ANONYMITY FAQ
How WhoIsFree handles data, tracking, and privacy.
Cookies
This app does NOT use cookies for tracking users. The only cookie-related code is in the Supabase server client setup, but since the app doesn't use Supabase Auth (no login/signup), no session cookies are actually set. The cookie handling code is boilerplate from the Supabase SSR pattern but remains unused.
Data Collected
From Event Creators (Admin):
| Data | Stored | Purpose |
|---|---|---|
| Event title | Yes | Display to participants |
| Event description | Yes (optional) | Context for participants |
| Instructions | Yes (optional) | Guidance for voting |
| Duration preference | Yes | Calculate time ranges |
| Selected time slots | Yes (as UTC timestamps) | Voting options |
| Timezone | Yes | Display conversion |
No personal information is collected from creators - no email, no name, no IP address, no account.
From Participants:
| Data | Stored | Purpose |
|---|---|---|
| Name | Yes | Identify responses to admin |
| Time slot votes | Yes | Aggregate availability |
| Submission timestamp | Yes | Record keeping |
No email, no account, no IP address is stored for participants.
Privacy Level: Highly Anonymous
- No accounts required - Pure link-based access
- No cookies for tracking - No persistent user identification
- No IP logging - The app code doesn't capture IPs (though hosting infra may have access logs)
- Minimal data - Only what's needed to coordinate the meeting
- 14-day auto-expiration - Events are designed to expire (though the purge job isn't implemented yet)
- Link-based security - Knowing the event ID = access to vote; knowing admin ID = access to results
The only identifier linking a participant to their votes is the name they choose to enter, which can be anything (even a pseudonym).