diff --git a/Dockerfile.dev b/Dockerfile.dev
new file mode 100644
index 00000000..1c805c57
--- /dev/null
+++ b/Dockerfile.dev
@@ -0,0 +1,9 @@
+FROM node:22-alpine
+WORKDIR /app
+RUN apk add --no-cache python3 build-base
+ADD package.json pnpm-lock.yaml /app/
+RUN npm install -g pnpm
+RUN pnpm install
+COPY . /app/
+# Dev: do not perform full build fail-stop; allow partial TS
+CMD ["pnpm", "run", "dev"]
diff --git a/docker-compose.yml b/docker-compose.yml
index f799a9ed..f51fcc36 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,9 +4,13 @@ volumes:
 services:
     gathio:
         container_name: gathio-app
-        image: ghcr.io/lowercasename/gathio:latest
+        build:
+            context: .
+            dockerfile: Dockerfile
         links:
             - mongo
+        environment:
+            - NODE_ENV=production
         ports:
             - 3000:3000
         volumes:
@@ -17,6 +21,26 @@ services:
             - ./gathio-docker/static:/app/static
             # The path to Gathio's user-uploaded event images folder - change to match your system
             - ./gathio-docker/images:/app/public/events
+        # Use Dockerfile default CMD (npm run start); build already performed in multi-stage.
+    gathio-dev:
+        container_name: gathio-app-dev
+        build:
+            context: .
+            dockerfile: Dockerfile.dev
+        links:
+            - mongo
+        ports:
+            - 3001:3000
+        environment:
+            - NODE_ENV=development
+        volumes:
+            - ./gathio-docker/config:/app/config
+            - ./gathio-docker/static:/app/static
+            - ./gathio-docker/images:/app/public/events
+            - ./src:/app/src
+            - ./views:/app/views
+            - ./locales:/app/locales
+        command: pnpm run dev
     mongo:
         container_name: gathio-db
         image: mongo:latest
diff --git a/locales/en.json b/locales/en.json
index fc7eba0f..52e50dc7 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -199,6 +199,9 @@
     "views.event.started": "Started",
     "views.event.welcome": "Welcome to your event!",
     "views.event.currentlyediting": "You are currently editing this event. Do not share this link!",
+    "views.event.approveattendee": "Approve attendee",
+    "views.event.pending": "Pending",
+    "views.event.requireapproval": "Require host approvals for attendees to see location",
     "views.eventgroup.about": "About",
     "views.eventgroup.addevent": "To link an existing event to this group, copy and paste the two codes below into the 'Event Group' box when creating a new event or editing an existing event.",
     "views.eventgroup.del": "Delete this event group",
@@ -307,5 +310,7 @@
     "views.publiceventlist.numoevents_zero": "No event",
     "views.publiceventlist.pastevents": "Past events",
     "views.publiceventlist.upcomingevents": "Upcoming events",
-    "views.right": "Get it right!"
+    "views.right": "Get it right!",
+    "views.event.location_hidden": "Location hidden until approved",
+    "views.event.location_hidden_desc": "Your registration is pending approval. Once approved, revisit this page using your secret link (?p= parameter) to view the event address."
 }
diff --git a/public/js/modules/event-edit.js b/public/js/modules/event-edit.js
index 313e8f2f..3531826f 100644
--- a/public/js/modules/event-edit.js
+++ b/public/js/modules/event-edit.js
@@ -46,6 +46,7 @@ function editEventForm() {
             joinCheckbox: window.eventData.usersCanAttend,
             maxAttendeesCheckbox: window.eventData.maxAttendees !== null,
             maxAttendees: window.eventData.maxAttendees,
+            approveRegistrationsCheckbox: window.eventData.approveRegistrations,
         },
         errors: [],
         submitting: false,
@@ -64,6 +65,7 @@ function editEventForm() {
             this.data.maxAttendeesCheckbox =
                 window.eventData.maxAttendees !== null;
             this.data.publicCheckbox = window.eventData.showOnPublicList;
+            this.data.approveRegistrationsCheckbox = window.eventData.approveRegistrations;
         },
         updateEventEnd() {
             if (this.data.eventEnd === "" || this.data.eventEnd < this.data.eventStart) {
diff --git a/public/js/modules/new.js b/public/js/modules/new.js
index 70df641d..46309ac7 100644
--- a/public/js/modules/new.js
+++ b/public/js/modules/new.js
@@ -50,6 +50,7 @@ function newEventForm() {
             joinCheckbox: false,
             maxAttendeesCheckbox: false,
             maxAttendees: "",
+            approveRegistrationsCheckbox: false,
         },
         errors: [],
         submitting: false,
@@ -67,6 +68,7 @@ function newEventForm() {
             this.data.joinCheckbox = false;
             this.data.maxAttendeesCheckbox = false;
             this.data.publicCheckbox = false;
+            this.data.approveRegistrationsCheckbox = false;
         },
         updateEventEnd() {
             if (this.data.eventEnd === "" || this.data.eventEnd < this.data.eventStart) {
diff --git a/src/lib/config.ts b/src/lib/config.ts
index ca6df769..6f6e07dc 100644
--- a/src/lib/config.ts
+++ b/src/lib/config.ts
@@ -200,16 +200,16 @@ export const getConfig = (): GathioConfig => {
         const config = toml.parse(
             fs.readFileSync("./config/config.toml", "utf-8"),
         ) as GathioConfig;
-        const resolvedConfig = {
+        const resolvedConfig: GathioConfig = {
             ...defaultConfig,
             ...config,
-        }
+        };
         if (process.env.CYPRESS || process.env.CI) {
-            config.general.mail_service = "none";
+            resolvedConfig.general.mail_service = "none";
             console.log(
                 "Running in Cypress or CI, not initializing email service.",
             );
-        } else if (config.general.mail_service === "none") {
+        } else if (resolvedConfig.general.mail_service === "none") {
             console.warn(
                 "You have not configured this Gathio instance to send emails! This means that event creators will not receive emails when their events are created, which means they may end up locked out of editing events. Consider setting up an email service.",
             );
diff --git a/src/models/Event.ts b/src/models/Event.ts
index 57316803..d44e2a6f 100644
--- a/src/models/Event.ts
+++ b/src/models/Event.ts
@@ -10,6 +10,7 @@ export interface IAttendee {
     created?: Date;
     _id: string;
     visibility?: "public" | "private";
+    approved?: boolean; // Host has approved this attendee to view protected info
 }
 
 export interface IReply {
@@ -74,6 +75,7 @@ export interface IEvent extends mongoose.Document {
     followers?: IFollower[];
     activityPubMessages?: IActivityPubMessage[];
     showOnPublicList?: boolean;
+    approveRegistrations?: boolean; // Per-event: hide location until attendee approved
 }
 
 const Attendees = new mongoose.Schema({
@@ -113,6 +115,10 @@ const Attendees = new mongoose.Schema({
         default: "public",
     },
     created: Date,
+    approved: {
+        type: Boolean,
+        default: false,
+    },
 });
 
 const Followers = new mongoose.Schema(
@@ -339,6 +345,10 @@ const EventSchema = new mongoose.Schema({
         type: Boolean,
         default: false,
     },
+    approveRegistrations: {
+        type: Boolean,
+        default: false,
+    },
 });
 
 export default mongoose.model<IEvent>("Event", EventSchema);
diff --git a/src/routes.js b/src/routes.js
index 218fc506..7b4d35d0 100755
--- a/src/routes.js
+++ b/src/routes.js
@@ -506,12 +506,6 @@ router.post("/deleteeventgroup/:eventGroupID/:editToken", (req, res) => {
 
 router.post("/attendee/provision", async (req, res) => {
     const removalPassword = niceware.generatePassphrase(6).join("-");
-    const newAttendee = {
-        status: "provisioned",
-        removalPassword,
-        created: Date.now(),
-    };
-
     const event = await Event.findOne({ id: req.query.eventID }).catch((e) => {
         addToLog(
             "provisionEventAttendee",
@@ -528,6 +522,13 @@ router.post("/attendee/provision", async (req, res) => {
         return res.sendStatus(404);
     }
 
+    const newAttendee = {
+        status: "provisioned",
+        removalPassword,
+        created: Date.now(),
+        approved: !event.approveRegistrations, // Auto approve if this event does not require approvals
+    };
+
     event.attendees.push(newAttendee);
     await event.save().catch((e) => {
         console.log(e);
@@ -617,6 +618,7 @@ router.post("/attendevent/:eventID", async (req, res) => {
                 "attendees.$.visibility": req.body.attendeeVisible
                     ? "public"
                     : "private",
+                // Do not modify approval status here
             },
         },
     )
@@ -654,7 +656,8 @@ router.post("/attendevent/:eventID", async (req, res) => {
                         res.status(500).end();
                     });
             }
-            res.redirect(`/${req.params.eventID}`);
+            // Redirect with ?p so attendee immediately has credential in URL
+            res.redirect(`/${req.params.eventID}?p=${encodeURIComponent(req.body.removalPassword)}`);
         })
         .catch((error) => {
             res.send("Database error, please try again :(");
@@ -782,6 +785,45 @@ router.post("/removeattendee/:eventID/:attendeeID", (req, res) => {
         });
 });
 
+// Approve an attendee (allow them to view hidden location) when instance requires approval
+router.post("/approveattendee/:eventID/:attendeeID", async (req, res) => {
+    try {
+        const event = await Event.findOne({ id: req.params.eventID });
+        if (!event) {
+            return res.sendStatus(404);
+        }
+        // Require edit token in query (?e=)
+        const editToken = req.query.e;
+        if (!editToken || editToken !== event.editToken) {
+            return res.sendStatus(403);
+        }
+        // Find attendee
+        const attendee = event.attendees?.find((a) => a._id.toString() === req.params.attendeeID);
+        if (!attendee) {
+            return res.sendStatus(404);
+        }
+        attendee.approved = true;
+        await event.save();
+        addToLog(
+            "approveEventAttendee",
+            "success",
+            "Attendee approved in event " + req.params.eventID,
+        );
+    return res.redirect(`/${req.params.eventID}?e=${event.editToken}&m=approved`);
+    } catch (error) {
+        console.error(error);
+        addToLog(
+            "approveEventAttendee",
+            "error",
+            "Attempt to approve attendee in event " +
+                req.params.eventID +
+                " failed with error: " +
+                error,
+        );
+        return res.sendStatus(500);
+    }
+});
+
 /*
  * Create an email subscription on an event group.
  */
diff --git a/src/routes/event.ts b/src/routes/event.ts
index be27590f..4e060dbd 100644
--- a/src/routes/event.ts
+++ b/src/routes/event.ts
@@ -188,6 +188,7 @@ router.post(
             ],
             publicKey,
             privateKey,
+            approveRegistrations: eventData.approveRegistrationsBoolean && eventData.joinBoolean,
         });
         try {
             await event.save();
@@ -396,6 +397,8 @@ router.put(
                           eventData.timezone,
                       )
                     : undefined,
+                approveRegistrations:
+                    eventData.approveRegistrationsBoolean && eventData.joinBoolean,
             };
             let diffText =
                 "<p>" + i18next.t("routes.event.difftext") + "</p><ul>";
diff --git a/src/routes/frontend.ts b/src/routes/frontend.ts
index 20d56340..baac1b60 100644
--- a/src/routes/frontend.ts
+++ b/src/routes/frontend.ts
@@ -22,10 +22,102 @@ import i18next from "i18next";
 
 const router = Router();
 
+// Lightweight interfaces to satisfy TypeScript in this file without importing full model typings
+interface AttendeeLite {
+    id?: string;
+    _id?: string; // when coming from mongoose docs
+    name: string;
+    number?: number;
+    status?: string;
+    visibility?: string;
+    removalPassword?: string;
+    approved?: boolean;
+}
+interface EventLite {
+    id: string;
+    name: string;
+    location: string;
+    start: Date | string;
+    end: Date | string;
+    timezone: string;
+    attendees?: AttendeeLite[];
+    editToken?: string;
+    eventGroup?: any;
+    description: string;
+    image?: string;
+    hostName?: string;
+    firstLoad?: boolean;
+    url?: string;
+}
+
+// Centralized location visibility resolution for an event view/export
+// Determines whether the current viewer should see the precise location
+// and returns ancillary flags for template messaging.
+function resolveLocationAccess(
+    event: any,
+    query: Record<string, any>,
+): {
+    viewerApprovedForLocation: boolean;
+    viewerRegistered: boolean;
+    viewerRegisteredUnapproved: boolean;
+    editingEnabled: boolean;
+} {
+    const eventEditToken = event.editToken;
+    const approveRegistrations = !!event.approveRegistrations;
+    // Editing enabled if correct edit token present
+    let editingEnabled = false;
+    if (query && Object.keys(query).length) {
+        if (query.e && query.e === eventEditToken) {
+            editingEnabled = true;
+        }
+    }
+    let viewerApprovedForLocation = true;
+    if (approveRegistrations) {
+        // Start hidden
+        viewerApprovedForLocation = false;
+        if (editingEnabled) {
+            viewerApprovedForLocation = true;
+        } else if (query.p) {
+            const removalPassword = String(query.p);
+            const attendee = (event.attendees as AttendeeLite[] | undefined)?.find(
+                (a: AttendeeLite) => a.removalPassword === removalPassword,
+            );
+            if (attendee?.approved) {
+                viewerApprovedForLocation = true;
+            }
+        }
+    }
+    // Host override (defensive, though covered above)
+    if (approveRegistrations && editingEnabled && !viewerApprovedForLocation) {
+        viewerApprovedForLocation = true;
+    }
+    // Registration status flags for UI messaging
+    let viewerRegistered = false;
+    let viewerRegisteredUnapproved = false;
+    if (approveRegistrations && !editingEnabled && query.p) {
+        const removalPassword = String(query.p);
+        const attendee = (event.attendees as AttendeeLite[] | undefined)?.find(
+            (a: AttendeeLite) => a.removalPassword === removalPassword,
+        );
+        if (attendee) {
+            viewerRegistered = true;
+            if (!attendee.approved) {
+                viewerRegisteredUnapproved = true;
+            }
+        }
+    }
+    return {
+        viewerApprovedForLocation,
+        viewerRegistered,
+        viewerRegisteredUnapproved,
+        editingEnabled,
+    };
+}
+
 // Add config middleware to all routes
 router.use(getConfigMiddleware);
 
-router.get("/", (_, res) => {
+router.get("/", (_: Request, res: Response) => {
     if (res.locals.config?.general.show_public_event_list) {
         return res.redirect("/events");
     }
@@ -90,7 +182,7 @@ router.get("/events", async (_: Request, res: Response) => {
         .populate("eventGroup")
         .lean()
         .sort("start");
-    const updatedEvents: EventListEvent[] = events.map((event) => {
+    const updatedEvents: EventListEvent[] = events.map((event: EventLite) => {
         const startMoment = moment.tz(event.start, event.timezone);
         const endMoment = moment.tz(event.end, event.timezone);
         const isSameDay = startMoment.isSame(endMoment, "day");
@@ -98,7 +190,10 @@ router.get("/events", async (_: Request, res: Response) => {
         return {
             id: event.id,
             name: event.name,
-            location: event.location,
+            // Hide precise location if global gating OR this event requires approvals
+            location: (event as any).approveRegistrations
+                ? i18next.t("views.event.location_hidden")
+                : event.location,
             displayDate: isSameDay
                 ? startMoment.format("LL")
                 : `${startMoment.format("LL")} - ${endMoment.format(
@@ -119,14 +214,14 @@ router.get("/events", async (_: Request, res: Response) => {
     const eventGroups = await EventGroup.find({
         showOnPublicList: true,
     }).lean();
-    const updatedEventGroups = eventGroups.map((eventGroup) => {
+    const updatedEventGroups = eventGroups.map((eventGroup: any) => {
         return {
             id: eventGroup.id,
             name: eventGroup.name,
             numberOfEvents: updatedEvents.filter(
                 (event) =>
-                    event.eventGroup?._id.toString() ===
-                    eventGroup._id.toString(),
+                    (event.eventGroup as any)?._id?.toString() ===
+                    (eventGroup as any)._id?.toString(),
             ).length,
         };
     });
@@ -138,6 +233,7 @@ router.get("/events", async (_: Request, res: Response) => {
         eventGroups: updatedEventGroups,
         instanceDescription: instanceDescription(),
         instanceRules: instanceRules(),
+    approveRegistrations: false,
         ...frontendConfig(res),
     });
 });
@@ -152,7 +248,8 @@ router.get("/:eventID", async (req: Request, res: Response) => {
         if (!event) {
             return res.status(404).render("404", frontendConfig(res));
         }
-        const parsedLocation = event.location.replace(/\s+/g, "+");
+    
+        const parsedLocationOriginal = event.location.replace(/\s+/g, "+");
         let displayDate;
         const dateformat = i18next.t("frontend.dateformat");
         const timeformat = i18next.t('frontend.timeformat');
@@ -259,22 +356,21 @@ router.get("/:eventID", async (req: Request, res: Response) => {
                 { firstLoad: false },
             );
         }
-        let editingEnabled = false;
-        if (Object.keys(req.query).length !== 0) {
-            if (!req.query.e) {
-                editingEnabled = false;
-                console.log("No edit token set");
-            } else {
-                if (req.query.e === eventEditToken) {
-                    editingEnabled = true;
-                } else {
-                    editingEnabled = false;
-                }
-            }
-        }
-        const eventAttendees = event.attendees
-            ?.sort((a, b) => (a.name > b.name ? 1 : b.name > a.name ? -1 : 0))
-            .map((el) => {
+        const { viewerApprovedForLocation, viewerRegistered, viewerRegisteredUnapproved, editingEnabled } = resolveLocationAccess(event, req.query as Record<string, any>);
+        const approveRegistrations = !!event.approveRegistrations;
+        const parsedLocation = viewerApprovedForLocation ? parsedLocationOriginal : "";
+        const calendarLocationParam = viewerApprovedForLocation ? parsedLocationOriginal : ""; // leave blank if hidden
+        // Provide a sanitized copy of the event object for templates so location isn't leaked accidentally
+        const sanitizedEvent = {
+            ...event,
+            location: !viewerApprovedForLocation ?
+            i18next.t("views.event.location_hidden")
+            : event.location,
+        };
+        
+        const eventAttendees = (event.attendees as AttendeeLite[] | undefined)
+            ?.sort((a: AttendeeLite, b: AttendeeLite) => (a.name > b.name ? 1 : b.name > a.name ? -1 : 0))
+            .map((el: AttendeeLite) => {
                 if (!el.id) {
                     el.id = el._id;
                 }
@@ -287,29 +383,29 @@ router.get("/:eventID", async (req: Request, res: Response) => {
                     visibility: el.visibility || "public",
                 };
             })
-            .filter((obj, pos, arr) => {
+            .filter((obj: AttendeeLite, pos: number, arr: AttendeeLite[]) => {
                 return (
                     obj.status === "attending" &&
-                    arr.map((mapObj) => mapObj.id).indexOf(obj.id) === pos
+                    arr.map((mapObj: AttendeeLite) => mapObj.id).indexOf(obj.id) === pos
                 );
             });
 
         let spotsRemaining, noMoreSpots;
         const numberOfAttendees =
-            eventAttendees?.reduce((acc, attendee) => {
+            eventAttendees?.reduce((acc: number, attendee: AttendeeLite) => {
                 if (attendee.status === "attending") {
                     return acc + (attendee.number || 1);
                 }
                 return acc;
             }, 0) || 0;
         const visibleAttendees = eventAttendees?.filter(
-            (attendee) => attendee.visibility === "public",
+            (attendee: AttendeeLite) => attendee.visibility === "public",
         );
         const hiddenAttendees = eventAttendees?.filter(
-            (attendee) => attendee.visibility === "private",
+            (attendee: AttendeeLite) => attendee.visibility === "private",
         );
         const numberOfHiddenAttendees = eventAttendees?.reduce(
-            (acc, attendee) => {
+            (acc: number, attendee: AttendeeLite) => {
                 if (
                     attendee.status === "attending" &&
                     attendee.visibility === "private"
@@ -346,16 +442,25 @@ router.get("/:eventID", async (req: Request, res: Response) => {
                 req.params.eventID,
         };
         if (acceptsActivityPub(req)) {
-            res.header("Content-Type", activityPubContentType).send(
-                JSON.parse(event.activityPubActor || "{}"),
-            );
+            const actorObj = JSON.parse(event.activityPubActor || "{}");
+            if (approveRegistrations && !viewerApprovedForLocation) {
+                // Attempt to sanitize obvious location fields
+                if (actorObj.location) {
+                    actorObj.location = i18next.t("views.event.location_hidden");
+                }
+            }
+            res.header("Content-Type", activityPubContentType).send(actorObj);
         } else {
             res.set("X-Robots-Tag", "noindex");
             res.render("event", {
                 ...frontendConfig(res),
                 title: event.name,
                 escapedName: escapedName,
-                eventData: event,
+                eventData: sanitizedEvent,
+                viewerApprovedForLocation,
+                approveRegistrations: approveRegistrations,
+                viewerRegistered,
+                viewerRegisteredUnapproved,
                 visibleAttendees,
                 hiddenAttendees,
                 numberOfAttendees,
@@ -365,6 +470,7 @@ router.get("/:eventID", async (req: Request, res: Response) => {
                 eventStartISO: eventStartISO,
                 eventEndISO: eventEndISO,
                 parsedLocation: parsedLocation,
+                calendarLocationParam,
                 parsedStart: parsedStart,
                 parsedEnd: parsedEnd,
                 parsedStartForDateInput,
@@ -390,7 +496,7 @@ router.get("/:eventID", async (req: Request, res: Response) => {
                     name: event.name,
                     id: event.id,
                     description: event.description,
-                    location: event.location,
+                    location: viewerApprovedForLocation ? event.location : undefined,
                     timezone: event.timezone,
                     url: event.url,
                     hostName: event.hostName,
@@ -405,6 +511,7 @@ router.get("/:eventID", async (req: Request, res: Response) => {
                     usersCanAttend: event.usersCanAttend,
                     usersCanComment: event.usersCanComment,
                     maxAttendees: event.maxAttendees,
+                    approveRegistrations: (event as any).approveRegistrations || false,
                     startISO: eventStartISO,
                     endISO: eventEndISO,
                     startForDateInput: parsedStartForDateInput,
@@ -450,7 +557,8 @@ router.get("/group/:eventGroupID", async (req: Request, res: Response) => {
             .lean()
             .sort("start");
 
-        const updatedEvents: EventListEvent[] = events.map((event) => {
+    
+        const updatedEvents: EventListEvent[] = events.map((event: EventLite) => {
             const startMoment = moment.tz(event.start, event.timezone).locale(i18next.language);
             const endMoment = moment.tz(event.end, event.timezone).locale(i18next.language);
             const isSameDay = startMoment.isSame(endMoment, "day");
@@ -458,7 +566,8 @@ router.get("/group/:eventGroupID", async (req: Request, res: Response) => {
             return {
                 id: event.id,
                 name: event.name,
-                location: event.location,
+                // Hide if global gating OR individual event requires approvals
+                location: (event as any).approveRegistrations ? i18next.t("views.event.location_hidden") : event.location,
                 displayDate: isSameDay
                     ? startMoment.format("LL")
                     : `${startMoment.format("LL")} - ${endMoment.format("LL")}`,
@@ -530,6 +639,7 @@ router.get("/group/:eventGroupID", async (req: Request, res: Response) => {
             eventGroupHasCoverImage: eventGroupHasCoverImage,
             eventGroupHasHost: eventGroupHasHost,
             firstLoad: firstLoad,
+            approveRegistrations: false, // group view no longer uses global gating; per-event handled when mapping
             metadata: metadata,
             jsonData: {
                 name: eventGroup.name,
@@ -566,7 +676,17 @@ router.get(
                 const events = await Event.find({
                     eventGroup: eventGroup._id,
                 }).sort("start");
-                const string = exportIcal(events, eventGroup.name);
+                let editingEnabled = false;
+                if (req.query.e && req.query.e === eventGroup.editToken) {
+                    editingEnabled = true;
+                }
+                // If approvals are required and viewer is not host, strip locations
+                const sanitizedEvents = events.map((ev: any) => {
+                    const evObj = ev.toObject?.() || ev;
+                    const needsHide = evObj.approveRegistrations && !editingEnabled;
+                    return needsHide ? { ...evObj, location: i18next.t("views.event.location_hidden") } : evObj;
+                });
+                const string = exportIcal(sanitizedEvents as any, eventGroup.name);
                 res.set("Content-Type", "text/calendar").send(string);
             }
         } catch (err) {
@@ -588,7 +708,9 @@ router.get("/export/event/:eventID", async (req: Request, res: Response) => {
         }).populate("eventGroup");
 
         if (event) {
-            const string = exportIcal([event], event.name);
+            const { viewerApprovedForLocation, editingEnabled } = resolveLocationAccess(event, req.query as Record<string, any>);
+            const sanitizedEvent = viewerApprovedForLocation ? event : ({ ...(event.toObject?.() || event), location: i18next.t("views.event.location_hidden") });
+            const string = exportIcal([sanitizedEvent] as any, event.name);
             res.set("Content-Type", "text/calendar").send(string);
         }
     } catch (err) {
@@ -614,7 +736,16 @@ router.get(
                 const events = await Event.find({
                     eventGroup: eventGroup._id,
                 }).sort("start");
-                const string = exportIcal(events, eventGroup.name);
+                let editingEnabled = false;
+                if (req.query.e && req.query.e === eventGroup.editToken) {
+                    editingEnabled = true;
+                }
+                const sanitizedEvents = events.map((ev: any) => {
+                    const evObj = ev.toObject?.() || ev;
+                    const needsHide = evObj.approveRegistrations && !editingEnabled;
+                    return needsHide ? { ...evObj, location: i18next.t("views.event.location_hidden") } : evObj;
+                });
+                const string = exportIcal(sanitizedEvents as any, eventGroup.name);
                 res.set("Content-Type", "text/calendar").send(string);
             }
         } catch (err) {
diff --git a/src/util/messages.ts b/src/util/messages.ts
index ae1568cb..bc4a6b03 100644
--- a/src/util/messages.ts
+++ b/src/util/messages.ts
@@ -1,7 +1,8 @@
-type MessageId = "unattend";
+type MessageId = "unattend" | "approved";
 
 const queryStringMessages: Record<MessageId, string> = {
     unattend: `You have been removed from this event.`,
+    approved: `Attendee approved. They can now view the event location.`,
 };
 
 export const getMessage = (id?: string) => {
diff --git a/src/util/validation.ts b/src/util/validation.ts
index 8eae2cb0..21a8ea41 100644
--- a/src/util/validation.ts
+++ b/src/util/validation.ts
@@ -35,6 +35,7 @@ interface EventData {
     joinCheckbox: string;
     maxAttendeesCheckbox: string;
     maxAttendees: number;
+    approveRegistrationsCheckbox?: string; // optional checkbox value
 }
 
 // EventData without the 'checkbox' fields
@@ -45,12 +46,14 @@ export type ValidatedEventData = Omit<
     | "interactionCheckbox"
     | "joinCheckbox"
     | "maxAttendeesCheckbox"
+    | "approveRegistrationsCheckbox"
 > & {
     publicBoolean: boolean;
     eventGroupBoolean: boolean;
     interactionBoolean: boolean;
     joinBoolean: boolean;
     maxAttendeesBoolean: boolean;
+    approveRegistrationsBoolean: boolean;
 };
 
 interface EventGroupData {
@@ -127,6 +130,8 @@ export const validateEventData = (
         interactionBoolean: eventData.interactionCheckbox === "true",
         joinBoolean: eventData.joinCheckbox === "true",
         maxAttendeesBoolean: eventData.maxAttendeesCheckbox === "true",
+        approveRegistrationsBoolean:
+            eventData.approveRegistrationsCheckbox === "true",
     };
     const errors: Error[] = [];
     if (!validatedData.eventName) {
diff --git a/views/event.handlebars b/views/event.handlebars
index 47ec6b9d..bb8c335f 100755
--- a/views/event.handlebars
+++ b/views/event.handlebars
@@ -25,6 +25,11 @@
     {{message}}
 </div>
 {{/if}}
+{{#if viewerRegisteredUnapproved}}
+<div class="alert alert-warning mt-3" role="alert">
+  {{t "views.event.location_hidden" }} – {{t "views.event.location_hidden_desc" }}
+</div>
+{{/if}}
 <div id="event__basics">
   <div class="card" id="event__data">
     <div class="card-body">
@@ -33,7 +38,10 @@
           <span class="fa-li">
             <i class="fas fa-map-marker-alt"></i>
           </span>
-          <span class="p-location">{{eventData.location}}</span>
+            <span class="p-location">{{eventData.location}}</span>
+          {{#unless viewerApprovedForLocation}}
+            <div class="small text-muted">{{t "views.event.location_hidden_desc" }}</div>
+          {{/unless}}
         </li>
         <li>
           <span class="fa-li">
@@ -96,21 +104,24 @@
       </ul>
     </div> <!-- .card-body -->
   </div> <!-- .card#event__data -->
+  
   <aside id="event__actions">
-    <div class="button-stack" role="group" aria-label="Event actions">
-      <a href="http://www.google.com/calendar/event?action=TEMPLATE&dates={{parsedStart}}%2F{{parsedEnd}}&text={{escapedName}}&location={{parsedLocation}}&ctz={{timezone}}" class="button button--outline-secondary button--sm">
-        <i class="far fa-calendar-plus"></i> {{t "views.event.addtoGC" }}
-      </a>
-      <button type="button" id="exportICS" class="button button--outline-secondary button--sm" data-event-id="{{eventData.id}}">
-        <i class="fas fa-download"></i> {{t "views.event.ICSexport" }}
-      </button>
-      <a target="_blank" href="http://maps.google.com/?q={{parsedLocation}}" class="button button--outline-secondary button--sm">
-        <i class="fas fa-map-marked"></i> {{t "views.event.showonGM" }}
-      </a>
-      <a target="_blank" href="https://www.openstreetmap.org/search?query={{parsedLocation}}" class="button button--outline-secondary button--sm">
-        <i class="fas fa-map-marked"></i> {{t "views.event.showonOM" }}
-      </a>
-    </div>
+    {{#if viewerApprovedForLocation}}
+      <div class="button-stack" role="group" aria-label="Event actions">
+        <a href="http://www.google.com/calendar/event?action=TEMPLATE&dates={{parsedStart}}%2F{{parsedEnd}}&text={{escapedName}}&location={{calendarLocationParam}}&ctz={{timezone}}" class="button button--outline-secondary button--sm" title="{{t "views.event.location_hidden" }}">
+          <i class="far fa-calendar-plus"></i> {{t "views.event.addtoGC" }}
+        </a>
+        <button type="button" id="exportICS" class="button button--outline-secondary button--sm" data-event-id="{{eventData.id}}">
+          <i class="fas fa-download"></i> {{t "views.event.ICSexport" }}
+        </button>
+        <a target="_blank" href="http://maps.google.com/?q={{parsedLocation}}" class="button button--outline-secondary button--sm" title="{{t "views.event.location_hidden" }}">
+          <i class="fas fa-map-marked"></i> {{t "views.event.showonGM" }}
+        </a>
+        <a target="_blank" href="https://www.openstreetmap.org/search?query={{parsedLocation}}" class="button button--outline-secondary button--sm" title="{{t "views.event.location_hidden" }}">
+          <i class="fas fa-map-marked"></i> {{t "views.event.showonOM" }}
+        </a>
+      </div>
+    {{/if}}
 
     {{#unless editingEnabled}}
         <button type="button" id="editEvent" class="button button--outline-secondary button--sm" {{#if eventHasConcluded}}disabled{{/if}} data-event-id="{{eventData.id}}" data-toggle="modal" data-target="#editTokenModal"><i class="fas fa-edit"></i> {{t "views.eventgroup.editmode" }}</button>
@@ -160,11 +171,45 @@
     {{#if numberOfAttendees}}
       <ul class="attendeesList">
         {{#each visibleAttendees}}
-          <li{{#if ../editingEnabled}} data-attendee-name="{{this.name}}" data-attendee-id="{{this._id}}"{{/if}}><span class="attendee-name">{{this.name}}</span>{{#if ../editingEnabled}} <a href="#" class="remove-attendee" data-toggle="modal" data-target="#removeAttendeeModal" title="{{t "views.event.removeuser" }}"><i class="fas fa-user-times"></i></a>{{/if}}</li>
+          <li{{#if ../editingEnabled}} data-attendee-name="{{this.name}}" data-attendee-id="{{this._id}}"{{/if}}>
+            <span class="attendee-name">{{this.name}}</span>
+            {{#if ../approveRegistrations}}
+              {{#unless this.approved}}
+                <span class="badge badge-warning">{{t "views.event.pending" }}</span>
+              {{/unless}}
+            {{/if}}
+            {{#if ../editingEnabled}}
+              {{#if ../approveRegistrations}}
+                {{#unless this.approved}}
+                  <form class="d-inline" method="post" action="/approveattendee/{{../eventData.id}}/{{this._id}}?e={{../eventData.editToken}}">
+                    <button type="submit" class="button button--outline-secondary button--sm" title="Approve attendee"><i class="fas fa-check"></i></button>
+                  </form>
+                {{/unless}}
+              {{/if}}
+              <a href="#" class="remove-attendee" data-toggle="modal" data-target="#removeAttendeeModal" title="{{t "views.event.removeuser" }}"><i class="fas fa-user-times"></i></a>
+            {{/if}}
+          </li>
         {{/each}}
         {{#if editingEnabled}}
           {{#each hiddenAttendees}}
-            <li{{#if ../editingEnabled}} data-attendee-name="{{this.name}}" data-attendee-id="{{this._id}}"{{/if}} class="hidden-attendee"><span class="attendee-name">{{this.name}} {{t "views.event.hidden" }}</span>{{#if ../editingEnabled}} <a href="#" class="remove-attendee" data-toggle="modal" data-target="#removeAttendeeModal" title="{{t "views.event.removeuser" }}"><i class="fas fa-user-times"></i></a>{{/if}}</li>
+            <li{{#if ../editingEnabled}} data-attendee-name="{{this.name}}" data-attendee-id="{{this._id}}"{{/if}} class="hidden-attendee">
+              <span class="attendee-name">{{this.name}} {{t "views.event.hidden" }}</span>
+              {{#if ../approveRegistrations}}
+                {{#unless this.approved}}
+                  <span class="badge badge-warning">{{t "views.event.pending" }}</span>
+                {{/unless}}
+              {{/if}}
+              {{#if ../editingEnabled}}
+                {{#if ../approveRegistrations}}
+                  {{#unless this.approved}}
+                    <form class="d-inline" method="post" action="/approveattendee/{{../eventData.id}}/{{this._id}}?e={{../eventData.editToken}}">
+                      <button type="submit" class="button button--outline-secondary button--sm" title="Approve attendee"><i class="fas fa-check"></i></button>
+                    </form>
+                  {{/unless}}
+                {{/if}}
+                <a href="#" class="remove-attendee" data-toggle="modal" data-target="#removeAttendeeModal" title="{{t "views.event.removeuser" }}"><i class="fas fa-user-times"></i></a>
+              {{/if}}
+            </li>
           {{/each}}
         {{/if}}
       </ul>
@@ -552,6 +597,12 @@ window.eventData = {{{ json jsonData }}};
       axios.post('/attendee/provision', {}, { params: { eventID }})
         .then((response) => {
           modal.find('#removalPassword').val(response.data.removalPassword);
+          // Persist removal password locally for auto ?p injection
+          try {
+            const rpStore = JSON.parse(localStorage.getItem('gathioRemovalPasswords') || '{}');
+            rpStore[eventID] = response.data.removalPassword;
+            localStorage.setItem('gathioRemovalPasswords', JSON.stringify(rpStore));
+          } catch(e) { /* ignore persistence errors */ }
           // If there is a limit on the number of attendees, the provisioned endpoint will return freeSpots;
           // otherwise, freeSpots will be undefined.
           if (response.data.freeSpots !== undefined) {
@@ -590,6 +641,24 @@ window.eventData = {{{ json jsonData }}};
     $('#deleteEvent').on('click', function() {
         $('#editModal').modal('hide');
     })
+
+
+    // Auto-append ?p if stored and missing (not in editing mode)
+    (function autoAppendRemovalPassword(){
+      try {
+        const eventID = $('#eventName').attr('data-event-id');
+        if (!eventID) return;
+        const url = new URL(window.location.href);
+        if (url.searchParams.get('e')) return; // host editing overrides
+        if (url.searchParams.get('p')) return; // already present
+        const rpStore = JSON.parse(localStorage.getItem('gathioRemovalPasswords') || '{}');
+        const rp = rpStore[eventID];
+        if (rp) {
+          url.searchParams.set('p', rp);
+          window.location.replace(url.href);
+        }
+      } catch(e) { /* ignore */ }
+    })();
   });
 
   </script>
diff --git a/views/optionsform.handlebars b/views/optionsform.handlebars
index 78e184b2..34cec943 100755
--- a/views/optionsform.handlebars
+++ b/views/optionsform.handlebars
@@ -7,6 +7,12 @@
         {{t "views.join" }}
       </label>
     </div>
+    <div class="form-check ml-4" x-show="document.getElementById('joinCheckbox')?.checked">
+      <input class="form-check-input" type="checkbox" id="approveRegistrationsCheckbox" name="approveRegistrationsCheckbox" {{#if data.approveRegistrationsCheckbox}}checked{{/if}}>
+      <label class="form-check-label" for="approveRegistrationsCheckbox">
+        {{t "views.event.requireapproval" }}
+      </label>
+    </div>
     <div class="form-check">
       <input class="form-check-input" type="checkbox" id="guestlistCheckbox" name="guestlistCheckbox"  {{#if data.guestlistCheckbox}}checked{{/if}}>
       <label class="form-check-label" for="guestlistCheckbox">
@@ -31,6 +37,12 @@
         {{t "views.join" }}
       </label>
     </div>
+    <div class="form-check ml-4" x-show="document.getElementById('joinCheckbox')?.checked">
+      <input class="form-check-input" type="checkbox" id="approveRegistrationsCheckbox" name="approveRegistrationsCheckbox" {{#if eventData.approveRegistrations}}checked{{/if}}>
+      <label class="form-check-label" for="approveRegistrationsCheckbox">
+        {{t "views.event.requireapproval" }}
+      </label>
+    </div>
     <div class="form-check">
       <input class="form-check-input" type="checkbox" id="guestlistCheckbox" name="guestlistCheckbox"  {{#if eventData.showUsersList}}checked{{/if}}>
       <label class="form-check-label" for="guestlistCheckbox">
diff --git a/views/partials/eventForm.handlebars b/views/partials/eventForm.handlebars
index 87140586..1a3efec2 100755
--- a/views/partials/eventForm.handlebars
+++ b/views/partials/eventForm.handlebars
@@ -145,7 +145,13 @@
         {{t "views.join" }}
       </label>
     </div>
-    <div class="form-check" id="maxAttendeesCheckboxContainer" x-show="data.joinCheckbox">
+    <div class="form-check ml-4" x-show="data.joinCheckbox">
+      <input class="form-check-input" type="checkbox" id="approveRegistrationsCheckbox" name="approveRegistrationsCheckbox" x-model="data.approveRegistrationsCheckbox" {{#if eventData.approveRegistrations}}checked{{/if}}>
+      <label class="form-check-label" for="approveRegistrationsCheckbox">
+        {{t "views.event.requireapproval" }}
+      </label>
+    </div>
+    <div class="form-check ml-4" id="maxAttendeesCheckboxContainer" x-show="data.joinCheckbox">
       <input class="form-check-input" type="checkbox" id="maxAttendeesCheckbox" name="maxAttendeesCheckbox" x-model="data.maxAttendeesCheckbox">
       <label class="form-check-label" for="maxAttendeesCheckbox">
         {{t "views.partials.eventform.maxattendeestitle" }}
@@ -153,7 +159,7 @@
     </div>
   </div>
 </div>
-<div class="form-group" id="maxAttendeesContainer" x-show="data.maxAttendeesCheckbox && data.joinCheckbox">
+<div class="form-group ml-4" id="maxAttendeesContainer" x-show="data.maxAttendeesCheckbox && data.joinCheckbox">
   <label for="maxAttendees" >{{t "views.partials.eventform.maxattendees" }}</label>
   <div class="form-group ">
     <input type="number" class="form-control" id="maxAttendees" name="maxAttendees" placeholder="{{t "views.event.enternum" }}" x-model="data.maxAttendees" >