๐ŸŽฏ SessionHunt
+ Submit

Legal

Privacy Policy

Last updated: April 2026  ยท  Governing law: India

SessionHunt ("we", "us", or "our") is a community-curated platform for discovering tech conference sessions. This Privacy Policy explains what personal data we collect, how we use it, and what rights you have over it. We aim to be straightforward โ€” if something is unclear, email us at legal@sessionhunt.com.

1. Data We Collect

We collect only what is necessary to operate the platform:

  • Email address โ€” required for account creation and passwordless sign-in. We use OTP (one-time passcode) authentication; we never store a password.
  • Username โ€” a public handle you choose during onboarding. Visible on your profile and any sessions or votes you submit.
  • Display name โ€” optional, set by you on your profile. Shown publicly in place of your username if provided.
  • Gravatar hash โ€” we compute an MD5 hash of your normalised email address and send it to Gravatar (operated by Automattic, Inc.) to load a profile photo. We do not store the hash ourselves beyond what is needed to render your avatar.
  • Submitted content โ€” session titles, descriptions, speaker names, event nominations, and any other content you voluntarily submit to the platform.
  • Votes and interactions โ€” records of which sessions or events you have upvoted, used to prevent duplicate votes and to display community rankings.
  • Sign-in timestamps โ€” the date and time of your most recent successful authentication, retained for security auditing purposes.

We do not collect payment information, precise location data, or any sensitive personal data.

2. How We Use Your Data

  • Authentication โ€” your email is used to send sign-in codes and to identify your account. We do not use it for marketing without your explicit consent.
  • Profile display โ€” your username, display name, and Gravatar avatar are shown on your public profile page and alongside content you submit.
  • Platform integrity โ€” vote records and account data help us detect and prevent spam, fake submissions, and vote manipulation.
  • Service communications โ€” we may send transactional emails (e.g., sign-in codes, account notices). We do not send promotional newsletters unless you opt in.
  • Moderation โ€” submitted content is reviewed by our moderation team to enforce our Terms of Service.

3. Third-Party Services

We share minimal data with a small number of trusted third-party providers:

  • Cloudflare, Inc. โ€” Our platform is hosted on Cloudflare Workers and served via Cloudflare's global network. Cloudflare processes all traffic for DDoS protection, TLS termination, and caching. This means Cloudflare's infrastructure handles requests that may include your IP address and request metadata. Cloudflare's privacy practices are governed by their Privacy Policy. Session authentication cookies are set as httpOnly cookies managed through Cloudflare Workers.
  • Gravatar by Automattic, Inc. โ€” When displaying profile photos, we send an MD5 hash of your email address to gravatar.com. Gravatar uses this hash to look up and serve a profile image if one exists. If you have a Gravatar account, their system associates the hash with your profile. See Automattic's Privacy Policy for details. If you prefer not to use Gravatar, you can set a display name and no avatar request will visually identify you.
  • Google Fonts โ€” We load the Plus Jakarta Sans font from Google Fonts, which may result in your browser making a request to Google's servers. No personal account data is sent in that request.

We do not sell, rent, or share your personal data with any other third parties for their own commercial purposes.

4. Cookies

We use a minimal, necessary set of cookies:

  • Session cookie โ€” an httpOnly, secure cookie set upon successful sign-in. This cookie authenticates your requests to the API. It contains no personally identifiable information in itself; the server resolves it to your account. It expires after a fixed inactivity period.

We do not use advertising cookies, third-party tracking cookies, or analytics cookies. There is no tracking pixel or behavioural advertising on SessionHunt.

5. Data Retention

We retain your account data for as long as your account is active. If you request account deletion (see Section 6), we will remove your personal data within 30 days. Submitted sessions and events that have been made public may be retained in anonymised form to preserve community history, but they will no longer be linked to your account.

Sign-in logs and security audit records are retained for up to 90 days.

6. Your Rights

You have the following rights with respect to your personal data:

  • Access โ€” you may request a copy of the personal data we hold about you.
  • Correction โ€” you may update your display name and username directly from your profile page. For email corrections, contact us.
  • Deletion โ€” you may request deletion of your account and associated personal data at any time by emailing legal@sessionhunt.com.
  • Data portability โ€” you may request an export of your submitted content in a machine-readable format.
  • Objection / restriction โ€” if you believe we are processing your data unlawfully or wish to restrict processing, please contact us and we will respond within 30 days.

For EU/EEA residents, these rights are provided in accordance with the General Data Protection Regulation (GDPR). For Indian residents, these rights are provided under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

7. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • All data in transit is encrypted via TLS/HTTPS.
  • Authentication tokens are short-lived and single-use.
  • Session cookies are set with the httpOnly and Secure flags to prevent JavaScript access and transmission over unencrypted connections.
  • Database access is restricted to authorised services only.

No method of transmission over the internet is 100% secure. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.

8. Children's Privacy

SessionHunt is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

9. International Transfers

SessionHunt is operated from India. By using the platform, you acknowledge that your data may be processed on servers located in data centres operated by Cloudflare, which may be situated outside India or your country of residence. Cloudflare maintains appropriate safeguards for international data transfers.

10. Governing Law

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules). For users in the European Union or European Economic Area, we additionally comply with the requirements of the General Data Protection Regulation (GDPR) to the extent applicable.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of the platform after changes are posted constitutes acceptance of the updated policy. For material changes, we will make reasonable efforts to notify registered users.

12. Contact Us

For any privacy-related questions, requests, or complaints, please contact us at:

SessionHunt
legal@sessionhunt.com

We aim to respond to all enquiries within 15 business days.