DSGVO Compliance

FairUp is built in Germany with DSGVO (GDPR) compliance at its core. Your data — and your attendees' data — is protected.

What is DSGVO?

The Datenschutz-Grundverordnung (DSGVO) is the EU's General Data Protection Regulation. It requires organizations to collect only necessary data, obtain explicit consent, protect data security, allow data subjects to access and delete their data, and report data breaches.

How FairUp protects data

Data location

• All data is stored in the European Union
• Servers are located in Germany
• No data is transferred outside the EU

Data collection

• FairUp only collects data necessary for event management
• Clear consent is obtained during registration
• Data fields are labeled (required vs. optional)

Data security

• Encryption at rest and in transit
• Regular security audits
• Access controls and audit logs
• Two-factor authentication available

Data subject rights

• Right to access — users can view their data
• Right to rectification — users can correct their data
• Right to erasure — users can request deletion
• Right to portability — users can export their data

For organizers

As an organizer using FairUp, you are the data controller. You are responsible for obtaining consent, having a privacy policy, only processing data for stated purposes, and responding to data subject requests.

FairUp provides: privacy policy templates, consent checkboxes, export tools, and deletion tools.

For attendees

When attendees register, they see what data is being collected, agree to the privacy policy, and can request their data or deletion anytime.

Data Processing Agreement

For enterprise customers, FairUp provides a DPA outlining what data is processed, retention periods, security measures, and subprocessors.