GDPR compliance

[harrislapiroff]

We should research what/if anything we need to do to be GDPR compliant or discontinue serving European customers.

While doing this research, it would be great to also double-check any US compliance requirements we may be overlooking.

[melinath]

I am definitely of the opinion that we should remove non-US support. The research for this will be hard, and non-US events are a small group of our users. I believe we should focus our limited resources on a single country for now. If we get big enough to expand internationally (again) later, that's cool too!

Proposed implementation:

• Hardcode organization country field to US
• Remove global.html and any other references to working outside the US.
• Disable event creation for non-US organizations
• Give UK organizations 30-day warning that we will delete their data.
• Delete UK organization data.

[harrislapiroff]

What about international attendees of US events?

[melinath]

I'm not sure what to do about international attendees. That could mean Dancerfly needs to have limited GDPR support. But I do think that Dancerfly will have less to deal with abroad if the events themselves are not abroad.