Data Policy

We are committed to protecting your data. This policy outlines how your data is collected, stored, accessed, and secured as part of our service.

What We Collect

We collect only the data required to deliver the core features of the platform and to protect your account. This includes:

  • Your email address (used for login and verification)
  • Your chosen nickname (publicly visible)
  • Your avatar (optional and publicly visible)
  • Two-Factor Authentication (2FA) preferences and status
  • Recovery code hashes (never stored in plain text)
  • Event attendance and creation history

Data Storage

All user data is stored securely off-site on trusted infrastructure. We use encrypted private connections and industry standards to ensure this data cannot be accessed by unauthorised systems.

Every connection between the front-end and back-end is secured using TLS (Transport Layer Security). This means data is encrypted in transit to prevent eavesdropping or tampering.

Access Control

Our platform uses RLS (Row-Level Security) to ensure that every query is automatically filtered and scoped to the authenticated user's access level. This prevents accidental or malicious data leaks between users.

Authentication tokens are issued securely and scoped to each session, ensuring only valid users may interact with private data. Sessions expire regularly and are invalidated on logout.

Encryption of Sensitive Data

Some data may be encrypted at rest where appropriate. For example, recovery codes are always encrypted - even Support and Admin staff cannot view or retrieve the original values (so please don't ask for them!).

When you generate recovery codes, they are displayed to you once in plain text and then immediately hashed before being uploaded to our storage. Only you will ever see the raw codes.

Two-Factor Authentication Data

Two-Factor Authentication (2FA) uses a 6-digit Time-Based One-Time Password (TOTP), which changes every 30 seconds and is generated by an app like Google Authenticator. TOTP is a widely-used standard for secure second-factor codes. No codes are permanently stored on our platform. They are temporarily stored for verification purposes and then removed.

Your Control

You can update your nickname, avatar, and other preferences from yourAccount Profilepage.

If you ever lose access to your account, you can use a recovery code to reset your login credentials. Recovery codes can be generated at any time from your Account Security settings.