Skip to main content

Data Protection and Privacy

Orion Board is built with data protection and privacy in mind. This page outlines how we limit exposure of sensitive information and ensure users only see what they are meant to see.

Minimizing Sensitive Data

We have done everything we could to avoid downloading or storing sensitive information unnecessarily:

  • Verification images and attachments are handled with care; tickets are auto-deleted shortly after close when sensitive content was shared (see Verification).
  • Context options for watchlist (message history) are restricted in verification tickets and staff channels to avoid attaching sensitive content to entries.
  • The system is designed to minimize what is retained and for how long.

Permission System

Users cannot see things they are not meant to see. A robust permission system controls access:

  • Role-based access — Each role (Moderator, Senior Event Team, Event Committee, etc.) sees only the sections and data they are permitted to access.
  • Server vs Event — Server staff and event staff have separate views; you only see what your role allows.
  • Moderation actions and watchlist entries — Users cannot see their own moderation actions or watchlist entries unless they have management-level permissions (e.g. committee, admins). This prevents subjects from viewing their own records.

Limited Information per User

Information is limited to what each user needs for their role:

  • Cutie Helpers see verification-related content only.
  • Moderators see server moderation, watchlist, and server tickets.
  • Event staff see event moderation, event watchlist, host discretion (as permitted), and event tickets.
  • High staff and admins have broader access where required for oversight.

Ticket Transcript for Ticket Openers

Users who opened a ticket have access to a single transcript page for their own ticket. They can view the transcript of their conversation with staff—nothing more. They do not have access to other tickets, moderation logs, or watchlist entries.

Ticket Feedback Voting

When a ticket is closed, the ticket opener can rate the experience (feedback voting). Higher staff receive visibility into this feedback so they can monitor support quality and address issues when needed. This helps improve the experience without exposing internal data to members.

Summary

  • Sensitive data is minimized and retained only as needed.
  • A permission system ensures users see only what their role allows.
  • Moderation actions and watchlist entries are not visible to the subject (unless management permission).
  • Ticket openers receive a single transcript for their own ticket only.
  • Ticket feedback voting lets members rate support; higher staff use this for quality assurance.