Privacy Policy
This is a rough draft! Please feel free to make suggestions!
I. What Information Do We Collect?
- Basic account information : If you register on this server, you may be asked to enter a username, an e-mail address and a password. You may also enter additional profile information such as a display name and biography, and upload a profile picture and header image. The username, display name, biography, profile picture and header image are always listed publicly.
- Posts, following and other public information: The list of people you follow is listed publicly; the same is true for your followers. When you submit a message, the date and time is stored as well as the application you submitted the message from. Messages may contain media attachments, such as pictures and videos. Public and unlisted posts are available publicly. When you feature a post on your profile, that is also publicly available information. Your posts are delivered to your followers — in some cases that means they are delivered to different servers and copies are stored there. When you delete posts, this is likewise delivered to your followers. The action of reblogging or favoriting another post is always public.
- Direct and followers-only posts: All posts are stored and processed on the server. Followers-only posts are delivered to your followers and users who are mentioned in them, and direct posts are delivered only to users mentioned in them. In some cases it means they are delivered to different servers and copies are stored there. We make a good faith effort to limit the access to those posts only to authorized persons, but other servers may fail to do so. Therefore it’s important to review servers your followers belong to. You may toggle an option to approve and reject new followers manually in the settings. Please keep in mind that the operators of the server and any receiving server may view such messages, and that recipients may screenshot, copy or otherwise re-share them. Do not share any dangerous information over Mastodon.
- IPs and other metadata: When you log in, we record the IP address you log in from, as well as the name of your browser application. All the logged in sessions are available for your review and revocation in the settings. The latest IP address used is stored for up to 12 months. We also may retain server logs which include the IP address of every request to our server.
II. Usage of Your Data
The data you post here lives on a server that The Community runs. They promise that they won’t look at your private data. You are just going to have to trust them on this since there’s no other way to prove it.
This is, however, an ActivityPub federated server. This means that other people on other federated servers can find you, send you messages, etc. This also means that any information you put in posts, whether they are public or private, might end up “federated” – basically, a copy of your post gets put on any server that reads your post.
If you want decent privacy (the info doesn’t leave this server), the only way to do that is to set your account to private, only accept friend requests from other Community members, and only ever “@ mention” other Community members. Once you start talking to people on other servers, all bets are off.
Any private message you send to someone on another server could be looked at by the admin of a different server. This is kind of like email: if you are on a private email server, and you send an unencrypted email to a gmail account, congrats, Google now has the content of that email.
Also note that Mastodon and its derivatives, including Hometown, behave differently from other websites, in that if you “@ mention” someone in a direct message, that person is automatically pulled into the message thread and can see everything you have said about them. Be warned!
III. Disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. That being said, this is a website, so your data is being stored on servers owned by someone else that we merely rent. We have done our best to protect that information.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety. The Community is very small, and we will comply with all legal enforcement activities. If law enforcement asks for a copy of your data, we will be compelled to hand it over. Be warned.
Your public content may be downloaded by other servers in the network. Your public and followers-only posts are delivered to the servers where your followers reside, and direct messages are delivered to the servers of the recipients, insofar as those followers or recipients reside on a different server than this.
When you authorize an application to use your account, depending on the scope of permissions you approve, it may access your public profile information, your following list, your followers, your lists, all your posts, and your favorites. Applications can never access your e-mail address or password.
IV. Administration of Policy
A. Updates
The Administrators reserve the right to update the Privacy Policy at any time at their discretion. Updates to the Privacy Policy will be communicated to Community members via email and posts from admin accounts. If you have any concerns about or suggestions for the Privacy Policy, please contact an administrator or make a suggestion on GitHub.
B. License
The privacy policy is based on work by Darius Kazemi. It is provided under a Creative Commons Zero License, meaning its contents are in the public domain.