WhenToMeet LogoWhenToMeet
Sign In

How to share your event series without leaking attendees

If you've ever run a public event through a typical group event tool, you've probably seen a version of this: someone's attending, their name is visible on the event page, and another attendee emails them out of the blue. Or the attendee list is technically scoped but quietly accessible to a signed-in snoop. Or the export to CSV is one wrong click away from a leaked list.

The common thread is that the tool treats "attendee" as a first-class entity. They exist in the system. They have a name. That name is associated with the event. And from there, every leak path is just a UX decision away.

A broadcast group inverts this by design.

The model

In a broadcast group, there are no attendees — only subscribers. Subscribers are anonymous. You never collected their email, so you can't expose it. They never agreed to be on a list, so there's no list to export. They can't see each other, because the server has nothing to show.

What the server has is a subscription count. That's the single data point. No names, no emails, no identifiers. Everything else — attendance, engagement, anything like that — happens in downstream tools (your video platform, your signup forms for paid tiers, your newsletter), where you've explicitly opted into collecting it.

Why this matters beyond privacy theatre

Three practical reasons this design choice pays off.

Legal simplicity. GDPR, CCPA, and the patchwork of state laws all hinge on whether you collected personal data. If you didn't, most of the compliance surface collapses. Your DPIA for a broadcast group is roughly two sentences long.

Support load. The most common support tickets in RSVP-style tools are "delete my account" and "what data do you have on me." If the answer is "nothing identifiable," those tickets stop existing.

Outreach attribution stays clean. Because no one gave you their email, nobody can blame you for spam. A subscriber who got an unrelated marketing email can be certain it didn't come from your calendar. That trust compounds.

What you give up

The honest tradeoff: you can't follow up with a specific attendee. You can't email the subscriber list. You can't retarget ads to them.

For almost all public event series, that's not actually a loss — it's a discipline. It forces the event itself to be the marketing channel, and it forces any identified relationship (newsletters, paid products, communities) to start with consent.

For the small set of events where identified follow-up genuinely matters — paid cohorts, closed communities, ticketed drops — a broadcast group isn't the right tool. Use a tool that collects the email, because there you actually need it. Don't use one for events where you don't.

A checklist for migrating a public series

  1. Can attendees currently see each other's names or emails? If yes, you have a leak.
  2. Can your staff export a list of attendees to CSV? If yes, you have a leak in waiting.
  3. Do event pages show signed-up users? If yes, you're training attendees to expect exposure.
  4. Is every collected email actually used in a downstream flow? If no, you're accumulating liability.
  5. Would a quiet anonymous subscriber count be enough to measure success? If yes, move.

Most public-series organizers answer 1-4 honestly and find they've been collecting data they don't use, creating exposure they don't need, for reasons that made sense in 2014 and stopped making sense around 2020.

The upgrade path is a broadcast group. The old tool can keep running the paid, identified side of the business. The public side gets lighter, faster, and stops being a privacy liability overnight.