Privacy Policy

Alby Privacy Policy

Last updated: 5 June 2026

Alby is an event platform for building event microsites, registration and invite-only access flows, audience interaction tools and formal voting experiences. This Privacy Policy explains how Alby collects, uses, stores and shares personal information.

1. Who this policy covers

This policy applies to people who use Alby, including account owners, account administrators, event editors, event viewers, microsite visitors, registrants, invite-only attendees, lead-capture users, voters, observers and people who submit chat, Q&A or poll responses.

Where an organisation uses Alby to run an event, that organisation is usually responsible for deciding what attendee, voter or participant information is collected for that event. Alby provides the platform used to collect and process that information.

2. Information we collect

The information collected depends on how Alby is used. It may include:

• Account details such as name, organisation, email address, role, login records and account permissions.
• Billing and subscription information such as plan selection, invoice records, payment status and Stripe checkout references.
• Event setup information such as event names, dates, pages, branding, embeds, access settings, email templates and event configuration.
• Registration, invite-only and lead-capture details such as name, email address, organisation, branch, custom registration fields and unique access links.
• Voting information such as voter records, voting eligibility, voting status, submitted votes, observer records, access audit logs, organisation breakdown data and round history.
• Interaction information such as chat messages, Q&A submissions, poll responses, moderation actions, display selections and presenter/on-air output settings.
• Zoom integration information where an account owner or administrator connects a Zoom account, including the connected Zoom user's name and email address, Zoom account identifier, OAuth token expiry information, encrypted OAuth refresh tokens and the date/time the Zoom connection was last verified.
• Zoom meeting configuration entered by an event administrator, such as meeting ID, passcode and Zoom element display settings.
• Email records such as send status, timestamps, recipient address, skipped send reasons and delivery-related logs.
• Technical information such as IP address, browser user agent, session identifiers, device/browser identifiers, page access logs, timestamps and error/debug information.

3. How we use information

Alby uses personal information to:

• Create, manage and secure Alby accounts.
• Provide event microsites, registration pages, invite-only access and lead-capture forms.
• Send invitation, confirmation, reminder, feedback and platform emails.
• Operate Alby Vote, including access control, voting, results, participation tracking and audit records.
• Operate Alby Interact, including chat, Q&A, polling, moderation and display outputs.
• Operate the Alby Zoom integration, including verifying connected Zoom accounts, refreshing Zoom OAuth access when needed and providing the required Zoom Meeting SDK authorization for embedded Zoom meeting joins.
• Process subscription, billing, checkout and usage information.
• Protect the service from misuse, unauthorised access, fraud and security incidents.
• Support, maintain, test and improve the platform.
• Meet legal, tax, accounting, dispute resolution and audit obligations.

4. Event organiser responsibilities

Event organisers control much of the information collected through their own Alby events. They are responsible for ensuring they have permission or another lawful basis to collect attendee, registrant, voter or participant information, and for explaining event-specific use of that information where required.

For example, if an event organiser adds custom registration fields, uploads a voter list, enables organisation-level reporting, exports event records or embeds a third-party service such as Zoom, the organiser is responsible for using that data appropriately.

5. Cookies and similar technologies

Alby uses essential cookies and similar technologies to keep users signed in, maintain event sessions, protect access-controlled pages and support platform security. More detail is available in the Cookie Notice.

6. Sharing information

Alby may share information with:

• The account owner, authorised account users and event administrators connected to the relevant account or event.
• Service providers that help operate Alby, such as hosting providers, email infrastructure, payment processors, analytics/logging services and security tools.
• Third-party services selected or embedded by an event organiser, such as livestream platforms, Zoom, Slido, Vimeo, YouTube or similar tools.
• Professional advisers, regulators, law enforcement or other parties where required by law or necessary to protect Alby, users or the public.

Alby does not sell personal information to advertisers.

7. Third-party services and embedded content

Events may include third-party embeds or integrations. Those services may collect information directly from users under their own policies. Event organisers should check the relevant third-party terms and privacy notices before embedding or enabling those tools.

Where a third-party service is used, that service may process user information according to its own terms and privacy policy. Alby is not responsible for the operation, availability, security settings or data handling practices of third-party services outside Alby's control.

8. Zoom integration

Alby allows account owners and administrators to connect a Zoom account and embed Zoom meetings into Alby microsite pages using the Zoom Meeting SDK.

When a Zoom account is connected to Alby, Alby may collect and store limited Zoom account connection information, including the connected Zoom user's name and email address, the connected Zoom account identifier, OAuth access token expiry information, encrypted OAuth refresh tokens and the date/time the Zoom connection was last verified.

Alby uses this information only to operate the Zoom integration, verify the connected Zoom account, refresh Zoom OAuth access when needed and provide the required Zoom Meeting SDK authorization for embedded meeting joins.

Alby may also store Zoom meeting details entered by an Alby event administrator, such as meeting ID, passcode and Zoom element display settings. These details are used to load the configured Zoom meeting inside the relevant Alby microsite page.

When an attendee joins a Zoom meeting through an Alby microsite, Alby may pass attendee details, such as name and email address, to Zoom where those details are available from the microsite registration, invite-only, lead-capture or attendee access flow. Zoom uses this information to identify the attendee within the Zoom meeting experience.

Alby does not store Zoom meeting audio, video, screen sharing content, recordings, transcripts, Zoom chat history or Zoom participant content. These parts of the meeting experience are provided and processed by Zoom according to Zoom's own terms, policies and settings.

Alby uses Zoom OAuth scopes only for the Zoom integration features described in this policy. Alby does not use Zoom access to create, edit, delete or manage a customer's Zoom meetings, recordings, transcripts, contacts, calendars, billing, chat history, users or account settings.

If a user disconnects Zoom from Alby, Alby removes the stored Zoom connection details and OAuth tokens from the Alby account. Users may also remove Alby from their installed apps or authorised applications in their Zoom account.

9. Storage, security and retention

Alby uses reasonable technical and organisational safeguards to protect personal information from loss, misuse, unauthorised access, disclosure or alteration. No internet service can be guaranteed completely secure, but security and access control are treated as core platform requirements.

OAuth client secrets and Zoom token exchange operations remain server-side. Zoom OAuth refresh tokens are encrypted before they are stored in Alby's database. Token encryption uses an application-level encryption key stored outside the database in the server environment configuration. Public browsers do not receive Zoom OAuth client secrets or refresh tokens.

Information is retained for as long as needed to provide Alby, maintain event records, support audit requirements, comply with legal/accounting obligations, resolve disputes and protect the platform. Event lifecycle controls may make public event pages unavailable while administrative records remain accessible to authorised users.

10. Access and correction

People may ask to access or correct personal information held about them. Account users can update some information directly inside Alby. Event attendees, voters and participants should usually contact the event organiser first, because the organiser controls the event and its records.

Privacy requests can also be sent to privacy@alby.live.

11. International processing

Alby and its service providers may process or store information in New Zealand or other countries where hosting, payment, email, communication or support services are located. Where information is sent to service providers, Alby expects those providers to protect the information appropriately.

12. Children and sensitive information

Alby is designed for event and organisation use. It is not intended for children to create accounts. Event organisers should avoid collecting sensitive information unless it is genuinely required for the event and they have handled any required notice, consent or legal basis.

13. Changes to this policy

Alby may update this Privacy Policy as the platform changes. The updated date above shows when this page was last revised.

14. Contact

For privacy questions or requests, contact privacy@alby.live.