Privacy Policy

1. Introduction

Palconf Inc. ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered conference networking platform ("Service").

2. Information We Collect

2.1 Information You Provide

• Account information: Email address used for registration and authentication
• Profile data: Professional goals, industry preferences, company information, and networking objectives you share through the chat interface
• Chat messages: Conversations with our AI assistant used to build your professional profile
• Event preferences: Events you select and your stated goals for attending

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, briefing reports generated, and interaction patterns
• Device information: Browser type, operating system, and device identifiers
• Log data: IP address, access times, and referring URLs

2.3 Information from Third Parties

We aggregate publicly available information about event exhibitors, attendees, and companies from event websites, public directories, and other open sources to power our matching and recommendation features.

3. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service, including generating match scores and briefing reports
• Build and refine your professional profile through AI-powered analysis of your stated goals and preferences
• Match you with relevant exhibitors, attendees, and networking opportunities
• Send you briefing reports and notifications related to your selected events
• Authenticate your identity and maintain account security
• Improve and optimize the Service, including our matching algorithms and AI models
• Respond to your requests and provide customer support
• Comply with legal obligations

4. AI Processing

Our Service uses artificial intelligence (including large language models) to process your profile data and generate personalized recommendations. Your chat conversations and profile information are sent to third-party AI providers (currently Google Gemini) for processing. These providers process data according to their own privacy policies and data processing agreements we have in place. We do not use your personal data to train AI models.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

• Service providers: Third-party vendors who assist in operating the Service (hosting, email delivery, AI processing), bound by data processing agreements
• Legal requirements: When required by law, court order, or governmental authority
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
• With your consent: When you explicitly authorize sharing for a specific purpose

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Chat session data and briefing reports are retained for up to 24 months after generation. You may request deletion of your data at any time (see Section 8). Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), secure authentication mechanisms (httpOnly cookie-based JWT with OTP verification), and access controls. Authentication tokens are stored exclusively in httpOnly cookies that are inaccessible to client-side JavaScript, mitigating the risk of token theft through cross-site scripting (XSS). However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your data for certain purposes
• Restriction: Request restriction of processing in certain circumstances

To exercise these rights, contact us at privacy@palconf.com. We will respond within 30 days.

9. Cookies and Tracking

We use essential httpOnly cookies for authentication (JWT access and refresh tokens) and session management. These cookies are strictly necessary for the Service to function and cannot be accessed by client-side scripts. We do not use local storage for authentication tokens. We do not currently use third-party advertising or analytics cookies. If this changes, we will update this policy and provide appropriate notice and consent mechanisms.

10. International Data Transfers

Your data may be processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.

11. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: