Privacy & security

The short version: we store as little as possible, encrypt everything in transit, and never sell or share your data.

Server rules

Freedom of expression is respected. However, the following are prohibited and will result in permanent ban:

• Violence (threats, coordination of attacks, incitement)
• Harassment (doxing, personal attacks, discrimination, spam)
• Illegal content (CSAM, terrorism, human trafficking, malware distribution)

What's stored

• Account: Username and hashed password
• Email address: Optional, stored only if provided during registration (used for password reset)
• Registration IP: Stored at account creation for abuse prevention
• Message archive (MAM): Enabled by default for all conversations, stored for 30 days then automatically deleted. You can disable or delete via your XMPP client
• Metadata: Sender, recipient, timestamp
• Contact lists: Your roster
• Profile/vCard: Display name, avatar, and other profile info stored if set
• File uploads: Automatically deleted after 30 days

Privacy measures and security

• Use OMEMO or OpenPGP E2E encryption
• Tor Hidden Service: Connect via .onion address for anonymity
• Last Activity Tracking: Disabled
• Minimal Logging: Errors only, 3-day retention
• Database Query Logging: Disabled
• IP Privacy: Your registration IP is stored for abuse prevention. Use Tor/VPN/Proxy at registration time if you wish to keep your IP private
• TLS Encryption: Required for all connections
• Fail2Ban: Automatic blocking of brute-force attacks
• Data Sharing: Never shared with third parties (except federation and legal requirements)

← Back to home