ari/ari.lt
1
0
Fork 0
mirror of https://git.ari.lt/ari.lt/ari.lt.git synced 2025-02-04 09:39:25 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve the legal framework of Ari-web.

Browse source 
Signed-off-by: Ari Archer <ari@ari.lt>
This commit is contained in:
Arija A. 2024-12-25 04:19:18 +02:00
parent 69f1cbf4d2
commit 0d937c9a53
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
GPG key ID: A50D5B4B599AF8A2
3 changed files with 80 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
src/static/legal.sig
View file

Binary file not shown.

78
src/static/legal.txt
View file

@ -1,12 +1,13 @@
Legal framework of Ari-web
This is the legal framework of Ari-web which covers topics such as logging policy, privacy policy, data control, data control compliance, as well as other legal aspects when it comes to using Ari-web services. By using or requesting to use any Ari-web services you agree to the legal framework outlined in this document, and agree to keep yourself updated with or without notice.
This is the legal framework of Ari-web which covers topics such as logging policy, privacy policy, data control, data control compliance, as well as other legal aspects when it comes to using Ari-web services. Users ("you", "your") using or requesting to use any Ari-web services agree to the legal framework outlined in this document, and agree to keep yourself updated with or without notice.
This document serves as an agreement between you and Ari-web parties, regarding the use and management of Ari-web's services. It outlines the expectations, responsibilities, and limitations for both parties.
Visitor: 1654031
Created at: 2024-11-25 (YYYY-MM-DD)
Last updated: 2024-12-04 (YYYY-MM-DD)
Visitor: 1713856
Authored at: 2024-11-04 (YYYY-MM-DD)
Latest update: 2024-12-25 (YYYY-MM-DD)
OpenPGP signature of this document by the Authoritative party's OpenPGP key: legal.sig (Note: Only the text content found in legal.txt was signed. Use that text-only static copy of this document to verify the signature.)
# Involved Parties
@ -67,8 +68,9 @@ Full list of the parties involved:
Email: jlajsek@gmail.com
Website: https://cubiq.dev/
Collectively, we are called Ari-web. You are an outside party using our free (Libre and Gratis) and open source services. Although, responsibility for Ari-web goes to the Authoritative party.
Collectively, we are called Ari-web, although, for cohesion purposes, Ari-web can be understood as only including the Authoritative party where it is understood to be purely the responsibility of the Authoritative party, for instance, payments. You are an outside party using our free (Libre and Gratis) and open source services. Although, responsibility for Ari-web goes to the Authoritative party.
For any concerns about Ari-web members, immediately contact the Authoritative party.
# Liability Disclaimer
Ari-web disclaims all liability for any damages, data loss, dissatisfaction, or any other legal liability. You, as an individual user, are solely responsible for your actions, their consequences, and protecting yourself as well as your privacy and security.
@ -104,17 +106,17 @@ Ari-web is committed to providing the utmost transparency in its operations and
# Services
This table lists all self-hosted software (semi-)open for the public that people are welcome to use.
Service Description Link
Matrix homeserver (using Dendrite (s7evink/fetch-auth-events patch)) Semi-open registration, contact register@ari.lt for an account. matrix.ari.lt
XMPP/Jabber server (using Prosody) Semi-open registration, contact register@ari.lt for an account. lh/xmpp
Forgejo git forge instance Open registration. git.ari.lt
Email server hosting Mailcow Contact domains@ari.lt for custom domains (aggressive policy). mail.ari.lt (register here) Hosted domains: ari.lt, t1nklas.lt, lenvx.dev, cubiq.dev
Roundcube webmail Only for semi-managed Ari-web email users rc.ari.lt
Akkoma fediverse instance (source repository) Open registration. ak.ari.lt
SchildiChat & Cinny Matrix web clients Web clients for Matrix. schildi.ari.lt & cinny.ari.lt
PrivateBin instance Private public encrypted pastebin. pb.ari.lt
Private PocketBase instance Private database storage for Github: TheCubiq db.cubiq.dev
Forgejo instance for kappach.at Git forge instance of KappaChat - An extensible Matrix client written in C. git.kappach.at
Service Description Link
Matrix homeserver (using Dendrite (s7evink/fetch-auth-events patch)) Semi-open registration, contact register@ari.lt for an account. matrix.ari.lt
XMPP/Jabber server (using Prosody) Semi-open registration, contact register@ari.lt for an account. lh/xmpp
Forgejo git forge instance Open registration. git.ari.lt
Email server hosting Mailcow Contact domains@ari.lt for custom domains (aggressive policy). mail.ari.lt (register here) Hosted domains: ari.lt, t1nklas.lt, lenvx.dev, cubiq.dev
Roundcube webmail Only for semi-managed Ari-web email users rc.ari.lt
Akkoma fediverse instance (source repository) Open registration. ak.ari.lt
SchildiChat & Cinny Matrix web clients Web clients for Matrix. schildi.ari.lt & cinny.ari.lt
PrivateBin instance Private public encrypted pastebin. pb.ari.lt
Private PocketBase instance Private database storage for Github: TheCubiq db.cubiq.dev
Forgejo instance for kappach.at Git forge instance of KappaChat - An extensible Matrix client written in C. git.kappach.at
# Community standards
Abide by International, United States of America, Lithuanian, and Swedish Laws
@ -157,24 +159,28 @@ Contact us for any violations, questions, or various other things by either Auth
By using our services, you agree that any data you send to Ari-web servers to be processed, stored, logged, and served. We reserve to change these policies at any point for genuine interest which includes service functionality, moderation, administration, or allowing extra features with or without prior notice.
No data will ever be shared with 3rd parties and we will not sell your information in any capacity. However, we may share your information with relevant authorities in case we are legally obliged in accordance to the law. We do not share your information with any unauthorized parties or for any other illegitimate purposes.
You reserve the right to request mass data deletion of any data logged or stored by simply sending a request to bye@ari.lt. Logs are mainly collected for moderation and service stability insurance.
Service Logged information Stored information Notes
All Your IP address (logs are rotated every 64 days), access URI, authentication attempts, timestamp, response code, and parameters Your IP address (temporarily for up to a week in-memory), all data you sent to be processed and expect it to be stored (such as comments, messages, files, ...), cookies You are responsible for your own privacy by using client-side encryption. Data on Ari-web is minimally processed, and even though we strive for best privacy and security, we place the responsibility of true privacy so only you see your data by using client-side encryption on you. (See OpenPGP). Your IP may be stored indefinitely if we notice large amount of potentially abusive traffic from you to block your IP address. Most logs are rotated every 64 days.
Computing (access to the server's compute resources) Everything you do on the system is logged, including file access, login attempts, and resource usage as well as the normal logs as described above ("All"). Stored information is all information you may put on the server, which includes (but is not limited to) files, logs, software, and code. These assets will not be served unless you choose to serve them yourself, in which case, you should request the Authoritative party to allow you to use certain ports and for them to be open to the open internet. You are responsible for ensuring your own privacy and not compromising the security of the compute resources, although, it will and is monitored to ensure best practices are being followed. You are responsible for managing your own resource usage without abusing them as well as adhering to Ari-web policies and initiating your own. You may not distribute or even read data or configuration that is not meant for you.
Matrix (matrix.ari.lt) Error reporting information with nonindefinable or minimally identifiable information. All Matrix rooms and events as well as files to be stored, federated or not. Federates the aforementioned events to other servers out of our control due to the nature of the mash nature of the Matrix protocol.
XMPP/Jabber (ari.lt ports 5222, 5269, 5223, 5270, and 5281) Client/server events (federated or not), including (but not limited to) connections and error reporting information. All XMPP events and multi-user chats as well as files to be stored, federated or not. XMPP has a unique way of storing various events, therefore, you are strongly encouraged to use private-only MUCs (multi-user chats) on muc.ari.lt with encryption with OMEMO or OpenPGP.
Git forge (Forgejo at git.ari.lt) Any events or actions taken by You on git Forge, including authenticating, creating repositories, organisations, using runners (actions), deleting repositories, commits, etc. All repositories (private and public) and their data as well as metadata, user profile data, authentication data, preferences, blocked users, avatars, descriptions, emails, organizations, etc. Git forge is meant to store data like a versioned file store of sort (i.e. Git VCS), therefore, all you send there will be served, to public or not (depending on your preferences).
Email mailboxes of Ari-web email using Mailcow (mail.ari.lt) All actions performed on email are logged. This includes: Email subject, email headers, rSpamD scan result, ClamAV antivirus results, access and authentication of both email and web UI, sent and received mail, IP address spam statistics, mailbox spam statistics, email (and its body) spam statistics (fuzzy hashes and scores mainly). This ensures full stability and deliverability of the email server. All data related to your email is stored. This includes: IP address, email body, attachments, headers, spam scores and metadata, email threads, WebUI accounts (and their associated data), etc. Even though we try to ensure best security of emails as well as secure access and storage, you are responsible for ensuring your total privacy. We are NOT allowed to invade your privacy unless circumstances call for it, although, to be safe, we suggest public key encryption to be used. See Termination, Limitation, and Transfer for more details.
Semi-managed email using custom domains using Mailcow (goes to mail.ari.lt) All data related to email mailboxes is logged as described above. Although, email hosting with custom domains comes with its own unique logging as well, for instance, you may be requested to add DMARC reports support to your domain. All administrator actions will also be logged and stored relating to your custom domain like login attempts, change of settings and rules as well as related events. Mailbox information is stored as described above. Administrator information is stored similarly to mailbox WebUI accounts, including authentication information and various domain-related information such as logs and private keys (like DKIM). You, as the domain administrator, are required to ensure best security practices when using Ari-web email and to not violate the described terms in this document. Your violation of these terms will be considered a breach, therefore, your access will be terminated with notice.
PrivateBin (pb.ari.lt) Logs your paste ID, although, does not log the private key used for encrypting the paste. Encrypted paste information is stored on the paste as sent by the client. When reporting a paste for violating content, please provide us with as much information as possible about the paste, including its ID and private key (all in the URL, which you can just supply to us).
RoundCube webmail (rc.ari.lt) Logs error information. Stores your sessions as well as your password in an encrypted format as well as user preferences, identities, and other related webmail data.
Matrix clients (schildi.ari.lt and cinny.ari.lt) All data and processing happens client-side.
Akkoma/fediverse instance (ak.ari.lt) All actions taken by administrators are logged as well as errors / warnings / faults related to various parts of the applications. Stores all data sent to the server, federated or not, such as user-generated content (posts, DMs), descriptions, content warnings, avatars, alt texts, interactions, tags, avatars, uploads, etc. and federates them to other servers out of our control due to the nature of the mesh nature of the ActivityPub protocol.
Service Logged information Stored information Notes Purposes
All Your IP address (logs are rotated every 64 days), access URI, authentication attempts, timestamp, response code, and parameters Your IP address (temporarily for up to a week in-memory), all data you sent to be processed and expect it to be stored (such as comments, messages, files, ...), cookies You are responsible for your own privacy by using client-side encryption. Data on Ari-web is minimally processed, and even though we strive for best privacy and security, we place the responsibility of true privacy so only you see your data by using client-side encryption on you. (See OpenPGP). Your IP may be stored indefinitely if we notice large amount of potentially abusive traffic from you to block your IP address. Most logs are rotated every 64 days. This data is baseline collection for ensuring service stability and our ability to moderate content as well as access to resources. This data is not used for analytical purposes, but rather for security and stability ensurance.
Computing (access to the server's compute resources) Everything you do on the system is logged, including file access, login attempts, and resource usage as well as the normal logs as described above ("All"). Stored information is all information you may put on the server, which includes (but is not limited to) files, logs, software, and code. These assets will not be served unless you choose to serve them yourself, in which case, you should request the Authoritative party to allow you to use certain ports and for them to be open to the open internet. You are responsible for ensuring your own privacy and not compromising the security of the compute resources, although, it will and is monitored to ensure best practices are being followed. You are responsible for managing your own resource usage without abusing them as well as adhering to Ari-web policies and initiating your own. You may not distribute or even read data or configuration that is not meant for you. The purpose of this information is for ensuring no unauthorised access or tampering is going on - this is to ensure upmost security and privacy of everyone. Data storage and processing, even though mostly done by you, still depend on Ari-web resources, and is the purpose of the service - therefore, you acknowledge that data is still stored and served on Ari-web.
Matrix (matrix.ari.lt) Error reporting information with nonindefinable or minimally identifiable information. All Matrix rooms and events as well as files to be stored, federated or not. Federates the aforementioned events to other servers out of our control due to the nature of the mash nature of the Matrix protocol. Collection of error messages is for issue resolution and detection, for example, federation errors or database errors could indicate various problems with the server to be addresed. The data you send is stored to ensure service since the sole purpose of instant messaging is for the messages to be stored and served, as well as federated in case of Matrix.
XMPP/Jabber (ari.lt ports 5222, 5269, 5223, 5270, and 5281) Client/server events (federated or not), including (but not limited to) connections, authentication, and error reporting information. All XMPP events and multi-user chats as well as files to be stored, federated or not. XMPP has a unique way of storing various events, therefore, you are strongly encouraged to use private-only MUCs (multi-user chats) on muc.ari.lt with encryption with OMEMO or OpenPGP. Logging of events and their status is for the purpose of preventing brute-force attacks as well as (D)DoS attacks by rate limiting events and connections. Data storage is for service providing purposes and it is to be expected if you are requesting or are using Ari-web XMPP.
Git forge (Forgejo at git.ari.lt) Any events or actions taken by You on git Forge, including authenticating, creating repositories, organisations, using runners (actions), deleting repositories, commits, etc. All repositories (private and public) and their data as well as metadata, user profile data, authentication data, preferences, blocked users, avatars, descriptions, emails, organizations, etc. Git forge is meant to store data like a versioned file store of sort (i.e. Git VCS), therefore, all you send there will be served, to public or not (depending on your preferences). All events are logged not only by the nature of Git, but also administator as well as authentication endpoint access are logged by web access. This is of interest because we try our best to mitigate attacks that could impede user security, privacy, or lead to service downtime and/or instability. Data storage is to be expected by the nature of Git, being a Version Contol System (VCS) that serves files.
Email mailboxes of Ari-web email using Mailcow (mail.ari.lt) All actions performed on email are logged. This includes: Email subject, email headers, rSpamD scan result, ClamAV antivirus results, access and authentication of both email and web UI, sent and received mail, IP address spam statistics, mailbox spam statistics, email (and its body) spam statistics (fuzzy hashes and scores mainly). This ensures full stability and deliverability of the email server. All data related to your email is stored. This includes: IP address, email body, attachments, headers, spam scores and metadata, email threads, WebUI accounts (and their associated data), etc. Even though we try to ensure best security of emails as well as secure access and storage, you are responsible for ensuring your total privacy. We are NOT allowed to invade your privacy unless circumstances call for it, although, to be safe, we suggest public key encryption to be used. See Termination, Limitation, and Transfer for more details. Email is aggressively logged due to the sensitive nature of E-mail; All of the logs are used in accordance to sane policies that Mailcow implements to prevent attacks, as well as helping email server moderation easier. Data storage is also to be expected if you are using E-Mail.
Semi-managed email using custom domains using Mailcow (goes to mail.ari.lt) All data related to email mailboxes is logged as described above. Although, email hosting with custom domains comes with its own unique logging as well, for instance, you may be requested to add DMARC reports support to your domain. All administrator actions will also be logged and stored relating to your custom domain like login attempts, change of settings and rules as well as related events. Mailbox information is stored as described above. Administrator information is stored similarly to mailbox WebUI accounts, including authentication information and various domain-related information such as logs and private keys (like DKIM). You, as the domain administrator, are required to ensure best security practices when using Ari-web email and to not violate the described terms in this document. Your violation of these terms will be considered a breach, therefore, your access will be terminated with notice. Email and data storage interest points are already explained in the E-Mail mailboxes section. Administrator events are logged for, once again, security and attack mitigation purposes. DMARC reports are not logged per se, but they get sent for error, impersonation detection, or other oddball activity detection.
PrivateBin (pb.ari.lt) Logs your paste ID, although, does not log the private key used for encrypting the paste. Encrypted paste information is stored on the paste as sent by the client. When reporting a paste for violating content, please provide us with as much information as possible about the paste, including its ID and private key (all in the URL, which you can just supply to us). Paste IDs are logged per the web access logging. Furthermore, the paste ID is stored server-side to ensure service accessibility. Data storage, even though encrypted and undecipherable server-side, is stored because the nature of the server is to store and serve encrypted blobs to be decrypted by the client.
RoundCube webmail (rc.ari.lt) Logs error information. Stores your sessions as well as your password in an encrypted format as well as user preferences, identities, and other related webmail data. Error logging information is for detected mishaps on server-side, which is best of out interest to ensure stability of out services. Stored data, like sessions, user identities, and user preferences, are stored to ensure service for the users of the webmail service and is to be expected.
Matrix clients (schildi.ari.lt and cinny.ari.lt) All data and processing happens client-side.
Akkoma/fediverse instance (ak.ari.lt) All actions taken by administrators are logged as well as errors / warnings / faults related to various parts of the applications. Stores all data sent to the server, federated or not, such as user-generated content (posts, DMs), descriptions, content warnings, avatars, alt texts, interactions, tags, avatars, uploads, etc. and federates them to other servers out of our control due to the nature of the mesh nature of the ActivityPub protocol. The administator actions are logged for purpose of transparency and ensuring non-corruption. Fault information is logged for purpose of debugging and ensuring stability of Akkoma on our side, to provide a smooth experience for everyone. The sent data is stored is also to be expected if you're using the service since the sole purpose of the service is to store and serve posts as well as media, as well as giving you access to the federated ActivityPub protocol by data federation and storage.
# Service availability
Ari-web tries to provide the best uptime, although, there is zero guarantee on any sort of service availability in percentage. You get what you get essentially. Although, expect minor downtime monthly or bimonthly for maintenance tasks such as a maintenance reboot or a configuration change. This assumption is not to be construed as a guarantee.
Ari-web disclaims any liability for service interruptions or downtime, and users acknowledge that they are using the services at their own risk. You may see Ari-web service status and messages at https://status.ari.lt/ which don't guarantee anything, but, may provide valuable insight in current status of Ari-web if you are experiencing any issues with it.
As an aid, you may contact the Authoritative Party for technical support as a courtesy; such assistance shall be provided at no cost to you. However, please be advised that the Authoritative Party makes no guarantees, assumes no liability, and has no obligation to provide support. Nonetheless, the Authoritative Party will make reasonable efforts to assist you to the best of their ability.
# Termination, Limitation, and Transfer
Ari-web reserves the right to terminate, limit, or transfer services, infrastructure, or general access in certain circumstances, as outlined below:
@ -198,6 +204,7 @@ We are also subject to the terms of HostHatch which you can read at:
https://hosthatch.com/terms-of-service
https://hosthatch.com/acceptable-use-policy
https://hosthatch.com/privacy-policy
https://hosthatch.com/hosthatch-gdpr-dpa.pdf (Ari-web is what you would call a "Sub-processor")
# Affiliations
@ -224,11 +231,11 @@ Ari-web is fully funded by the Authoritative party and volunteer donations by Cr
Nobody shall ever, unless a change of status in Ari-web, be forced to pay for a publicly available service to use it unless it is by their own discretion through direct (monetary, which are logged in a public donation log) or indirect (code and help) donations.
Ari-web, as a project almost exclusively out of the Authoritative party's pocket, costs as follows:
Purpose Payment model Annual cost
Processing server 0 (mail.ari.lt) Quarterly ($45/qr) $180
Storage server 0 (cdn.ari.lt) Quarterly ($15/qr) $60
Domain (ari.lt) Annual ($12.58/yr) ~$13
Total ~$253 ±$20 (for misc. costs and taxes)
Purpose Payment model Annual cost
Processing server 0 (mail.ari.lt) Quarterly ($45/qr) $180
Storage server 0 (cdn.ari.lt) Quarterly ($15/qr) $60
Domain (ari.lt) Annual ($12.58/yr) ~$13
Total ~$253 ±$20 (for misc. costs and taxes)
These costs do not include labour costs as well as various mishaps. We spend a lot of effort and time trying to maintain Ari-web a clean, nice, and stable place as much as it is in our power, while maintaining best security and community.
@ -237,6 +244,7 @@ By continuing to use Ari-web's services, you agree to be bound by these terms an
Ari-web reserves the right to enforce these terms as deemed necessary, but makes no guarantees regarding the consistency or enforceability of the policies described herein. Users are advised to use Ari-web's services at their own risk and discretion with common sense.
By continuing to access and use Ari-web services, you signify your understanding and acceptance of these terms. If you do not agree with the terms, you are advised to discontinue using Ari-web services immediately and/or request a permanent data deletion by sending a request to bye@ari.lt.
No ResultWebsite Carbon
The source code and all content, except the Nerd Hack font (see Nerd Hack font license) and Website Carbon Badges (see website-carbon-badges license), are licensed under the AGPL-3.0-or-later by Ari Archer <ari@ari.lt> as a part of the ari-web project. Copyright 2020-2024.
meow :3
The source code and all content, except the Nerd Hack font (see Nerd Hack font license), are licensed under the AGPL-3.0-or-later by Ari Archer <ari@ari.lt> as a part of the ari-web project. Copyright 2020-2024.

44
src/templates/legal.j2
View file

@ -49,8 +49,8 @@
<p>
This is the legal framework of Ari-web which covers topics such as logging policy,
privacy policy, data control, data control compliance, as well as other legal aspects
when it comes to using Ari-web services. By using or requesting to use any Ari-web services
you agree to the legal framework outlined in this document, and agree to keep yourself updated
when it comes to using Ari-web services. Users ("you", "your") using or requesting to use any Ari-web services
agree to the legal framework outlined in this document, and agree to keep yourself updated
with or without notice.
</p>
@ -61,8 +61,8 @@
<ul>
<li>Visitor: {{ visitor }}</li>
<li>Created at: 2024-11-25 (YYYY-MM-DD)</li>
<li>Last updated: 2024-12-04 (YYYY-MM-DD)</li>
<li>Authored at: 2024-11-04 (YYYY-MM-DD)</li>
<li>Latest update: 2024-12-25 (YYYY-MM-DD)</li>
<li>
OpenPGP signature of this document by the <a href="{{ url_for("views.pgp") }}">Authoritative party's OpenPGP key</a>: <a href="{{ url_for("static", filename="legal.sig") }}">legal.sig</a>
(Note: Only the text content found in <a href="{{ url_for("static", filename="legal.txt") }}">legal.txt</a> was signed. Use that text-only static copy of this document to verify the signature.)
@ -196,9 +196,14 @@
</ul>
<p>
Collectively, we are called <b>Ari-web</b>. You are an outside party using our free (Libre and Gratis) and open source services.
Collectively, we are called <b>Ari-web</b>, although, for cohesion purposes, Ari-web
can be understood as only including the Authoritative party where it is understood to be
purely the responsibility of the Authoritative party, for instance, payments.
You are an outside party using our free (Libre and Gratis) and open source services.
Although, responsibility for Ari-web goes to the Authoritative party.
<p>
</p>
<p>For any concerns about Ari-web members, immediately contact the Authoritative party.</p>
<h2 id="liability"><a href="#liability">#</a> Liability Disclaimer</h2>
@ -420,6 +425,12 @@
administration, or allowing extra features with or without prior notice.
</p>
<p>
No data will ever be shared with 3rd parties and we will not sell your information in any capacity.
However, we may share your information with relevant authorities in case we are legally obliged in accordance to the law.
We do not share your information with any unauthorized parties or for any other illegitimate purposes.
</p>
<p>
You reserve the right to request mass data deletion of any data logged or stored by simply sending a request to
<a href="mailto:bye@ari.lt">bye@ari.lt</a>. Logs are mainly collected for moderation and service stability insurance.
@ -432,6 +443,7 @@
<th>Logged information</th>
<th>Stored information</th>
<th>Notes</th>
<th>Purposes</th>
</tr>
<tr>
@ -439,6 +451,7 @@
<td>Your IP address (logs are rotated every 64 days), access URI, authentication attempts, timestamp, response code, and parameters</td>
<td>Your IP address (temporarily for up to a week in-memory), all data you sent to be processed and expect it to be stored (such as comments, messages, files, ...), cookies</td>
<td>You are responsible for your own privacy by using client-side encryption. Data on Ari-web is minimally processed, and even though we strive for best privacy and security, we place the responsibility of true privacy so only you see your data by using client-side encryption on you. (See <a href="https://www.openpgp.org/">OpenPGP</a>). Your IP may be stored indefinitely if we notice large amount of potentially abusive traffic from you to block your IP address. Most logs are rotated every 64 days.</td>
<td>This data is baseline collection for ensuring service stability and our ability to moderate content as well as access to resources. This data is not used for analytical purposes, but rather for security and stability ensurance.</td>
</tr>
<tr>
@ -446,6 +459,7 @@
<td>Everything you do on the system is logged, including file access, login attempts, and resource usage as well as the normal logs as described above ("All").</td>
<td>Stored information is all information you may put on the server, which includes (but is not limited to) files, logs, software, and code. These assets will not be served unless you choose to serve them yourself, in which case, you should request the Authoritative party to allow you to use certain ports and for them to be open to the open internet. You are responsible for ensuring your own privacy and not compromising the security of the compute resources, although, it will and is monitored to ensure best practices are being followed.</td>
<td>You are responsible for managing your own resource usage without abusing them as well as adhering to Ari-web policies and initiating your own. You may not distribute or even read data or configuration that is not meant for you.</td>
<td>The purpose of this information is for ensuring no unauthorised access or tampering is going on - this is to ensure upmost security and privacy of everyone. Data storage and processing, even though mostly done by you, still depend on Ari-web resources, and is the purpose of the service - therefore, you acknowledge that data is still stored and served on Ari-web.</td>
</tr>
<tr>
@ -453,13 +467,15 @@
<td>Error reporting information with nonindefinable or minimally identifiable information.</td>
<td>All <a href="https://matrix.org/docs/matrix-concepts/rooms_and_events/">Matrix rooms and events</a> as well as files to be stored, federated or not. Federates the aforementioned events to other servers out of our control due to the nature of the mash nature of the Matrix protocol.</td>
<td></td>
<td>Collection of error messages is for issue resolution and detection, for example, federation errors or database errors could indicate various problems with the server to be addresed. The data you send is stored to ensure service since the sole purpose of instant messaging is for the messages to be stored and served, as well as federated in case of Matrix.</td>
</tr>
<tr>
<td>XMPP/Jabber (ari.lt ports 5222, 5269, 5223, 5270, and 5281)</td>
<td>Client/server events (federated or not), including (but not limited to) connections and error reporting information.</td>
<td>Client/server events (federated or not), including (but not limited to) connections, authentication, and error reporting information.</td>
<td>All XMPP events and multi-user chats as well as files to be stored, federated or not.</td>
<td>XMPP has a unique way of storing various events, therefore, you are strongly encouraged to use private-only MUCs (multi-user chats) on muc.ari.lt with encryption with OMEMO or OpenPGP.</td>
<td>Logging of events and their status is for the purpose of preventing brute-force attacks as well as (D)DoS attacks by rate limiting events and connections. Data storage is for service providing purposes and it is to be expected if you are requesting or are using Ari-web XMPP.</td>
</tr>
<tr>
@ -467,6 +483,7 @@
<td>Any events or actions taken by You on git Forge, including authenticating, creating repositories, organisations, using runners (actions), deleting repositories, commits, etc.</td>
<td>All repositories (private and public) and their data as well as metadata, user profile data, authentication data, preferences, blocked users, avatars, descriptions, emails, organizations, etc.</td>
<td>Git forge is meant to store data like a versioned file store of sort (i.e. <a href="https://git-scm.com/">Git VCS</a>), therefore, all you send there will be served, to public or not (depending on your preferences).</td>
<td>All events are logged not only by the nature of Git, but also administator as well as authentication endpoint access are logged by web access. This is of interest because we try our best to mitigate attacks that could impede user security, privacy, or lead to service downtime and/or instability. Data storage is to be expected by the nature of Git, being a Version Contol System (VCS) that serves files.</td>
</tr>
<tr>
@ -474,6 +491,7 @@
<td>All actions performed on email are logged. This includes: Email subject, email headers, rSpamD scan result, ClamAV antivirus results, access and authentication of both email and web UI, sent and received mail, IP address spam statistics, mailbox spam statistics, email (and its body) spam statistics (fuzzy hashes and scores mainly). This ensures full stability and deliverability of the email server.</td>
<td>All data related to your email is stored. This includes: IP address, email body, attachments, headers, spam scores and metadata, email threads, WebUI accounts (and their associated data), etc.</td>
<td>Even though we try to ensure best security of emails as well as secure access and storage, you are responsible for ensuring your total privacy. We are <b>NOT</b> allowed to invade your privacy unless circumstances call for it, although, to be safe, we suggest public key encryption to be used. See <a href="#termination">Termination, Limitation, and Transfer</a> for more details.</td>
<td>Email is aggressively logged due to the sensitive nature of E-mail; All of the logs are used in accordance to sane policies that Mailcow implements to prevent attacks, as well as helping email server moderation easier. Data storage is also to be expected if you are using E-Mail.</td>
</tr>
<tr>
@ -481,6 +499,7 @@
<td>All data related to email mailboxes is logged as described above. Although, email hosting with custom domains comes with its own unique logging as well, for instance, you may be requested to add DMARC reports support to your domain. All administrator actions will also be logged and stored relating to your custom domain like login attempts, change of settings and rules as well as related events.</td>
<td>Mailbox information is stored as described above. Administrator information is stored similarly to mailbox WebUI accounts, including authentication information and various domain-related information such as logs and private keys (like DKIM).</td>
<td>You, as the domain administrator, are required to ensure best security practices when using Ari-web email and to not violate the described terms in this document. Your violation of these terms will be considered a breach, therefore, your access will be terminated with notice.</td>
<td>Email and data storage interest points are already explained in the E-Mail mailboxes section. Administrator events are logged for, once again, security and attack mitigation purposes. DMARC reports are not logged per se, but they get sent for error, impersonation detection, or other oddball activity detection.</td>
</tr>
<tr>
@ -488,6 +507,7 @@
<td>Logs your paste ID, although, does not log the private key used for encrypting the paste.</td>
<td>Encrypted paste information is stored on the paste as sent by the client.</td>
<td>When reporting a paste for violating content, please provide us with as much information as possible about the paste, including its ID and private key (all in the URL, which you can just supply to us).</td>
<td>Paste IDs are logged per the web access logging. Furthermore, the paste ID is stored server-side to ensure service accessibility. Data storage, even though encrypted and undecipherable server-side, is stored because the nature of the server is to store and serve encrypted blobs to be decrypted by the client.</td>
</tr>
<tr>
@ -495,6 +515,7 @@
<td>Logs error information.</td>
<td>Stores your sessions as well as your password in an encrypted format as well as user preferences, identities, and other related webmail data.</td>
<td></td>
<td>Error logging information is for detected mishaps on server-side, which is best of out interest to ensure stability of out services. Stored data, like sessions, user identities, and user preferences, are stored to ensure service for the users of the webmail service and is to be expected.</td>
</tr>
<tr>
@ -502,6 +523,7 @@
<td></td>
<td></td>
<td>All data and processing happens client-side.</td>
<td></td>
</tr>
<tr>
@ -509,6 +531,7 @@
<td>All actions taken by administrators are logged as well as errors / warnings / faults related to various parts of the applications.</td>
<td>Stores all data sent to the server, federated or not, such as user-generated content (posts, DMs), descriptions, content warnings, avatars, alt texts, interactions, tags, avatars, uploads, etc. and federates them to other servers out of our control due to the nature of the mesh nature of the ActivityPub protocol.</td>
<td></td>
<td>The administator actions are logged for purpose of transparency and ensuring non-corruption. Fault information is logged for purpose of debugging and ensuring stability of Akkoma on our side, to provide a smooth experience for everyone. The sent data is stored is also to be expected if you're using the service since the sole purpose of the service is to store and serve posts as well as media, as well as giving you access to the federated ActivityPub protocol by data federation and storage.</td>
</tr>
</table>
</div>
@ -529,6 +552,12 @@
any issues with it.
</p>
<p>
As an aid, you may contact the Authoritative Party for technical support as a courtesy; such assistance shall be provided at no cost to you.
However, please be advised that the Authoritative Party makes no guarantees, assumes no liability, and has no obligation to provide support.
Nonetheless, the Authoritative Party will make reasonable efforts to assist you to the best of their ability.
</p>
<h2 id="termination"><a href="#termination">#</a> Termination, Limitation, and Transfer</h2>
<p>
@ -578,6 +607,7 @@
<li><a href="https://hosthatch.com/terms-of-service">https://hosthatch.com/terms-of-service</a></li>
<li><a href="https://hosthatch.com/acceptable-use-policy">https://hosthatch.com/acceptable-use-policy</a></li>
<li><a href="https://hosthatch.com/privacy-policy">https://hosthatch.com/privacy-policy</a></li>
<li><a href="https://hosthatch.com/hosthatch-gdpr-dpa.pdf">https://hosthatch.com/hosthatch-gdpr-dpa.pdf</a> (Ari-web is what you would call a "Sub-processor")</li>
</ul>
<h2 id="affiliations"><a href="#affiliations">#</a> Affiliations</h2>