Privacy Policy

The Building Beyond You Institute ("we", "us", "our") is deeply committed to protecting the privacy, confidentiality, and security of the personal data of our users, executives, and event participants.

This Privacy Policy ("Policy") details our standards and practices regarding the collection, transmission, storage, processing, and erasure of your personal data when you use our official registration website, located at www.buildingbeyondyouinstitute.com (the "Platform"), and when you register for the Building Beyond You Forum 2026.

By accessing the Platform or submitting your event registration details, you explicitly consent to the collection and processing of your personal information in accordance with this Policy. We operate and comply with applicable data protection laws, including the Nigeria Data Protection Regulation (NDPR) and equivalent regional frameworks across the East African countries where our events occur.

To provide a secure and functional event registration experience, we collect specific categories of personal data:

• Personal Identification Information: This includes your full legal name, active email address, working mobile phone number, and your country and city of residence.
• Event Registration Information: We store your selected city, event date, and ticket tier preference (e.g., Early Bird or Regular) to manage access lists, prepare physical badges, and issue digital Tickets.
• Manual Payment Verification Information: To verify your manual payment via M-Pesa, we collect and securely store the official transaction confirmation SMS text you submit. This verification is essential to authenticate manual transactions to +254 722 614 715.
• ⚠️ Note: We do NOT collect, access, or store M-Pesa PIN numbers, credit/debit card numbers, or full bank account details.
• Technical and Usage Data: When you navigate our Platform, our web servers automatically log details such as your IP address, browser type and version, device type, geographic location, reference source, pages visited, and timestamps.

We collect personal information through these primary methods:

• Direct Submission: You supply data directly when filling in your name, email, phone number, and city, and when pasting M-Pesa payment confirmation texts.
• Automated Technologies: We utilize cookies, standard web server logs, and basic client-side analysis tools to automatically collect technical information as you interact with the Platform.
• Third-Party Verification: We may confirm transaction status by cross-referencing provided confirmation details with local mobile operator payment interfaces or administrative reconciliation ledgers.

We process your personal information strictly for legitimate operational and legal purposes:

• Processing Event Registration: To process your application, secure your seat in the chosen city, and prepare the attendance roster.
• Manual Payment Reconciliation: To verify the manual M-Pesa transaction corresponding to your ticket order before issuing a secure Ticket.
• Ticket Delivery: To automatically generate your digital PDF Ticket with a secure QR code and deliver it via email using our service provider (Brevo).
• Event Communication: To send critical updates regarding venue relocations, date changes, safety guidelines, and speaker details.
• Platform Optimization: To monitor system performance, fix unhandled runtime errors, and enhance the digital user experience.
• Security and Fraud Prevention: To detect, investigate, and block fraudulent transactions, unauthorized ticket duplication, or misuse of the Platform.
• Regulatory Compliance: To maintain audit trails, taxation records, and comply with binding legal orders from government authorities.

We do not sell, rent, trade, or lease your personal information to third parties. We share data only with highly vetted, secure service providers essential to running our operations:

• Brevo (formerly Sendinblue): We utilize Brevo as our transactional email delivery partner. We transmit your name, email address, and ticket details to Brevo to compile and send your digital ticket and registration confirmations. Your data is handled in strict accordance with the Brevo Privacy Policy.
• Render: Our Platform's backend services, application hosting, and databases are hosted on servers managed by Render. All registration data is stored securely on Render's cloud infrastructure, subject to Render's rigorous privacy and security policies.
• Payment Processors: We do not transmit registration details to external payment gateways, as all payments are processed manually via standard mobile networks. Personal data is only reviewed internally for administrative reconciliation.
• Legal Disclosures: We reserve the right to disclose your personal information if compelled by law, court order, or regulatory authorities, or if such action is deemed necessary to protect the safety, properties, and rights of the Institute, our staff, or our attendees.

We implement comprehensive technical and organizational security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction:

• Secure Server Architecture: All database components are hosted on secure, isolated servers provided by Render.
• Encryption: Data is encrypted both in transit using Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocols and at rest within our databases.
• Access Controls: Administrative access to the backend database, registration spreadsheets, and manual M-Pesa SMS confirmation logs is restricted strictly to authorized staff members who require the information for verification.
• Physical Security: Data is stored in secure Tier-3 data centers maintained by cloud providers, featuring multi-factor access barriers and advanced environmental protections.

We retain your personal data only for as long as is necessary to fulfill the operational, tax, audit, and legal obligations detailed in this Policy:

• Registration Data: Attendee name, city selection, and email logs are retained for twenty-four (24) months following the Event to facilitate alumni communications and future Forum invites.
• Payment Verification Data: Pasted M-Pesa SMS verification codes and validation records are securely kept for twelve (12) months for audit trail and financial reconciliation purposes.
• Email Logs: Delivery and dispatch metrics stored on Brevo are kept for six (6) months.

Upon expiration of these designated retention periods, or upon a validated erasure request, we will permanently delete or anonymize your data.

Under applicable data protection legislations (including the NDPR), you possess comprehensive rights regarding your personal information:

• Right to Access: You may request a complete, digital copy of all personal records we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate, outdated, or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): You may request that we permanently delete your personal information from our databases.
• Right to Restrict Processing: You may request that we limit how we process your data while a dispute is being investigated.
• Right to Data Portability: You may request that we transfer your personal data in a structured, machine-readable format to another service provider.
• Right to Object: You can object at any time to the processing of your data for direct marketing or promotional communications.

To exercise any of these statutory rights, please contact our Data Protection Administrator directly at info@buildingbeyondyouinstitute.com. We will process your request within thirty (30) days.

Our Platform uses small text files called "Cookies" placed on your device to enhance your user experience:

• Essential Cookies: Required to handle form submissions, session navigation, and protect registration integrity. Disabling these cookies will prevent the registration forms from working.
• Analytics Cookies: Utilized to compile anonymous, aggregated statistics on how visitors explore our Platform, helping us improve speed and performance.

You can modify your browser settings to decline or delete cookies. However, please note that doing so may negatively impact your ability to register or navigate the Platform.

Because the Building Beyond You Forum 2026 is an international East African tour, and our core servers are managed globally via cloud hosting providers, the personal data we collect may be transferred, stored, and processed outside your country of residence (including servers located in Europe, the United States, or Nigeria).

We take all legally required precautions to ensure that your data is handled with appropriate safeguards, and that all international transfers comply fully with the requirements of the NDPR and regional data transmission regulations.

The Platform is a high-level executive business forum, and is not designed, intended, or structured to attract children under the age of eighteen (18).

We do not knowingly solicit or collect personal information from minors. If we discover that an individual under the age of 18 has submitted their personal information on our Platform, we will take immediate administrative action to permanently delete those records from our servers.

We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our business operations, security practices, or regional regulatory guidelines.

If we make material changes to this Policy, we will notify you by sending a direct email to the email address provided in your registration, or by publishing a prominent notification banner on the Platform. We will also update the "Last Updated" date at the top of this Policy.

We encourage you to periodically review this page to stay informed about how we are protecting your personal data.

For any privacy-related inquiries, data access requests, rectification issues, or compliance questions, please contact our designated privacy staff at: