ProductPricingBlog
Language

Privacy Policy

Last updated: March 2026

Who we are

Abastio is an event vendor management platform operated from Portugal. We help event organizers manage their clients, contractors, and events in one place. This policy explains what personal data we collect, why we collect it, and how we protect it. It applies to all users of abastio.com and the Abastio platform.

What data we collect

Account data

When you create an account, we collect your name, email address, and a hashed version of your password. If you set up a company profile, we also store your company name, phone number, and company logo.

Business data you enter

You add clients, contractors, events, budgets, and quotes to the platform. This data belongs to you — we store it so the platform works. It may include names, email addresses, phone numbers, and financial details (prices, budgets) for your clients and contractors.

Files you upload

You can upload company logos and contract PDFs. These files are stored securely on Cloudflare R2 (cloud storage) and are only accessible to your account.

Technical data

We store a JWT authentication token and your language preference in your browser's localStorage. We do not use tracking cookies. We do not use third-party analytics. Standard server logs may record your IP address, browser type, and request timestamps for security and debugging purposes.

How we use your data

We use your data for the following purposes:

  • Authenticate you and keep your account secure
  • Display and manage your clients, contractors, events, quotes, and budgets
  • Generate PDF documents (quotes and budgets) that you create within the platform
  • Store and serve files you upload (logos, contracts)
  • Send transactional emails (account verification, password resets, team invitations)
  • Monitor platform performance and fix technical issues

We do not sell your data. We do not use your data for advertising. We do not profile you.

Data storage and security

Your data is stored on the following infrastructure:

  • Application backend hosted on Railway (cloud infrastructure)
  • Frontend hosted on Railway (cloud infrastructure)
  • Database hosted on PostgreSQL with encrypted connections
  • Files stored on Cloudflare R2 (S3-compatible cloud storage)

We protect your data with these measures:

  • Passwords are hashed with bcrypt (never stored in plain text)
  • Authentication uses JWT tokens with expiration
  • All connections use HTTPS encryption
  • Data is isolated per account — you cannot access another user's data

Our infrastructure providers operate data centers in the EU and the United States. By using Abastio, you acknowledge that your data may be processed in these regions.

Data sharing and third parties

We do not sell, rent, or trade your personal data. We share data only with the infrastructure providers necessary to run the platform:

  • Railway — application and frontend hosting
  • Cloudflare — file storage (R2) and network security
  • Email service provider — for transactional emails only

We may disclose data if required by law, court order, or to protect the safety and rights of our users.

Your rights

Under the GDPR (EU/EEA) and LGPD (Brazil), you have the following rights over your personal data:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Ask us to correct inaccurate or incomplete data
  • Deletion — Ask us to delete your account and all associated data
  • Portability — Request your data in a structured, machine-readable format
  • Restriction — Ask us to limit how we process your data
  • Objection — Object to data processing based on legitimate interest
  • Withdraw consent — Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to file a complaint with a data protection authority. In Portugal, this is the CNPD (Comissão Nacional de Proteção de Dados). In Brazil, this is the ANPD (Autoridade Nacional de Proteção de Dados).

Data retention

We keep your data for as long as your account is active. If you delete your account, we will delete all your personal data and business data within 30 days. Some data may be retained longer if required by law (for example, financial records for tax compliance). Server logs are automatically deleted after 90 days.

Children's privacy

Abastio is a business tool for event professionals. It is not intended for use by anyone under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it.

Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you by email or through a notice on the platform. The "Last updated" date at the top of this page shows when the policy was last revised.

Contact us

If you have questions about this privacy policy or how we handle your data, contact us:

Email: [email protected]

Abastio, Lda.

Portugal