Privacy Policy

Rubicon Digital is an event-technology agency operating from remote-first teams with registered virtual offices at:

• 71 Shelton St, London WC2H 9JQ, United Kingdom (EMEA)
• 30 N Gould St Ste R, Sheridan, WY 82801, United States

For any questions about this policy or how we handle your personal data, contact [email protected]. We act as data controller for personal data collected through the website. For event deployments (Rubicon Meetings Management, Lead Capture, Orbsense) we typically act as data processor on behalf of the client.

We may process the following categories of personal data:

• Contact details — name, business email, company, job title — when you email us or complete a contact form.
• Website usage data — IP address, browser type, pages visited, referrer, approximate location — collected through server logs and, with your consent, analytics tools.
• Event-deployment data — in the course of providing Rubicon Meetings Management, Lead Capture, and Orbsense deployments we may process attendee data (name, role, organisation, meeting attendance, badge-scan events) strictly on behalf of the event organiser under a data processing agreement.

We use personal data on the following legal bases:

We only share personal data with service providers that we have contracted with under appropriate data-protection terms, including:

• Hosting, CDN, and security infrastructure (e.g. Cloudflare, our deployment host)
• Email, scheduling, and CRM tools used to follow up on enquiries
• Sub-processors engaged for specific event deployments, disclosed in the applicable data processing agreement
• Regulators, courts, and professional advisers where required by law

Some of our service providers operate outside the UK and EEA. Where personal data is transferred internationally we rely on the UK International Data Transfer Addendum, EU Standard Contractual Clauses, or an adequacy decision, as appropriate, to ensure your data receives equivalent protection.

We retain personal data only for as long as necessary for the purposes described above, and in line with applicable legal, accounting, or reporting requirements. Typical periods are: enquiry correspondence — 24 months; contractual records — 7 years; event-deployment data — as instructed by the client data-controller (usually deleted within 90 days of event end).

Under UK and EU GDPR you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data
• Erasure (the “right to be forgotten”)
• Restrict processing in certain circumstances
• Data portability
• Object to processing based on legitimate interests
• Withdraw consent at any time, where consent is the basis
• Lodge a complaint with the Information Commissioner's Office (UK) or your local supervisory authority

To exercise any of these rights, email [email protected]. We will respond within one month.

We use a small number of strictly necessary cookies required for the site to function. Any analytics or marketing cookies are set only after you have given consent via our cookie banner. You can withdraw consent at any time by clearing the stored preference in your browser.

We maintain appropriate technical and organisational measures including TLS in transit, encryption at rest, role-based access, audit logging, and regular security reviews. Our event deployments can be delivered in line with ISO 27001, SOC 2, and client-specific GxP requirements on request.

We may update this policy from time to time. Material changes will be communicated via the website and, where appropriate, by email.

Questions about this policy, or requests to exercise your rights, should be sent to [email protected].