For the operation of the Stage platform, the controller is BizWants s.r.o., Kaprova 42/14, 110 00 Praha 1, Česká republika. Privacy contact: stage@bizwants.com. This document explains how Stage processes personal data in connection with accounts, the public website, registration, billing, support, security and operation of the service.
For content of a specific event configured by a customer, the customer may act as controller and BizWants s.r.o. may act as processor, because Stage processes speaker audio, transcripts, translations, audience questions and event metadata according to the customer's configuration and instructions. The customer is responsible for informing event participants and for having a lawful basis for such processing.
Stage may process identification and contact data, account credentials and security data, role and permission data, organisation and billing data, payment identifiers from Stripe or another payment provider, subscription and settlement data, event configuration, language settings, public event tokens, QR codes, support communication, contact form submissions and registration metadata.
During use of Stage, the service may process speaker audio, live transcripts, translations, synthetic voice output, audience questions, votes, event ratings, listener language choices, technical telemetry, IP addresses, user agent, device and browser information, operating system information, logs, timestamps and diagnostic data necessary to operate and secure the service.
Users should not intentionally submit special categories of personal data, confidential information or regulated data unless they have assessed that such processing is lawful, necessary and appropriate for the event and that participants have received the required information.
Stage processes personal data to create and administer accounts, authenticate users, provide the digital service, activate and operate events, deliver live transcription and translation, provide public listener access, answer support requests, handle complaints, process payments, issue invoices, manage subscriptions and overages, prevent abuse, secure the service, maintain logs, comply with legal duties and defend legal claims.
The legal bases include performance of a contract or steps prior to entering into a contract, compliance with legal obligations, legitimate interests in providing, securing, improving and protecting the service, and consent where the law requires consent, for example for selected marketing or optional communications. Where processing is based on consent, consent can be withdrawn at any time without affecting processing that occurred before withdrawal.
Legitimate interests are balanced against the rights and freedoms of affected persons. They include service security, fraud prevention, technical diagnostics, customer support, internal administration, protection of legal claims, product improvement based on operational data and communication with business contacts about similar services where permitted by law.
Personal data may be processed by providers of hosting, storage, backup, email delivery, payment processing, customer support, security, analytics necessary for operation, speech recognition, translation, voice synthesis, monitoring and development tooling. Stripe or another payment provider processes payment data according to its own legal documentation and role.
Stage application data is operated on the operator's servers in the European Union. Event content is not sold, monetised, extracted or provided to third parties for their own commercial use. Third-party providers are used only where necessary to provide, secure, support or bill the service, or where the customer has configured such use.
If personal data is transferred outside the European Union or European Economic Area, Stage uses an appropriate legal transfer mechanism, such as an adequacy decision, standard contractual clauses or another mechanism permitted by GDPR, together with additional safeguards where required.
Account, billing and contract data are retained for the duration of the account or contractual relationship and for the period required by tax, accounting and legal obligations. Data needed to defend legal claims, investigate abuse, resolve complaints or document billing may be retained for the necessary limitation period.
Event content, transcripts, translations, audio-related outputs, telemetry and diagnostics may be deleted or anonymised according to operational rules, plan settings and technical needs unless longer retention is necessary for billing, security, complaint handling, legal obligations or protection of rights.
Unconfirmed self-registration data and confirmation tokens may expire and be deleted or released after the configured validity period. Contact form and support data are retained for the time needed to answer the request, maintain business records and protect rights.
Data subjects may request access to their personal data, rectification, erasure, restriction of processing, portability, objection to processing based on legitimate interests and information about the processing. Where processing is based on consent, they may withdraw consent.
Requests can be sent to stage@bizwants.com. Stage may need to verify the identity of the requester before acting on a request. Requests are handled without undue delay and generally within one month; this period may be extended where GDPR permits it because of complexity or number of requests.
Data subjects also have the right to lodge a complaint with a supervisory authority. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection.
Stage uses appropriate technical and organisational measures considering the nature of the service, including access control, role separation, environment separation, encrypted transport, logging, backups, operational monitoring and restrictions on administrative access.
Security measures are reviewed in light of the service risk profile, GDPR requirements and relevant European cybersecurity expectations, including NIS2 where applicable to the operation.
No internet service can guarantee absolute security. Users are responsible for protecting their credentials, using appropriate devices and networks, assigning roles only to authorised persons, removing unnecessary access and promptly reporting suspected misuse or security incidents.
Stage uses strictly necessary cookies and similar browser storage where needed for login sessions, security, routing a listener to the correct event, language choice, theme preference, interface settings and core service operation. Without these technologies, login, event listening, speaker controls or administration may not work correctly.
Preferences such as light or dark mode, language, listener-page settings or guide visibility may be stored in the browser to keep the service usable and minimally intrusive. Stage will not use optional analytics or marketing cookies unless there is a lawful basis and, where consent is required, prior consent.
Cookie choices are stored in the browser. Stage may also keep a limited technical audit record of consent changes, such as consent version, time, selected categories, page path and pseudonymised technical identifiers. These records are used to demonstrate consent settings, support security, audits and incident handling.
Stage uses automated processing to recognise speech, generate transcripts, translate text, create spoken output, detect technical state and support billing metering. These automated outputs support communication and service operation; they are not intended to make legal, medical, employment, credit or similarly significant decisions about individuals.
Where a customer uses Stage in a context that may significantly affect individuals, the customer must assess whether additional human review, participant information, consent or safeguards are required.
This Privacy and GDPR document is effective from 2026-05-25. If processing changes materially, Stage will publish a new version and, where appropriate, notify users in the app or by email.