Effective Date: April 6, 2026
tabling.io is an event engagement platform that helps student organizations track attendance and booth activity at campus events using QR codes. This policy explains what we collect, how we use it, and your rights.
By using tabling.io, you agree to the practices described below.
When you scan a QR code, we collect a non-reversible device fingerprint to recognize your device across scans at the same event, your booth visit activity and timestamps, and your challenge and badge progress. We store a single cookie (dp_device) on your device to maintain your session. No personal information is required to participate.
If you create an account, we collect your name and email address, a profile photo if available from Google, and your activity history across all events.
For meeting-type events, an organizer may ask for your first name, last name, and optionally your email at check-in. This is stored as lead data tied to the event.
If you create an organization, we collect your organization name, logo, and branding details. If you connect Google Calendar or Sheets, we store OAuth tokens server-side only — they are never exposed to the browser.
Our hosting providers (Vercel and Supabase) collect standard server logs including IP addresses, browser type, and request timestamps.
We use your information to track event participation and display your stamp card, award badges and challenges, show leaderboards, let you share your passport via a public link, and give organizers attendance and engagement data. If you participate anonymously and later create an account, your stamps and progress are transferred automatically.
We do not use your data for advertising. We do not sell your data to third parties.
Organizers can see attendance data for their events, including names, emails (if you have an account), booth visit history, and badge progress. Anonymous participants appear as “Guest.” Organizers may export data as CSV or sync it to Google Sheets.
We use Supabase for database and authentication, and Vercel for hosting. These providers process data on our behalf under their own privacy policies.
If you sign in with Google or an organizer connects Google integrations, data is exchanged per Google’s privacy policy. Integrations are optional and can be disconnected at any time.
If an organizer configures webhooks, scan and challenge data is sent to their endpoint in real time. Organizers are responsible for how they handle that data.
We use one first-party cookie: dp_device, which maintains your anonymous session across QR scans and expires after one year of inactivity. We do not use third-party cookies, tracking pixels, or advertising trackers.
No account is required to participate. When you scan a QR code, we generate a device fingerprint and store a dp_device cookie. All your booth visits, stamps, and badges are tied to that device — not to any personal information. If you later create an account, your anonymous progress is transferred automatically. This link is one-time and irreversible.
Note: If you clear your browser cookies before creating an account, your anonymous stamps cannot be recovered.
Account data is retained until you request deletion. Anonymous device tokens expire after one year of inactivity. Event data is retained as long as the organizer’s account is active. Google OAuth tokens are stored until the integration is disconnected. Lead data from meeting check-ins is retained with the event and accessible to the organizer.
We limit data access so users can only see what they are authorized to see. Sensitive operations are handled through protected server-side functions. Google OAuth tokens are stored server-side and never exposed to the browser. Authentication cookies are scoped to .tabling.io with appropriate security flags.
No system is completely secure. We encourage creating an account to protect your participation history.
You may access your activity at any time through your passport page. You may participate without an account, request deletion of your account and data, request an export of your participation history, or reset your anonymous session by clearing the dp_device cookie (note: anonymous stamps will be lost). Organizers may disconnect Google integrations at any time.
To exercise any of these rights, contact us at adrian@mancilla.com.
tabling.io is intended for college students and adults (18+). We do not knowingly collect personal information from anyone under 13. If we learn we have collected such data, we will delete it promptly.
We may update this policy from time to time. Changes are reflected by updating the effective date above. We will provide notice through the platform if we make material changes to how we handle your data.
adrian@mancilla.com
https://tabling.io
This policy applies to the tabling.io web platform and all associated subdomains.