Skip to content

Privacy and security

Gabden uses anonymous product analytics without tracking cookies, browser fingerprinting, or cross-domain audience profiles.

Data minimization

  • Community pages are derived from approved messages; visiting a URL creates nothing.
  • Guest emails are private and never requested from Gravatar.
  • Generated avatars run locally and are never stored.
  • Provider images appear only after explicit social authentication.
  • OAuth access tokens are not stored with messages.
  • IP addresses are stored only as keyed hashes for abuse controls.
  • Web Analytics is cookieless and never stores IP addresses — an IP is used only in memory to derive a monthly-rotating visitor hash, so no one is tracked long-term or across sites.

Input boundaries

URLs, origins, domains, names, email addresses, titles, messages, parent IDs, encodings, request sizes, and allowed methods are validated server-side. The widget treats message content as text rather than trusted HTML.

Your responsibilities

Publish a privacy policy explaining why conversations are collected, define a retention policy, moderate unlawful content, and configure CSP to allow only the Gabden resources you use.

Privacy-first website engagement.