RSVP Public App (Security Q)

I want to design an RSVP app for private events. I set up a private event for a client (separate app) and send a registration link to their invitees.

My ideal flow is: invitee follows link to public (no sign-in) app > just a single tab with an input asking for a registration code > invitee enters registration code that’s provided in the email > they’re then taken to that event’s registration page which will have some of my client’s information on it (e.g. home address for the event’s location).

I think I can figure out the how-to of this (though tips are always appreciated), but my real concern is the privacy of my client’s information since this would be a no sign-in app. Would that information be secure in any way or could someone with a bit of know-how be able to access all the information of any private event I have going on?

Any suggestions from a pro? Thanks so much!

If it’s a no sign-in app, technically all rows will be downloaded to any users that load the app. If they know how to extract the info, they will be able to view all your events.

That’s what I figured. Does that apply to the sheet that the rsvp info gets sent to? The app wouldn’t read from that sheet only write. Would savvy people be able to access that on a no sign-in app?

Yes. In order to add to that sheet the data will be downloaded first.

There is one exception… protected columns… They are not downloaded and you can still add to them… but no one can see or use them other than to add a row.

Bummer. But makes sense. Hey, thanks so much for your help!