3.7 KiB
| title | bgcolor | fontcolor |
|---|---|---|
| Privacy Policy | #1F5C60 | #FFF |
v1.0
This privacy policy applies to all Services hosted on disroot.org and its sub-domains. We try to keep it as unified and simple as we possibly can.
Disclaimer! We reserve the right to change any of the points. All changes will be publicly available and will be communicated to all users via the forum, Diaspora, Mastodon and Website. Major changes to Privacy Policy will be sent additionally via email to all users.
Our motto:
"The less we know about our users the better"
- We do not collect any data other then the what is needed to provide the service (we store your credentials, we store your emails, email address, contacts, files etc on our servers)
- We do not in any way process data about our users (we do not use any form of analitycs either from google or self-hosted analitycs software such as piwik).
- We do not create any form of profile about our users
- We do not share nor sell data of our users to third party unless required by the service to work properly (eg. other email servers need to know your email address to be able to deliver emails)
- We do not collect any additional information that is not crucial for operation of the service (we do not ask for additional email addresses, phone numbers)
- We store IP addresses in our access log for a period no longer then 24h in order to be able to block spammers, be able to react to breach attempts and other similar situations. We do not process this information for any other purpose then reaction to abuse, monitoring the health of the service (see below section about Exceptions for cases where we do not store any logs at all)
- We do not read/look nor process users personal data, emails, files, stored on our servers unless needed for troubleshooting an issue in which case we ask for prior permission from the user.
- We use disk encryption on all data to prevent data leak in cases where servers are stolen, confiscated, or in any way physically tempered with.
- We provide and require SSL/TLS encryption on all provided services
Exeptions and additions:
Search.disroot.org No data (IP address, session cookie etc) is stored on the server
upload.disroot.org No data (IP address, session cookie etc) is stored on the server All files uploaded to the service are end-to-end encrypted. we, Disroot admins have no way of decrypting that information
bin.disroot.org No data (IP address, session cookie etc) is stored on the server All files uploaded to the service are end-to-end encrypted. we, Disroot admins have no way of decrypting that information
XMPP chat No chat history is stored on the servers. We do not store your IP address either.
Pad and Calc We do not collect IP addresses and other personal data that can be linked to the pad. We might however switch on logging while troubleshooting the service. This is temporary and after troubleshooting the logs are purged from the system.
cloud.disroot.org All files send to the cloud are encrypted with a keypair created based on the user password, to create extra level of security. Note however that the keys are stored on the server which compromises the level of security Everything else except for files is stored in plain-text in a database, unless an app provides external encryption (non so far).
email all emails, unless encrypted (with gpg for example) are stored on our servers in plain-text. IP addresses of currently logged in user via IMAP/POP3 protocol are stored as long as the device is logged in to the server. (per each device logged in)
polls No IP addresses are stored on the server, unless temporarily for troubleshooting, after which they are purged form the server