Privacy Policy
Last updated: 17 June 2026
This Privacy Policy explains how WhoIsComing ("we", "us", or "our") collects, uses, and protects personal data when you use WhoIsComing (the "Service") at whoiscming.com. We process personal data in accordance with Regulation (EU) 2016/679 (GDPR).
1. Data Controller
The data controller is WhoIsComing (operated by Lajos Koszti), reachable at info@whoiscoming.io.
2. Data We Collect
Event owners (account holders)
- Email address — used to send magic-link sign-in emails and to identify your account.
Invited guests
- Name and email address — provided by the event owner when creating an invitation.
- RSVP response data — attendance status, headcount per attendee group, accommodation preferences, and any free-text notes you submit.
Technical data
- Server logs — IP address, browser User-Agent, request path, and timestamp. Retained for up to 90 days.
- Session and language cookies — see our Cookie Policy.
Pro-plan interest data (pre-launch period)
- Upsell interaction log — owner ID, action type (upgrade page view, payment-intent click), and timestamp. Retained until Pro launches or you delete your account.
- Launch notification request — your email address and explicit consent timestamp, stored only if you opt in to be notified when Pro becomes available. Deleted after the notification is sent or on your written request.
3. Legal Bases for Processing
- Performance of a contract — processing your email address to provide magic-link authentication and deliver the Service you signed up for.
- Legitimate interests — delivering invitations and RSVP results on behalf of event owners; maintaining secure server logs; storing your language preference.
- Legitimate interests — recording anonymised upsell interaction signals (no payment data, no third parties) to measure product demand and prioritise development.
- Consent — storing your email address to send you one notification when Pro features become available, only if you explicitly opt in.
- Legal obligation — retaining records as required by applicable law.
4. How We Use Your Data
- Send sign-in links and invitation emails.
- Display and tally RSVP responses for event owners.
- Process subscription payments (Pro plan).
- Maintain the security and integrity of the Service.
5. Third-Party Processors
We share data with the following processors under GDPR-compliant data processing agreements:
| Processor | Purpose | Data shared |
|---|---|---|
| Mailgun (Sinch) | Transactional email delivery | Recipient email address, message content |
| Stripe | Payment processing (Pro plan) | Email address, billing details |
We do not sell personal data or share it with advertisers.
6. Data Retention
- Account data — retained until you request account deletion.
- Event and RSVP data — retained until the event owner deletes the event.
- Server logs — deleted after 90 days.
- Payment records — retained as required by tax and financial regulations.
- Upsell interest log — deleted when Pro features launch or when you delete your account.
- Launch notification opt-in — deleted after the notification is sent or on your written request.
7. Your Rights
Under GDPR you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erase your data ("right to be forgotten").
- Restrict or object to certain processing.
- Data portability — receive your data in a machine-readable format.
- Lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH — naih.hu).
To exercise any of these rights, email info@whoiscoming.io. We will respond within 30 days.
8. Security
Personal data is stored in a private SQLite database on a server located in the EU. Access is restricted to the data controller. Connections to the Service are encrypted via TLS.
9. Changes to This Policy
We may update this policy and will indicate the revision date at the top of this page. Material changes will be communicated to account holders by email.