Community Days | Privacy Notice

1. Who we are

Community Days (communitydays.org) is a community-run directory of developer community events, speakers, and organizers. It is not operated by a company — it is built and maintained by a group of volunteer community team members. The data-controller / privacy contact for Community Days is Thomas Daly, reachable at support@communitydays.org.

2. The personal data we process

• Account & login data — name, email address, and profile photo from your sign-in (e.g. Microsoft account).
• Public profile data — display name, profile handle (the /@your-name URL), tagline, bio, country, company, social links, and community recognitions you add.
• Speaker & organizer activity — sessions, events, and badges associated with you.
• Verification & linking data — records that link your speaker identities across providers and your claim / verification status.
• Usage data— aggregate page views, referrers, and device / approximate location via cookieless analytics (no consent needed); plus usage and error diagnostics via Application Insights (only with your consent — see Cookies & analytics).

3. Where we get it (including data from third parties)

Some of the speaker information we display is not collected directly from you. Event organizers who run their events on Sessionize or run.events post event content on Community Days and share speaker and session data from those systems with us — including names, biographies, sessions, and event participation. We detect likely matches between those speaker identities and your Community Days account by name; once you claim your profile, an administrator reviews and links them so your speaking history appears as one profile. The organizers who submit this content, and the originating platforms, are the source of that data and may act as its data controller; where we process personal data obtained from them we do so in reliance on GDPR Article 14.

4. Why we use it, and our lawful basis

• To run a public directory of community speakers, events, and organizers — legitimate interests (Art. 6(1)(f)); a Legitimate Interests Assessment supports this basis.
• To operate your account, authentication, and profile editing — performance of a service you request.
• To verify speaker claims and prevent mis-attribution of profiles.

5. Public profiles & search visibility

Once your profile is claimed and verified, it is public by default — viewable at a personal link (communitydays.org/@your-name) and eligible to be indexed by search engines. You stay in control: you can opt out of search indexing at any time from your profile privacy settings (“Hide my profile from search engines”). You can correct your details from the profile editor (claimed profiles) or by contacting us, and you can request removal of your information using the opt-out request form on the speaker board and on profile pages, or by contacting us (see Your rights). Unclaimed speaker entries are never indexed by search engines.

6. We never sell or share your data

We do not sell your personal data, and we do not share it with third parties for their own purposes — not for advertising, not for any other reason, ever. The only information about you that others can see is what appears on your public profile — that is the purpose of the directory and is entirely under your control. We rely on service providers acting on our behalf — cloud hosting (Microsoft Azure) and analytics providers (Cloudflare Web Analytics — cookieless, no consent — and, only with your consent, Azure Application Insights; see section 12) — which process data to provide their service to us, not for their own marketing. We would disclose personal data only where legally required to do so.

7. Our role (data controller)

Community Days is run by volunteer community team members, not a company; Thomas Daly acts as the named data-controller contact. As the maintainers, we are responsible for the account and profile information you provide to us directly — your sign-in details and the profile fields you edit. For the speaker and session data that event organizers submit from Sessionize or run.events, those organizers — and the originating platforms — act as controllers for that data; we process it to operate and display the directory.

8. Security

We take reasonable technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or loss — including encryption in transit (HTTPS / TLS), encryption at rest for our database (managed by Microsoft Azure), authenticated sign-in via Microsoft Azure Active Directory, and role-based access controls that limit who can edit data. No method of transmission or storage is completely secure, so we can't guarantee absolute security.

9. International transfers

Data is hosted in the United States on Microsoft Azure (West US / West US 2 regions). For individuals in the EEA/UK this is a transfer to the US; we rely on Microsoft's certification under the EU-U.S. Data Privacy Framework (and Standard Contractual Clauses where applicable).

10. How long we keep it

Community Days is a lasting record of community speaking and event activity, so we keep your public profile and speaking history for as long as we maintain that record — this is the purpose the data is collected for. Account and sign-in data is kept while your account is active and removed when it is closed; diagnostic and log data is kept only briefly; and retired profile handles redirect for up to 6 months, then recycle.

You stay in control: you can ask us to remove your information at any time, and to suppress your profile so it isn't relisted from public sources (see Your rights). Because we compile public speaker data from sources such as Sessionize and run.events, if you later participate in a public event we index your information may reappear unless you ask us to suppress it.

11. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to our processing of your personal data, and to data portability. Specifically you can:

• Correct your profile at any time from your profile editor (claimed users).
• Opt out of search indexing via your profile privacy settings.
• Request removal / erasure of your information using the opt-out request form on the speaker board and on profile pages, or by contacting us. To correct unclaimed speaker data (the form does not edit, only removes), contact us or claim the profile.
• Object to processing based on legitimate interests.

To exercise any of these, contact support@communitydays.org. You also have the right to lodge a complaint with your local data protection authority.

12. Cookies & analytics

We keep cookies to a minimum. Cookies that are strictly necessary for sign-in and core functionality are always on. To understand how the site is used we rely on two tools. Cloudflare Web Analytics (Cloudflare, Inc.) is cookieless and privacy-first — it measures only aggregate usage (page views, referrers, approximate location, device / browser), sets no cookies, does no fingerprinting, and collects no personal data, so it runs without consent. Microsoft Azure Application Insights (Microsoft) captures usage and error diagnostics and uses cookies, so it loads only after you accept analytics cookies in our cookie banner — you can review the categories and decline non-essential cookies from the banner's “Preferences” panel, and change your choice at any time from your profile privacy settings. For how these providers handle data, see Cloudflare's Privacy Policy and Microsoft's Privacy Statement.

13. Children

Community Days is a professional community directory and is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child's information appears here, contact us at support@communitydays.org and we will remove it.

14. Changes to this notice

We may update this notice from time to time. Material changes will be reflected here with a revised “Last updated” date.