← 100x

Privacy Policy

Darkstar 100x registration. Effective: June 2026

---

1. Who we are

Darkstar Coalition is the data controller for personal data processed through this registration site for Darkstar 100x. We organise defence technology events, camps, and related programmes.

---

2. What this policy covers

This policy applies to personal data submitted through the 100x registration form and to technical data collected when you visit this site. For our other programmes and websites, see the privacy policy published on darkstar.ee.

---

3. What data we collect

When you register, we collect exactly what you enter into the form:

• Full name and work email address
• Company, role, and country
• LinkedIn profile URL (optional)
• A short description of what you are building
• Your selected session tracks and optional referral note

For abuse prevention we additionally process your IP address (stored only as a keyed, irreversible hash), your browser user-agent string, and a reCAPTCHA verification score. We do not collect anything else, and the form has no hidden tracking.

---

4. Why we process your data and on what legal basis

Purpose	Data used	Legal basis	Retention
Validate and approve attendees for the event	All registration data	Consent	Deleted within 30 days after the event
Communicate approval status, entry credential (QR code), venue, and timing	Name, email	Consent	Deleted within 30 days after the event
Event-day entry control (QR scan at the door)	Name, entry credential	Consent / legitimate interest (event security)	Deleted within 30 days after the event
Abuse and spam prevention	Hashed IP, user-agent, reCAPTCHA score	Legitimate interest	Deleted within 30 days after the event

That is the complete list. Your data is used only for attendee validation and approval for this event and the directly related logistics above. We do not use it for marketing, we do not sell it, we do not share it with sponsors or partners, and we do not use it for automated decision-making or profiling. Approval decisions are made by people.

---

5. How your data is protected

We treat event registration data as sensitive and apply the following technical and organisational measures:

• Client-side encryption (CSE): every registration record is encrypted by our application with AES-256-GCM before it is written to storage. The storage layer only ever holds ciphertext; the encryption key is managed separately in AWS Secrets Manager and never stored alongside the data.
• EU data residency: all registration data is stored on Amazon Web Services (AWS) infrastructure in the European Union (region eu-central-1, Frankfurt). It is not transferred outside the EU/EEA.
• Encryption in transit: all connections to this site use TLS.
• Access control: decrypted data is accessible only to a small number of authorised Darkstar team members involved in attendee vetting, using industry best practices for security controls across application, infrastructure, and network security.
• Security controls: we apply industry best practices for application, infrastructure, and network security, and review them regularly.

---

6. Deletion after the event

All registration data, including approved-attendee records, entry credentials, and abuse-prevention metadata, is deleted within 30 days after the event takes place. If you are not approved, or the event is cancelled, your data is deleted on the same schedule or earlier. You can also request deletion at any time before that (see your rights below).

---

7. Service providers (sub-processors)

We keep the list of providers deliberately short:

Provider	What they do	Data involved	Location
Amazon Web Services (AWS)	Hosts this site and stores encrypted registration data; sends transactional email (approval, credential, reminders)	Encrypted registration records; email address and name for transactional email	EU (Frankfurt, eu-central-1)
Google LLC (reCAPTCHA)	Bot and abuse detection on the registration form	IP address, browser signals (processed by Google under its own terms)	EU / US (EU-US Data Privacy Framework)
Google LLC (Analytics)	Aggregate site traffic measurement	Anonymised IP, page views, browser signals	EU / US (EU-US Data Privacy Framework)

Registration data itself never leaves AWS EU infrastructure. Besides reCAPTCHA, the site uses Google Analytics (with IP anonymisation) to measure aggregate page traffic; analytics data is never linked to your registration. No advertising scripts are used.

---

8. Your rights

Under the EU General Data Protection Regulation (GDPR) and Estonian data protection law, you have the right to:

• Access the personal data we hold about you
• Rectification of inaccurate data
• Erasure of your data at any time (your registration is simply withdrawn)
• Restriction of processing
• Portability of your data in a structured, machine-readable format
• Withdraw consent at any time, which withdraws your registration

To exercise any of these rights, email privacy@darkstar.ee. We respond within 30 days.

If you believe we have not handled your data correctly, you can lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at aki.ee, or with the supervisory authority in your country of residence.

---

9. Cookies and analytics

This site sets no cookies of its own. Google reCAPTCHA may set cookies required for bot detection, and Google Analytics may set cookies to measure aggregate site traffic (with IP anonymisation enabled); both are governed by the Google Privacy Policy. Analytics data is aggregate usage measurement only and is never combined with your registration data.

---

10. Children

This event and site are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors.

---

11. Changes to this policy

Material changes will be posted on this page and the effective date above will be updated. Since data is deleted after the event, this policy has a naturally limited lifespan.

---

12. Contact

Darkstar Coalition
Email: privacy@darkstar.ee
Web: darkstar.ee