We try to provide a high class of privacy and not to store data in a larger size than is necessary for the operation of the server. We deny any unencrypted connections to the server and do not connect with servers that have invalid security certificates. Your passwords are stored in a database in a salt hash and we cannot view your password.
An XMPP server is nothing more than a regular router distributing message delivery to addresses.
You must understand that your privacy is up to you. Use e2e encryption always in personal conversations. We can not access your messages if you use e2e encryption (OMEMO/PGP/OTR). We also do not read any unencrypted private messages. The law on keeping the privacy of personal correspondence prohibits the reading of personal correspondence.
To synchronize multiple devices, the default is to use the message archive. You can disable the message archive in the XMPP client settings. In order to increase privacy, the archive of messages is deleted after 7 days. Files you send also are deleted after seven days. If you use OMEMO or OTR encryption , messages cannot be re-decrypted, even if you have access to the archive with your key (session keys are deleted). PGP allows you to decrypt old messages from the archive, if you have your private key.
The server keeps logs of IP address connections. We think that it is wrong to deceive users that the logs do not save. Many servers claim that they are not save logs, they are fools or deceivers. Even if the server does not keep logs, Internet service providers routers keep logs. Additional logs lead protection systems from DDoS-Attack in data centers. The Internet can not exist without connection logs and routing.
We store your contact list, connection time and IP address. We are not located on the surface of Mars and we will be obliged (as anyone else) to provide this data by officially confirmed government request in the United States or the European Union.
Canary: Statistics transfer of data
- Received official requests for disclosure of user data in 2015: 0
- Received official requests for disclosure of user data in 2016: 0
- Received official requests for disclosure of user data in 2017: 0
- Received official requests for disclosure of user data in 2018: 0
- Received official requests for disclosure of user data in 2019: 0
Us have already tried to bribe or cheat. We do not sell the data of our users for any amount. Any requests are checked.Any unofficial requests will be verification and rejected. Refused in compliance with unofficial requests for disclosure of user data (All time): 5
This page is subject to change without notice.This is translated by machine translation