention periods
| Data type |
Duration |
Justification |
| Active account |
3 years after last connection |
Legitimate interest |
| Billing data |
10 years |
Legal obligation |
| Security logs |
12 months |
Legitimate interest |
| Location data |
6 months |
Consent |
| Photos and media |
Until account deletion |
Contract execution |
6.Subcontractors and transfers
6.1.Identified subcontractors
| Subcontractor |
Service |
Data processed |
Country |
Guarantees |
| AWS |
Hosting, storage, database |
All data |
🇫🇷 France |
Standard contractual clauses |
| Stripe |
Payments |
Transaction data |
🇺🇸 United States |
Standard contractual clauses |
| Google |
Maps, geolocation |
GPS coordinates |
🇺🇸 United States |
Standard contractual clauses |
6.2.Additional services
-
Analytics/Crash reporting: No third-party service
currently used
-
Push notifications: Internal system, no third-party
service
- Email/SMS: Twilio for email and SMS sending
7.Cookies and similar technologies
7.1.Mobile application
-
Local storage: Authentication tokens, user
preferences
- Web cookies: Session, preferences
7.2.Categories
-
Essential: Authentication, security (no consent
required)
-
Functional: Preferences, location (consent
required)
-
Analytics: Anonymized audience measurement (consent
required)
8.Your rights
In accordance with GDPR, you have the following rights:
| Right |
Description |
Procedure |
| Access |
Know the data concerning you |
Email to contact@massevent.fr |
| Rectification |
Correct inaccurate data |
Via application |
| Erasure |
Delete your data |
Via application |
| Limitation |
Restrict processing |
Email to contact@massevent.fr |
| Portability |
Retrieve your data |
Email to contact@massevent.fr |
| Opposition |
Object to processing |
Email to contact@massevent.fr |
| Consent withdrawal |
For location, notifications |
Via application |
8.1.Exercise procedure
- Via application: Settings > Privacy
-
By email: contact@massevent.fr with ID document
- Response time: Maximum 1 month
- Complaint: CNIL (cnil.fr)
9.Security
9.1.Technical measures
- Encryption: HTTPS/TLS 1.3, data in transit
-
Authentication: JWT with expiration, hashed
passwords
-
Access control: Rate limiting, CORS, Helmet.js
- Storage: Encrypted database
9.2.Organizational measures
- Access: Principle of least privilege
- Training: Team trained on GDPR
- Audit: Regular access reviews
10.Beta version specifics
10.1.Data collection
-
Payment: Payments are simulated for the beta
version.
-
Feedback: Voluntary collection to improve service
-
Metrics: Anonymized usage data to optimize
performance
- Stability: Error logs to fix bugs
10.2.Limitations
-
Availability: Service may be temporarily
unavailable
- Features: Some features may be experimental
-
Data: Possibility of data loss in case of major bug
11.Minor protection
11.1.Minimum age
- Users: 16 years minimum
- Organizations: 16 years minimum
11.2.Procedures
- Reporting: By email to contact@massevent.fr
-
Deletion: Immediate deletion of reported minor
accounts
- Verification: Age checks during registration
12.1.Data Protection Officer
(DPO)
- Email: sheron.millien@massevent.fr
12.2.Support
- General email: contact@massevent.fr
- Privacy email: contact@massevent.fr
13.Updates
13.1.Modification notification
-
Application: In-app notification for important
updates
- Email: Email notification for major changes
- Website: Publication on massevent.fr/legal
13.2.Current version
- Last update: January 27, 2025
- Version: 1.0