Privacy by design
Privacy is treated as an architectural property rather than a policy document. The decisions below are made in the data model and the interface, where an attendee can act on them.
- Data minimisation: the platform asks for what running the event genuinely requires, and does not accumulate personal data on the chance it may later prove useful.
- Contact sharing is consent-gated. An attendee’s email address and telephone number leave the server only when that attendee has chosen to share them — registering does not disclose them as a side effect.
- Every participant governs their own directory visibility, contact card, messaging availability and openness to meetings, and can change any of it at any time.
- Account deletion is genuine. The account is removed and the records that must remain for the integrity of the event are anonymised, rather than merely flagged as inactive.