Privacy Policy

v1.1 - May 2018

This privacy policy applies to all Services hosted on Disroot.org and its sub-domains. We try to keep it as unified and simple as we possibly can.

Disclaimer! We reserve the right to change any of the points. All changes will be publicly available and will be communicated to all users via the forum, Diaspora, Mastodon and Blog. Major changes to Privacy Policy will be sent additionally via email to all users.

Our motto:

"The less we know about our users the better"

1.What do we do with your data:

  1. We require a username and password to identify the account holder and provide the services offered by Disroot.org All additional information you supply on any of the services provided by Disroot.org are optional.

  2. Our processing of your information is limited to storing it for you to use.

  3. We store logs of your activity for period no longer then 24h (unless specified otherwise per service). This data is used to help diagnose software issues, maintain security of the system against intrusion, and monitor the health of the platform.

  4. Further access to your personal data and stored files and other information you provide to any of the services offered by disroot.org is under your control.

  5. We use disk encryption on all data to prevent data leak in cases where servers are stolen, confiscated, or in any way physically tempered with.

  6. We provide and require SSL/TLS encryption on all provided services

2. What we do not do with your data:

  1. We do not collect any data other then what is needed to provide you the service.

  2. We do not in any way process, analyze your behavior or personal characteristics (profiling). We have no advertisements or business relationships with advertisers.

  3. We do not share nor sell your data to third party unless in case of network inter-operatable (federated) services require certain data to operate (eg. other email service provider needs to know your email address to be able to deliver emails).

  4. We do not require any additional information that is not crucial for operation of the service (we do not ask for additional email addresses, phone numbers)

  5. We do not read/look nor process your personal data, emails, files etc. stored on our servers unless needed for troubleshooting purposes, or under suspicion of breaking Terms Of Services in which case we ask for prior permission from you or inform you afterwards of all actions taken against the account in the transparency report addressed to account holder.

3. Access to your information:

  1. Federation.
    Some of the services provided by Disroot.org such as Nextcloud, Email, Diaspora, Hubzilla, Xmpp and Matrix chat are operating based on so called Federation Protocols. This enables users signed up at different service providers to interact with each other. Because of the nature of the protocols (ability to send each other messages, likes, share files, chat) some of the data is naturally shared with other entities. However, sharing data with other service provider is the user's choice and is configured by the users in their settings per service including the decision of with whom and what to share.

  2. You may be shown embedded videos and link previews from other websites while using services provided by Disroot.org. This may expose you to web tracking by external services, such as (but not limited to) Facebook, Twitter, and Google.

  3. All data and files stored on services that are bound to personal information (services that require logging in) are available for you to download for either archival purposes or to transfer to another compatible website.

4. Your Rights

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability. If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data. Identity and contact details of controller and data protection officer:

Stichting Disroot.org is the controller of data for the purposes of the DPA 18 and GDPR. 3 If you have any concerns as to how your data is processed you can contact:

  • - data.protection.officer@disroot.org - Person repsponsible for Privacy Policy
  • - info@disroot.org - General contact information

5. Per Service additional privacy policies and exceptions:

  1. search.disroot.org

    • - No data (IP address, session cookie etc) is stored on the server, unless for troubleshooting purposes, after which the log data is purged from the server.
  2. upload.disroot.org

    • - No data (IP address, session cookie etc) is stored on the server, unless for troubleshooting purposes, after which the log data is purged from the server.
    • - All files uploaded to the service are end-to-end encrypted. we, Disroot admins have no way of decrypting that information
  3. bin.disroot.org

    • - No data (IP address, session cookie etc) is stored on the server, unless for troubleshooting purposes, after which the log data is purged from the server.
    • - All files uploaded to the service are end-to-end encrypted. we, Disroot admins have no way of decrypting that information
  4. pad.disroot.org and calc.disroot.org

    • - We do not collect IP addresses and other personal data that can be linked to the pad.
  5. cloud.disroot.org

    • - All files send to the cloud are encrypted with a keypair created based on the user password, to create extra level of security. Note however that the keys are stored on the server which compromises the level of security
    • - Everything else except for files (calendars, contacts, news, tasks, bookmarks etc) is stored in plain-text in a database, unless an app provides external encryption (non so far).
  6. email

    • - All emails, unless encrypted by user (with gpg for example) are stored on our servers in plain-text.
    • - IP addresses of currently logged in user via IMAP/POP3 protocol are stored as long as the device is logged in to the server. (per each device logged in)
  7. poll.disroot.org
    • - No IP addresses are stored on the server, unless temporarily for troubleshooting, after which they are purged from the server