Our general policy regarding your data is to save as much as needed and as little as possible. This document will try to explain what personal data we store and how we handle that.
Each time a user accesses our web page, a file or other resources, the following data is collected and saved in a log file:
- date and time of request
- address and file size (in bytes) of the resource requested and/or accessed
- server response (HTTP status code, e.g. “file sent”, “file not found”, etc.)
- connection information from the browser and operating systems used, if available
- referrer website visited prior to our web page as well as the search terms entered, if available.
The information is used to identify, isolate and fix disruptions or errors in the systems needed to operate our website. These may also include disruptions or errors that lead to the restricted availability of information and communication services or to unauthorised access to the systems. All information is deleted automatically after 7 days.
In order to ensure and enhance the continuous and safe access to our web page, we utilize a software that analyses website access (matomo.org). The following information is logged:
- the web page URL
- date and time
- transmitted data volume
- referrer URL, if available
- Browser identification - browser version, operating system, screen resolution, plug-ins
- abbreviated IP address (the last two bytes will be set to zero)
The anonymous information will be saved for 90 days. If you do not approve of the short-term anonymous logging of your web access information, you may activate the DNT (do not track) function of your web browser or click the button below. All information is only stored on our server and will not be shared with third parties.
When a site is visited, a "session cookie" will be saved to the end device in use. The cookie will be deleted as soon as the browser is closed. The “session cookies” do not contain personal information. It is not intended nor ossible to use the session ID to identify a user. The temporary logging of these cookies can be disabled by adjusting the appropriate settings of the internet browser. The use of the site will not be impaired, but the server response time could may be reduced. One exception are session cookies used for the one-time authentication process when logging into protected sites. The purpose here is to recognise multiple requests from the same user and keep him or her from being logged off from the site. Blocking these cookies can impair the use of certain applications.
In order to offer you the best possible service we have to process and store the following information on our servers:
- Your username and domain.
- Time, URL und your secret API token of your registration.
- Offline messages. If someone sends you a message while you are offline, that message will be stored until you get back online.
- Message archive. By default, we will be keeping an archive of your messages for later retrieval by yourself. This can come in handy if you log in with a new device and want access to your message history and is also required if you want to use the OMEMO encryption with multiple devices. You can opt-out of this by setting your server-side archiving preferences with your XMPP client.
- HTTP upload. If you share a file via HTTP upload the file is stored on our server for 30 days.
- Your contact list.
- Your published vcard or similar data (e.g. avatar, phone number and so on).
- All private data which is uploaded by your XMPP client (e.g. bookmarks).
- Time and IP address of every log in attempt to detect abuse. We will delete this data after 7 days.
We will never share, sell or analyse your data nor look at the content of your messages, contact list or files. Nevertheless we recommend that you enable end-to-end encryption (e.g. OMEMO, OTR, PGP) in your clients whenever possible.