Using Technology without Compromising Traditions

Introduction

These guidelines have been developed primarily for Overeaters Anonymous service bodies that wish to use the internet to inform others about the presence of OA in their area. These guidelines are not meant to be “rules.” They are provided to help OA members develop or maintain an OA-related website.

What format should I use on a website?

Generally, OA-related websites contain information presented in a structured, logical format. The main (or “home”) page contains general information about OA and the service body sponsoring the website. This page may also include links to:

  • the main oa.org website,
  • local meeting information, 
  • basic information about the Fellowship of OA,
  • a list of local events,
  • the OA bookstore or Lifeline recovery blog, and/or
  • other OA service bodies.

In addition to providing links, service bodies may also choose to embed certain content directly on their website. Embedding displays information from another site within your own web page (for example, the local Find a Meeting search results from oa.org, or the oa.org Event Calendar), while linking sends visitors to an external website to view the content.

Consider reviewing other OA service body websites when planning your template or layout.

Mobile technology

You can help visitors stay connected to the Fellowship by enabling them to access your website anywhere, anytime.

All OA service body websites should incorporate a responsive design so that they work equally well when viewed on a range of devices, including phones, tablets, and desktops. Responsive design allows a single website to adjust automatically to different screen sizes so that you can avoid having to create and maintain a separate mobile site. Test how the web pages look on both desktop and mobile devices and adjust the layout to make the most important features easy to find and use on smaller screens.

How do the Traditions affect what we put on a website?

Our Eleventh Tradition states: “… we need always maintain personal anonymity at the level of press, radio, films, television and other public media of communication.” The internet is included in “other public media of communication,” so we must keep the Traditions in mind when creating and maintaining a web presence. No matter how modest a website may be, its audience is potentially large and diverse. Unlike other public information efforts, once a website is published, it is accessible by anyone and everyone worldwide.

To maintain anonymity, it is important not to include full names or personal addresses on your website. However, posting a first name (with or without a last initial) and an email address that reflects the name of the service body can be helpful for newcomers. Consider using service titles rather than personal names.

Examples:

  • secretary@intergroupname.org
  • treasurer@region7.org

Search Engine Indexing and Document Metadata Reminder

Once a website’s information is indexed by search engines, it can be very difficult to fully remove from the internet. Before uploading any file or document, such as a PDF or DOCX, check the document properties to ensure an OA member’s name is not listed as the author. Many software programs automatically insert the user’s name as the document author, which may unintentionally reveal identifying information.

Deciding on content

Unity with Diversity

Unity is best maintained by displaying OA-approved information. Remember that “Our common welfare should come first; personal recovery depends upon OA unity” (Tradition One). Including general information allows us to reach as many compulsive overeaters as possible. However, in the interest of helping newcomers feel welcome and highlighting the diversity of OA meetings, see ideas illustrated in Showcasing Diverse Meetings in OA on oa.org.

Copyright

As a rule, no one may republish OA-copyrighted material, including on the internet, without written permission from the World Service Office. If a registered OA group or service body wishes to request permission to publish excerpts from OA-copyrighted literature, they may download and fill out the Reprint Request Form on oa.org and send it to info@oa.org. Additionally, as discussed on the OA Copyright and Trademark Requests page on oa.org, OA makes an exception for all text-based material and public information images and videos currently posted on oa.org. All registered groups and service bodies may reprint those pieces without submitting a written request for permission so long as Overeaters Anonymous, Inc. is cited as the copyright owner. 

Further, any registered service body may apply for blanket permission* to use the OA trademark, or logo, on its website’s publications for a two-year period. Registered groups must apply for logo permission on a case-by-case basis, submitting a request for each use of the OA logo. After the two-year logo permission period expires, the group or service body is responsible for renewing that permission with the World Service Office. The OA Logo Request Form can be found on oa.org, and questions about these policies can be directed to the Publications Department at info@oa.org.

Review the Guidelines for Using Copyrighted Material and Trademarks for more detailed information on how to select items for your website and avoid copyright infringement. This is important when selecting images and text without the permission of the original author or artist. Your service body is responsible for the content found on the website it sponsors.

*Blanket permission for service bodies includes flyers; posters; billboards; bus/transportation posters; public information and professional tradeshow banners; region assembly and conference banners; newsletters; meeting lists; business cards; stationery; service body’s bylaws, summary of purpose, and/or procedures manual; websites; and social media sites.

Data privacy and General Data Protection Regulation awareness

Note: This is awareness guidance, not legal instruction.

For OA service bodies located in the European Union or serving European Union members, awareness of the General Data Protection Regulation (GDPR) policy creates responsibilities for how personal information is handled.

This mainly means:

  • collecting only what is needed,
  • storing information securely,
  • limiting who can access it,
  • deleting information when no longer needed, and
  • stating briefly how contact information is stored and used.

Avoiding endorsement and/or opinions of outside interests

As stated in the Tenth Tradition: “Overeaters Anonymous has no opinion on outside issues.” This consideration is clear when we look at websites developed and maintained by non-OA organizations. When a visitor sees a link on those web pages, it is as if the website owner is saying, “This is a website I think well of. This page can provide you with information you may want to know.” It is an unspoken endorsement of the linked-to site. OA does not endorse, so OA-related websites do not link to websites not affiliated with OA. Exceptions include social media platforms and sites that provides a specific service to OA (such as Amazon Kindle, Apple Books, or Barnes and Noble Nook, where OA sells its e-books). Service bodies may use and link to such platforms to sell their own materials or provide public information. See Guidelines for Anonymity in the Digital World on oa.org for more on this subject.

To avoid missteps in this area, you are asked to have your trustee liaison review the website before it is added to your meeting information on oa.org. If the site contains information that has not received permission or that is directly in conflict with our OA Traditions, you will be asked to correct the situation. Websites that are not in agreement will not be listed on Find a Meeting because they do not meet the qualifications for a registered meeting.

Welcome newcomers!

Websites have little time to keep visitors’ attention. Most often a newcomer will visit your website looking for specific information, perhaps a meeting nearby or someone to speak with. Make newcomer information welcoming and easy to find. Ideas include: 

  • Create an obvious newcomer field on your home page.
  • Make the newcomer message inviting.
  • Create a separate newcomer page on your website.
  • Include OA-approved content that is already available—see our Document Library on oa.org and the OA Quiz.
  • Include links to stories of recovery. These can include links to our Lifeline recovery blog, reposts of local stories of recovery, “Welcome Home” on oa.org, and reprints from local and region newsletters.
  • Provide a current meeting list (or embed the latest from Find a Meeting) within the newcomer page.
  • With permission from the World Service Office, include reprinted, cited excerpts from OA publications. For more information, see the “Copyright” section above or the OA Copyright and Trademark Requests page on the OA website.
  • Provide easy-to-find contact information, including telephone numbers, emails, and postal addresses. (Remember anonymity: See the “How do the Traditions affect what we put on a website?” section above.)

Security: Inside and out

Website security protects visitors, your service body information, and OA’s reputation. 

Website visitors these days are more tech-savvy than in the past and are generally aware of the potential security risks of visiting any website, OA-related or otherwise. They also likely use antivirus software that not only warns them of a potential threat but can also report your website as unsafe.

To make sure you are doing your part to keep both users and your service body safe:

  • Review your website security regularly and keep all software up to date. 
  • Use strong, unique passwords and change them regularly. It is recommended that passwords consist of at least sixteen characters and contain a combination of numbers, symbols, and upper- and lowercase letters.  At minimum, change passwords annually and/or when password holders rotate service.
  • Administratively, ensure that at least two trusted OA members have full access.
  • In that vein, protect against a possible change of membership status of the person with website responsibility by informing more than one person about website processes and ownership. If you use an outside resource for your website, make sure that your group or service body is listed as the owner of the website hosting account, domain name, and any other assets. If a specific person needs to be listed, make sure to change the contact details stored with the vendors your service body uses when that person rotates out of service. 

For more security tips, see the Security Tips for OA Websites section below.

Summary

Remember:

  • Design the website with newcomers in mind.
  • Keep website content current.
  • Use OA copyright permission forms.
  • Link to OA websites only.
  • Send your website information to the World Service Office.
  • Keep internal access information documented securely.

Security Tips for OA Websites

Security and maintenance can push the limits of a service body’s capability. These tips explain the most important security practices in simple terms to help OA members understand how to use them and also know what questions to ask when working with an outside vendor. 

1. User accounts (logins)

  • Use strong passwords for every account. A strong password is long (16+ characters) and hard to guess.
  • Turn on two-step login (also called two-factor or multi-factor authentication) for everyone. This means you need both your password and a code from your phone or an authenticator app to log in.
  • Delete old accounts for people who no longer help with the website regularly.
  • Do not share accounts. Everyone should have their own login.

2. Website builders (e.g., WordPress)

  • Keep everything updated, including the website builder itself, the themes, and plug-ins.
  • Remove unused plug-ins or outdated ones.
  • Hide your login page by changing the web address used to log in.
  • Limit failed login attempts to protect against hackers attempting lots of passwords.
  • Turn off the ability to edit code inside the website builder unless absolutely needed.

Using a security plug-in (e.g., Wordfence and Sucuri) can make many of these steps easier.

3. Web forms or custom website tools

If your website has forms or special tools, such as meeting updates or submissions:

  • Require strong passwords for anyone logging in.
  • Make sure your website uses Hypertext Transfer Protocol Secure (HTTPS), which uses encryption for secure communication over a computer network. Many internet browsers show a padlock or other icon if this is being used.
  • Keep everything updated (software, add-ons, scripts, etc.).
  • Do not allow the website to store files in places it should not.

4. Database (e.g., MySQL)

  • The website should not use a “super-user” or “root” account to connect to the database.
  • Only trusted people should have full database access.
  • Make regular backups of your data.
  • Delete any old or unused database accounts.

Title: Shape5. Web server

  • A web server (e.g., Apache, Nginx) is where the website “lives.” 
  • Remove any old server accounts and update passwords for the ones that remain.
  • Give the web server users permission to write only where needed, such as an upload folder.
  • If possible, use Secure Shell (SSH) keys instead of passwords to log in to the server.
  • Avoid Secure File Transfer Protocol (SFTP) with passwords, as it is less secure than SSH keys.
  • Keep the server’s operating system updated.
  • Use a firewall to limit who can connect to the server.

6. Code repositories (e.g. GitHub, GitLab)

  • Keep your code in a private repository so only people you trust can see it.
  • Use two-step login (also called two-factor authentication) for people with access.
  • Do not store passwords or secret keys in the repository.

7. Backups, monitoring, and regular maintenance

Backups

  • Back up the website and database every day.
  • Store backups in a safe place off the server.

Monitoring

  • Use an alert tool so you are notified if the website goes down or if someone tries to break in.

Regular maintenance

  • Review user accounts every month.
  • Apply updates every week (or turn on automatic updates for safety plug-ins).
  • Test restoring a backup a few times a year so you know it works.

8. Additional safety options (recommended but not required)

  • Use a website firewall (e.g., Cloudflare, Sucuri) to block attacks.
  • Turn on security features with your domain registrar, such as locking the domain and using two-factor authentication.
  • If possible, do a simple yearly security review with a knowledgeable volunteer or professional.

OA Responsibility Pledge

Always to extend the hand and heart of OA
to all who share my compulsion;
for this I am responsible

OA Board-approved
©2004, 2008, 2015 Overeaters Anonymous, Inc. All Rights reserved. Rev. 1/2026.

Overeaters Anonymous, Inc. World Service Office
Location: 6075 Zenith Court NE, Rio Rancho, NM 87144, USA
Mailing address: PO Box 44727, Rio Rancho, NM 87174-4727, USA
Telephone: +1 505-891-2664