Addis Today Logo
Addis Today
Create Event

Navigation

WhatsOn Adventures Local Secrets Blog Advertise

Ethiopian Tools

📅 Ethiopian Calendar Ethiopian Time 💵 Currency Converter

Categories

All Categories

View All

AddisToday Privacy Policy

Last Updated: December 28, 2025

The privacy of your dataβ€”and it is your data, not ours!β€”is a big deal to us. In this policy, we explain what data we collect, why we collect it, how we use it, and your rights regarding your personal information.

This policy applies to all AddisToday services, including our website at addistoday.com and any mobile applications we may offer.

What We Collect and Why

We collect and process personal information only when we have a legitimate reason to do so. Here's a breakdown of what we collect and why:

1. Identity and Access Information

What we collect:
- Email address (required for account creation)
- Ethiopian phone number (optional but recommended)
- Username (auto-generated from email if not provided, or you can choose your own)
- Password (stored as an encrypted hash, never in plain text)
- First name and last name (optional)
- Account verification status (email verified, phone verified)

Why we collect it:
- To create and manage your account
- To identify you when you sign in
- To send you service-related communications (verification emails, password resets, event updates)
- To personalize your experience on AddisToday
- To verify your identity for certain features (creating events, posting reviews)

How we use it:
- We won't use your name or company in marketing statements without your permission
- We won't sell your email address or phone number to third parties
- We'll use your email to send important service notifications (you can opt out of promotional emails but not critical service messages)

2. Profile Information

What we collect:
- Profile biography (optional, up to 500 characters)
- Profile picture and banner image (optional)
- Image crop data (for displaying your images correctly)
- Interests and preferences (for event recommendations)
- Location preferences within Addis Ababa
- Notification preferences (email, push notifications)
- Organizer status and verification level
- Services offered (if you're an event organizer)
- Contact information for event organizers (phone and email)

Why we collect it:
- To display your public profile
- To recommend relevant events based on your interests
- To allow event organizers to showcase their services
- To enable communication between users and organizers
- To respect your notification preferences

How we use it:
- Profile information you mark as public will be visible to other users
- We use your interests to personalize event recommendations
- We won't share your contact details unless you explicitly include them in your organizer profile

3. Event and Experience Data

What we collect when you create events or experiences:
- Event title, description, and category
- Location information (address, latitude, longitude)
- Date, time, and duration details
- Pricing information
- Contact details (email, phone, website)
- Event images and media
- Recurrence patterns for recurring events

Why we collect it:
- To display your events on AddisToday
- To help users discover events in Addis Ababa
- To enable attendees to contact you with inquiries
- To provide analytics about your events

How we use it:
- Event information is publicly visible on our platform
- We may feature your events in promotional materials (homepage, social media, newsletters)
- We aggregate event data for analytics and improving our recommendation algorithms

4. User-Generated Content

What we collect:
- Reviews and ratings you submit
- Comments and feedback
- Messages and inquiries you send to event organizers
- Likes and favorites
- Any other content you post to our Services

Why we collect it:
- To display your reviews and help others make informed decisions
- To facilitate communication between users and organizers
- To improve our Services based on feedback
- To moderate content and maintain platform quality

How we use it:
- Reviews may remain published (possibly anonymized) even after you delete your account to maintain review integrity
- Messages are private between you and the recipient
- We may use aggregated, anonymized feedback to improve our Services

5. Geolocation Data

What we collect:
- Your IP address (collected automatically when you visit our site)
- Country code (detected via Cloudflare geolocation or ipapi.co)
- Geographic coordinates for events you create (latitude and longitude)
- Timezone information

Why we collect it:
- To determine if you're located in the EU and need to be shown our consent banner (GDPR compliance)
- To detect and prevent fraud or abusive behavior
- To provide relevant local content (events in Addis Ababa)
- To display events on maps
- To analyze where our users are located (aggregated analytics)

How we use it:
- We cache your country code for 7 days in your browser's local storage to avoid repeated API calls
- We log full IP addresses during signup and for security purposes
- IP addresses are retained while your account is active for security monitoring
- We use Cloudflare's free geolocation (CF-IPCountry header) as our primary method
- We fall back to ipapi.co (free tier, 1000 requests/day) if Cloudflare data isn't available

6. Website Interactions and Analytics

What we collect:
- Pages you visit and when you visit them
- Features you use and how you interact with them
- Links you click
- Search queries
- Browser type and version
- Device information (type, operating system)
- Screen resolution
- Referring websites
- Session duration and page load times

Why we collect it:
- To understand how people use AddisToday
- To improve our Services and user experience
- To identify and fix bugs
- To measure the performance of features
- To analyze which events are popular

How we use it:
- We use Google Analytics 4 (GA4) to track page views and user interactions
- We use Microsoft Clarity for session recordings and heatmaps
- We track 30+ custom events (event views, searches, likes, sign-ups, etc.) to understand user behavior
- We implement GDPR Consent Mode v2, defaulting to denied consent for EU users

Analytics tools we use:
- Google Analytics 4: Page views, events, user journeys
- Google Tag Manager: Event tracking and tag management
- Microsoft Clarity: Heatmaps and session replays (no consent required)

Marketing pixels (only with your consent):
- Meta Pixel (Facebook): Conversion tracking (only loads if you grant marketing consent)
- TikTok Pixel: Conversion tracking (only loads if you grant marketing consent)

7. Verification and Authentication Data

What we collect:
- Verification codes sent to your email or phone
- Email confirmation tokens (64-character unique codes)
- Timestamps of verification attempts
- Verification status flags

Why we collect it:
- To verify your email address and phone number
- To enable password reset functionality
- To prevent fake accounts and spam
- To ensure only verified users can create events or reviews

How we use it:
- Verification codes expire after 10 minutes for security
- Email confirmation tokens remain valid for 7 days
- We mark codes as "used" after successful verification
- We don't share verification data with anyone

8. Communications and Inquiries

What we collect:
- Inquiries you send to event organizers
- Messages exchanged between users
- Support requests you send us
- Your name and email (even if you're not logged in when making an inquiry)

Why we collect it:
- To facilitate communication between users and organizers
- To provide customer support
- To respond to your questions and requests
- To investigate and resolve issues

How we use it:
- Inquiries are visible to you and the event organizer
- Messages are private and only visible to sender and receiver
- We don't read your messages unless required for security, debugging, or legal compliance
- Support communications may be reviewed to improve our support quality

9. Anti-Bot and Security Data

What we collect:
- Mouse movements and click patterns
- Time spent on pages before submitting forms
- IP addresses and device fingerprints
- Failed login attempts
- Suspicious activity patterns

Why we collect it:
- To detect bots and automated scripts
- To prevent spam and fraudulent accounts
- To protect against brute-force attacks
- To maintain platform security

How we use it:
- We analyze patterns to identify non-human behavior
- We may block IP addresses showing suspicious activity
- We implement rate limiting on sensitive actions

When We Access or Share Your Information

Our Default Position

We don't sell your personal data. Period.

We will never sell, rent, or trade your personal information to third parties for their marketing purposes.

When We Access Your Data

Our humans only access your information when necessary for:

  1. Support Requests: When you contact support, our team may access your account to help resolve your issue
  2. Security Incidents: To investigate suspected fraud, abuse, or security threats
  3. Error Debugging: To diagnose and fix technical problems
  4. Legal Compliance: When required by law or legal process

All access is logged and subject to strict internal controls.

Third-Party Services We Use

We share certain data with third-party services that help us operate AddisToday:

Analytics and Tracking

Google Analytics 4
- Data shared: Anonymous user ID, page views, events, custom properties, device info
- Purpose: Understand how users interact with our platform
- Consent: Required for EU users (via GDPR Consent Mode v2)
- Privacy policy: https://policies.google.com/privacy

Microsoft Clarity
- Data shared: Session recordings, heatmaps, page interactions
- Purpose: Improve user experience and identify usability issues
- Consent: Not required (analytics tool, not advertising)
- Privacy policy: https://privacy.microsoft.com/en-us/privacystatement

Meta Pixel (Facebook/Instagram)
- Data shared: Page views, conversion events
- Purpose: Measure advertising effectiveness (when running ads)
- Consent: Required (only loads after you grant marketing consent)
- Privacy policy: https://www.facebook.com/privacy/

TikTok Pixel
- Data shared: Page views, conversion events
- Purpose: Measure advertising effectiveness (when running ads)
- Consent: Required (only loads after you grant marketing consent)
- Privacy policy: https://www.tiktok.com/legal/privacy-policy

Infrastructure and Storage

Cloudflare
- Data shared: IP addresses, request headers, CDN data
- Purpose: Content delivery, DDoS protection, geolocation
- Privacy policy: https://www.cloudflare.com/privacypolicy/

Cloudflare R2 (Storage)
- Data shared: Profile images, event images, uploaded media
- Purpose: Store and serve your uploaded files
- Privacy policy: https://www.cloudflare.com/privacypolicy/

Email Services

Email Service Provider (e.g., Mailersend, SendGrid)
- Data shared: Email address, name, email content
- Purpose: Send verification emails, notifications, password resets
- Privacy policy: Varies by provider

Geolocation

ipapi.co
- Data shared: IP address
- Purpose: Determine your country for GDPR compliance
- Frequency: Once (results cached for 7 days)
- Privacy policy: https://ipapi.co/privacy/

Future Payment Processing

Chapa (when payment features are implemented)
- Data shared: Transaction details, payment information
- Purpose: Process payments for event tickets
- Note: We will never store full credit card numbers (only last 4 digits for record-keeping)
- Privacy policy: https://chapa.co/privacy-policy/

Law Enforcement and Legal Requests

We may disclose your information when:

  1. Required by Law: Court orders, subpoenas, warrants, or other legal processes
  2. Emergency Situations: To prevent harm to individuals or property
  3. Terms Enforcement: To enforce our Terms of Service or investigate violations

Our Approach:
- We scrutinize all legal requests for validity
- We attempt to notify you before disclosure (unless legally prohibited)
- We disclose only the minimum information required
- We publish transparency reports when possible

We operate from Ethiopia and comply with Ethiopian legal processes. We also respect GDPR and other international privacy laws for users in those jurisdictions.

Data Retention

How Long We Keep Your Data

Active Accounts:
- Account data: Retained while your account is active
- Session data: 2 weeks (standard Django session expiration)
- Verification codes: 10 minutes (email/phone codes)
- Email confirmation tokens: 7 days
- Geolocation cache: 7 days (stored in your browser)

After Account Deletion:
- Personal information: Deleted within 60 days
- Published events/experiences: Removed immediately from public view
- Reviews: May remain published (anonymized) to maintain review integrity
- Analytics data: Anonymized and retained for statistical purposes
- Legal/compliance data: Retained as required by law

Images and Media:
- Uploaded files on Cloudflare R2: Deleted when you delete content
- Cached/resized versions: Purged within 30 days

Backups:
- Your data may persist in backups for up to 90 days after deletion
- Backup data is not accessible or used for any purpose

Right to Deletion Exceptions

We may retain certain information even after you request deletion:

  1. Legal Requirements: When required by law to retain records
  2. Fraud Prevention: To prevent abuse and protect other users
  3. Financial Records: Transaction history for accounting and tax purposes
  4. Anonymized Data: Aggregated statistics that don't identify you
  5. Review Integrity: Anonymized reviews to maintain platform credibility

Your Rights and Choices

We respect your privacy rights. Here's what you can do:

1. Right to Know and Access

You can access all your personal information through:
- Your profile settings
- Account dashboard
- Export feature (coming soon)

You can request a copy of all data we hold about you by contacting privacy@addistoday.com.

2. Right to Correction

You can update your information at any time:
- Edit your profile
- Change your email or phone number
- Update event listings
- Modify preferences

If you encounter issues updating your information, contact support@addistoday.com.

3. Right to Erasure (Delete Your Data)

You can delete your account at any time:
- Go to Account Settings β†’ Delete Account
- All personal data will be removed within 60 days
- Some data may be retained as described in "Data Retention" above

4. Right to Restrict Processing

You can limit how we process your data:
- Opt out of marketing emails (while staying subscribed to service emails)
- Disable personalized recommendations
- Adjust notification preferences
- Reject analytics cookies (EU users)

5. Right to Data Portability

You can export your data:
- Download your event listings
- Export your reviews and messages (feature in development)
- Request a complete data export: privacy@addistoday.com

6. Right to Object

You can object to certain data processing:
- Opt out of marketing communications
- Reject analytics cookies (EU users)
- Disable personalized event recommendations

7. Right to Withdraw Consent

If we process your data based on consent:
- You can withdraw consent at any time
- This won't affect the lawfulness of processing before withdrawal
- Withdrawing consent may limit your access to certain features

8. Right to Lodge a Complaint

If you're not satisfied with how we handle your data:
- Contact us first: privacy@addistoday.com
- EU residents: Contact your local data protection authority
- Ethiopian residents: Contact the relevant data protection authority

EU and GDPR-Specific Information

Legal Basis for Processing

For EU residents, we process your personal data under these legal bases:

  1. Contract: To provide the Services you've signed up for
  2. Consent: When you've given explicit consent (e.g., analytics cookies)
  3. Legitimate Interest: To improve our Services, prevent fraud, ensure security
  4. Legal Obligation: When required by law

GDPR Consent Management

How we detect EU users:
1. Check Cloudflare's CF-IPCountry header (primary method)
2. Check cached country code in localStorage (7-day cache)
3. Call ipapi.co geolocation API (fallback)
4. Use timezone heuristic (final fallback)

EU/EEA countries:
Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Iceland, Liechtenstein, Norway, United Kingdom

Consent choices:
- Reject All: Only essential cookies, no analytics or marketing
- Accept Analytics: Analytics cookies only (Google Analytics, Clarity)
- Accept All: Analytics + marketing cookies (Meta Pixel, TikTok Pixel)

Your consent choice is stored in your browser's localStorage and respected across sessions.

Data Transfers Outside the EU

AddisToday is operated from Ethiopia. When you use our Services from the EU:
- Your data may be transferred to and processed in Ethiopia
- We use third-party services (Google, Microsoft, etc.) that may transfer data globally
- We implement appropriate safeguards, including Standard Contractual Clauses where applicable
- EU users have the same privacy rights regardless of where data is processed

EU Representative

For GDPR-related inquiries from EU residents: gdpr@addistoday.com

Cookies and Tracking Technologies

Please see our separate Cookie Policy for detailed information about the cookies we use.

Summary:

Essential Cookies (Always Active)

  • Session cookies (sessionid): Keep you logged in
  • CSRF tokens (csrftoken): Protect against attacks
  • Consent choice: Your cookie preferences

Analytics Cookies (Consent Required for EU)

  • Google Analytics (_ga, _ga_*): Usage analytics
  • Microsoft Clarity: Session recordings

Marketing Cookies (Consent Required for All)

  • Meta Pixel (_fbp, _fbc): Facebook/Instagram advertising
  • TikTok Pixel: TikTok advertising

Local Storage

We use browser localStorage for:
- Consent preferences (addis_consent_choice)
- Country code cache (addis_user_location)
- Cache timestamp (addis_location_timestamp)

Security

How We Protect Your Data

  1. Encryption:
    - All data transmitted between you and our servers is encrypted via HTTPS/TLS
    - Passwords are hashed using industry-standard algorithms (never stored in plain text)
    - Database backups are encrypted

  2. Access Controls:
    - Two-factor authentication available (recommended)
    - Role-based access controls for team members
    - All admin access is logged

  3. Infrastructure Security:
    - HSTS (HTTP Strict Transport Security) enabled
    - Content Security Policy (CSP) headers
    - Protection against XSS and CSRF attacks
    - Regular security updates and patches

  4. Monitoring:
    - Automated alerts for suspicious activity
    - Regular security audits
    - Rate limiting on sensitive endpoints

What You Can Do

  1. Use a Strong Password: Mix of letters, numbers, and symbols (minimum 8 characters)
  2. Enable Two-Factor Authentication: When available
  3. Keep Your Email Secure: Your email is used for password resets
  4. Don't Share Your Credentials: Each person should have their own account
  5. Report Security Issues: security@addistoday.com

Security Incidents

If we discover a data breach that affects your personal information:
- We'll notify you by email within 72 hours (as required by GDPR)
- We'll describe what happened and what data was affected
- We'll explain what we're doing to prevent future incidents
- We'll advise you on steps you can take to protect yourself

Children's Privacy

AddisToday is not intended for children under 13. We don't knowingly collect personal information from children under 13.

If you're under 13, please don't use our Services or provide any information to us.

If you're a parent or guardian and believe your child has provided us with personal information, contact us at privacy@addistoday.com and we'll delete the information.

Users between 13-18 should have parental permission before using our Services.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

  1. We'll update the "Last Updated" date at the top
  2. We'll notify you via email if the changes are significant
  3. We'll post a notice on our website
  4. We may ask for your renewed consent if required by law

Your continued use of the Services after changes constitute acceptance of the updated policy.

How to Stay Informed

  • Check this page periodically for updates
  • Subscribe to our email notifications
  • Follow our blog or social media for announcements

International Users

Ethiopian Users

AddisToday is based in Addis Ababa, Ethiopia. If you're using our Services from Ethiopia:
- Your data is primarily processed and stored in Ethiopia
- Ethiopian law governs our data practices
- You have rights under applicable Ethiopian data protection laws

Non-Ethiopian Users

If you're accessing our Services from outside Ethiopia:
- Your data may be transferred to and processed in Ethiopia
- We comply with applicable international privacy laws
- EU users receive GDPR protections
- Users in other jurisdictions have the privacy rights granted by their local laws

Contact Us

Questions, concerns, or requests regarding this Privacy Policy or your personal data?

General Privacy Inquiries:
- Email: privacy@addistoday.com

GDPR/EU Inquiries:
- Email: gdpr@addistoday.com

Security Issues:
- Email: security@addistoday.com

General Support:
- Email: support@addistoday.com
- Website: https://addistoday.com

Mailing Address:
AddisToday
Addis Ababa, Ethiopia
(Full address to be added)

Transparency and Trust

We're committed to transparency about our data practices. This policy explains what we do, but if you have questions or concerns, we're here to help.

We believe:
- Privacy is a fundamental right
- You should own your data
- Transparency builds trust
- Security is an ongoing commitment

Thank you for trusting AddisToday with your information.

This Privacy Policy was adapted from Basecamp's open-source policies under Creative Commons Attribution 4.0 and customized specifically for AddisToday's platform and practices based on a thorough audit of our codebase.

Last audited: December 28, 2025

Questions About This Policy?

We're here to help. Contact us with any questions or concerns:

Related Policies

Terms of Service Cookie Policy Acceptable Use Policy