Security

Token safety

• Tokens are capability links; treat them like passwords.
• Never email or log event owner/admin tokens; share directly with organizers.
• Guests get RSVP tokens once; they should bookmark or store them locally.

The platform is intentionally accountless. Losing a token means creating a fresh event or RSVP.

Privacy defaults

Data collected

• Only name, pronouns, status, guest count, and notes are collected.
• Private RSVPs hide from public lists but remain visible to organizers.
• Private channels rely on secrecy of the slug; share carefully.

Transparency is deliberate: organizers cannot silently alter guest responses.