You shouldn't see personal data by default
As an organiser you manage the data of hundreds, sometimes thousands of visitors. That comes with responsibility: under the GDPR you may only process personal data for a clear purpose, and you shouldn't expose more of it than necessary. That principle is called data minimisation — and it's exactly why MijnEvent masks buyer e-mail addresses by default in the dashboard.
In practice: when you browse your orders or visitor list, you no longer see full e-mail addresses, but a masked version like j•••••@gmail.com.
Why is that smarter?
Having every visitor's e-mail address on full display is an unnecessary risk:
- Smaller exposure. If someone glances over your shoulder, or a laptop is left unattended, not every address is instantly out in the open.
- No harvesting. Nobody can scroll through your lists to copy a complete address list in one go — for unsolicited mail, for example.
- Deliberate use. You only see an address when you actually need it, not as a by-product of normal navigation.
At the same time we don't want to get in your way. Sometimes you must be able to reach a buyer — for a cancelled event, a refund, or a question at the door. So masking isn't the same as hiding.
Still findable: search by the exact address
If you know a visitor's e-mail address, you can still find them. Type the full address in the search bar (case doesn't matter) and their order and tickets appear.
What's no longer possible is searching on part of an address to browse around. So you only find someone if you already know who you're looking for — not by fishing.
And when you really need the full address?
On the order page there's a "Show e-mail address" button. One click and you see the full address. The difference with other systems: that reveal is recorded in your organisation's audit log — who requested the address and when. Legitimate access stays possible and accountable.
Part of a broader privacy foundation
E-mail masking doesn't stand alone. MijnEvent is built to be privacy-friendly in more ways:
- Visitors can download their own data (access and portability) and request account deletion. On deletion we anonymise the personal data while keeping orders for administrative reasons.
- Temporary data is cleaned up automatically. Expired login links, one-time codes and old sessions (with IP address) are wiped daily — data doesn't linger longer than needed.
- Removing an inspector wipes their personal data while keeping the check-in history intact.
In short
| Situation | What you see |
|---|---|
| Browsing lists | Masked address (j•••••@gmail.com) |
| Searching the exact address | The buyer and their tickets |
| Searching part of an address | No buyer results |
| Clicking "Show e-mail address" | Full address — and logged in the audit trail |
At MijnEvent privacy isn't an afterthought but a design choice. Just like accessibility, it's simply part of the deal.