Appearance
Privacy and security
Gabden uses anonymous product analytics without tracking cookies, browser fingerprinting, or cross-domain audience profiles.
Data minimization
- Community pages are derived from approved messages; visiting a URL creates nothing.
- Guest emails are private and never requested from Gravatar.
- Generated avatars run locally and are never stored.
- Provider images appear only after explicit social authentication.
- OAuth access tokens are not stored with messages.
- IP addresses are stored only as keyed hashes for abuse controls.
- Web Analytics is cookieless and never stores IP addresses — an IP is used only in memory to derive a monthly-rotating visitor hash, so no one is tracked long-term or across sites.
Input boundaries
URLs, origins, domains, names, email addresses, titles, messages, parent IDs, encodings, request sizes, and allowed methods are validated server-side. The widget treats message content as text rather than trusted HTML.
Your responsibilities
Publish a privacy policy explaining why conversations are collected, define a retention policy, moderate unlawful content, and configure CSP to allow only the Gabden resources you use.