Data Privacy

As an operator of a data protection-friendly alternative to WhatsApp, I try to offer a “data-saving” server. However, there are a few things to consider:

• IP addresses of users are not logged by default. Exception: In case of incorrect login attempts, the IP address is logged to prevent attacks on accounts.

• No personal data is required for registration. This unfortunately complicates the proof of account ownership if the password has to be reset by the operator. Tip: Create a fancy contact whose secret XMPP ID only you know. This way you can prove that you are the owner of your account.

• To keep messages synchronized across multiple devices and exchange messages even when two subscribers are not online at the same time, messages are cached on the server for up to 4 weeks. This function is called “MAM”. (Message Archive Management) and is activated by default for both individual conversations and MUCs (Multi User Chats, Chatrooms), in order to offer a similar user experience to commercial messengers, especially to inexperienced XMPP users. For your own security, you can use OMEMO encryption / end-to-end encryption to keep your conversations safe even if my server systems are breached. You don’t agree with the logging? This way!.

• Contents uploaded via http_upload remain stored on the server for 4 weeks

• If I am required to cooperate with law enforcement authorities under any applicable law, information will be disclosed in accordance with the applicable law.

Overview of stored data

• IP addresses for incorrect login attempts
• News history (4 weeks. Optional: Disable message logging.).
• Time of last login (to detect inactive users)
• Profile information and avatar
• Contacts and MUCs added to the account
• Uploaded files (4 weeks)

You can protect your personal messages by enabling end-to-end encryption (e.g. OMEMO).