What information do we collect?
- Private account information: If you register on this server, you will be asked to enter an e-mail address and a password. Your e-mail, password, and the list of user profiles linked to your account are kept private, as well the list of contact “circles” you define, and what users you include in those circles.
- Public information: You may enter profile information such as a username, display name and biography, and upload a profile picture and header image, which are displayed publicly by default. The list of people you follow is listed publicly, the same is true for your followers. Your public posts are delivered to your followers, in some cases it means they are delivered to different servers and copies are then stored there. When you delete posts, a request for deletion is delivered to your followers. When you post something, the date and time are stored and displayed along with it. The action of boosting or favouriting something is public by default.
- Private content: All posts are stored and processed on the server. Mentions-only posts are delivered only to users who are mentioned in them, and private message are delivered only to their recipients. In some cases it means they are delivered to different servers and copies of the data are stored there. We make a good faith effort to limit the access to those posts only to authorised persons, but other servers may fail to do so. Therefore it’s important to review servers your contacts belong to, keeping in mind that the operators of your server and any receiving server may view such messages, and that recipients may also screenshot, copy or otherwise re-share them. Do not share any sensitive information. Posts may also contain media attachments, such as pictures, which can be publicly accessed by anyone who knowns their URL.
- IPs and other metadata: We may retain server logs which include the IP address of every request to our server, along with the data/time and name of your browser application.
What do we use your information for?
Any of the information we collect from you may be used in the following ways:
- To provide the core functionality. You can only interact with other people’s content and post your own content when you are logged in. For example, you may follow other people to view their combined posts in your own personalised home timeline.
- To aid moderation of the community, for example comparing your IP address with other known ones to determine block evasions or other violations.
- The email address you provide may be used to send you information, notifications about other people interacting with your content or sending you messages, and to respond to inquiries, and/or other requests or questions.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you submit or access it. Among other things, your password is hashed using a strong one-way algorithm, and your browser session (as well as any traffic between your applications and the server or between federated servers) is secured with SSL. We recommend enabling two-factor authentication to further secure access to your account.
What is our data retention policy?
We will make a good faith effort to retain server logs containing the IP address of all requests to this server, in so far as such logs are kept, no more than 90 days.
You can request and download an archive of your content, including your follow lists, posts and media attachments.
You may irreversibly delete your account at any time.
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our operations, or servicing you, so long as those parties agree to keep this information confidential. We may also release information when it is required to comply with the law, enforce our site policies, or protect ourselves or others’ rights and safety.
Your content may be sent to or downloaded by other servers in the federated network. Your public profile and activities are delivered to the servers where your followers reside, while mentions-only posts and messages are delivered to the servers of the recipients (in so far as those followers or recipients reside on a different server than yours). We can make no guarantees about how third-party servers will handle your information.
Site usage by minors
If this server is in the EU or the EEA: Our site, products and services are all directed to people who are at least 16 years old. If you are under the age of 16, per the requirements of the GDPR (General Data Protection Regulation) please do not use this site.
If this server is in the USA: Our site, products and services are all directed to people who are at least 13 years old. If you are under the age of 13, per the requirements of COPPA (Children’s Online Privacy Protection Act) please do not use this site.
Law requirements can be different if this server is in another jurisdiction.
This document is CC-BY-SA. It was last updated June 25, 2022. Originally adapted from the Mastodon and Discourse privacy policies.