SpeakUp – Privacy Policy

This Privacy Policy explains how Shelp FZ-LLC (“SpeakUp”, “we”, “us” or “our”) collects, uses, shares and protects personal data when you use the SpeakUp platform, including our website at speak-up.pro and our iOS and Android applications (together, the “Platform”). It also describes your rights and how to exercise them.

For most personal data described in this Policy, Shelp FZ-LLC is the data controller. Where we process personal data on behalf of a Business User (for example, data a company adds about its team), that Business User may be the controller and we act as a processor under a separate arrangement.

This Policy applies to all users of the Platform, including Speakers, experts, event and conference organizers, podcasters, journalists, media companies, brands and corporate teams, as well as visitors to our website. The Platform is intended only for users aged 18 and over, as explained in Section 13.

We use personal data for the purposes below. Where the EU or UK GDPR applies, the legal basis is shown in brackets.

• To create and manage your account and provide the Platform (performance of a contract).
• To enable AI matching, search, recommendations and booking features (performance of a contract; legitimate interests in providing a useful service).
• To process payments and manage subscriptions (performance of a contract; legal obligation for tax and accounting).
• To communicate with you about service, security and account matters (performance of a contract; legitimate interests).
• To send marketing communications where permitted (consent, or legitimate interests with an opt-out where the law allows).
• To measure, analyse and improve the Platform (legitimate interests; consent for non-essential analytics where required).
• To advertise the Platform, including through advertising partners (consent where required for tracking technologies).
• To keep the Platform safe, prevent fraud and abuse, and enforce our Terms (legitimate interests; legal obligation).
• To comply with law and respond to lawful requests (legal obligation).

The Platform uses artificial intelligence and automated systems to suggest, rank and recommend Speakers, Organizers and opportunities, and to support search, onboarding and certain Content features. These systems consider information such as topics, expertise, languages, audience, event format, profile data and your activity on the Platform.

These matches and recommendations are suggestions only and do not replace your own judgment. We do not use them to make decisions that produce legal effects on you, or similarly significant effects, without a lawful basis and appropriate safeguards.

Push notifications also require permission through your device operating system. You can disable push notifications at any time in your device settings.

We and our partners use cookies, software development kits (SDKs) and similar technologies for essential functions, analytics and advertising. The analytics and advertising tools we use include Google Analytics, Firebase, PostHog, the Meta pixel and the TikTok pixel. Some of these technologies share data with third parties for measurement and advertising, including across different services and devices.

Where the law requires consent (for example in the EU, UK and similar regimes), non-essential cookies and advertising technologies are activated only after you give consent through our cookie banner, and you can change your choices at any time. Our Cookie Policy explains the specific technologies, their purposes and how to manage them.

We share personal data with the following categories of recipients, only as needed and under appropriate safeguards:

• Other users, to the extent your profile, listings, Content and messages are visible to those you interact with on the Platform.
• Service providers (sub-processors) who help us run the Platform, including our payment provider (Stripe), analytics providers (Google Analytics, Firebase, PostHog), advertising partners (Meta, TikTok), our messaging provider (Customer.io), and our hosting and infrastructure provider (Amazon Web Services). We aim to host personal data close to where you are: data of users in the EEA and the UK in an AWS Europe region (Frankfurt), data of users in India in the AWS India (Mumbai) region, and data of users in Singapore, Malaysia and the wider Asia Pacific in the AWS Singapore region. Data of users in the United States and other regions is currently hosted in the AWS Europe region unless stated otherwise.
• App stores (Apple, Google) for app distribution and in-app purchases you make through them.
• Professional advisers, and authorities or other parties where required by law or to protect rights, safety and the integrity of the Platform.
• A buyer or successor in the event of a merger, acquisition or sale of assets, subject to this Policy.

We do not sell personal data for money. Some advertising activity may be considered “sharing” or “sale” under certain US state laws, as explained in Sections 7 and 14.

We are based in the United Arab Emirates. Our platform is hosted on Amazon Web Services across several regions, and we use other service providers located in various countries, including the United States and the European Union. We host personal data of users in the EEA, the UK, the United States and the rest of the world in the AWS Europe (Frankfurt) region, personal data of Indian users in the AWS India (Mumbai) region, and personal data of Asia Pacific users in the AWS Singapore region. As a result, your personal data may be transferred to, stored in, or accessed from countries other than your own, whose data-protection laws differ from those where you live.

We keep personal data only for as long as needed for the purposes described in this Policy, after which we delete or anonymise it. Typical retention periods are:

• Account and profile data: for the life of your account, then deleted or anonymised within a reasonable period after account closure, unless we must keep it longer by law.
• Content and messages: until you delete them or close your account, subject to copies retained by other users or required by law.
• Payment and transaction records: for the period required by tax, accounting and anti-fraud laws.
• Analytics and device data: for a limited period consistent with the relevant tool’s settings and applicable law.
• Marketing data: until you withdraw consent or opt out, and for a short period afterwards to honour your choice.

We use technical and organisational measures designed to protect personal data, such as encryption in transit, access controls, and monitoring. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If a personal data breach is likely to affect your rights, we will notify you and the relevant authorities where the law requires.

Depending on where you live, you may have some or all of the following rights regarding your personal data: access; correction; deletion; restriction; objection; portability; the right to withdraw consent; and the right not to be subject to certain automated decisions. You also have the right to complain to your local data-protection authority.

If you are a US resident, you may have rights under state privacy laws, including in California, Colorado, Virginia, Connecticut, and others. These can include the right to know, access, correct and delete personal data, and to opt out of targeted advertising and of the “sale” or “sharing” of personal data.

If you are in the EEA or the UK, Shelp FZ-LLC is the controller of your personal data. You have the rights described in Section 12 under the GDPR and UK GDPR, and you may lodge a complaint with your local supervisory authority. We rely on the legal bases set out in Section 4, transfer data using the safeguards in Section 9, and obtain consent for non-essential cookies and advertising technologies as described in Section 7.

If you are in India, you have rights under the Digital Personal Data Protection Act, including access, correction, completion, updating, erasure, grievance redressal, and nomination. We process personal data based on consent or other lawful uses recognised by the Act. Because the Platform is restricted to users aged 18 and over, we do not knowingly process the personal data of children as defined under the Act.

If you are in Malaysia, you have rights under the Personal Data Protection Act as amended in 2024, including access, correction, and data portability, and we apply the Act’s data-protection principles. We handle cross-border transfers in line with the applicable transfer guidelines.

We may update this Policy from time to time. If we make material changes, we will give reasonable notice, for example by posting the updated Policy with a new effective date or notifying you in the app or by email. Your continued use of the Platform after the effective date means you acknowledge the updated Policy.