@leah i don't think it is #gdpr compliant probably. Information about who is handling info, how info is being processed and for what purposes, making sure logging and auditing don't save any personal info like ips, opt in stuff probably needed in some places, make sure requests to delete user data are actually followed up and that you can delete all the data of a user... Etc... I'm probably not correct on most of these things, but throwing some points around that could be missing.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!