Improve tos.txt

Signed-off-by: Ari Archer <ari@ari.lt>

src/aw/views.py

@@ -45,9 +45,156 @@ def tos() -> t.Any:
 
     return flask.Response(
         """
-The general guidelines & rules for ari.lt and ari.lt related communities, subcommunities, domains, and services:
+The ARI.LT Terms of Service
 
-1. Abide by Lithuanian and Swedish Laws
+Author: Ari Archer <ari@ari.lt> at 2024-08-21
+Last modified: 2024-08-21
+License: The Unlicense
+
+By using the services provided by ari-web, including but not limited to XMPP, Matrix, Vikunja, email,
+and email hosting, you agree to the following terms and conditions which apply since the last modification:
+
+0. Definitions
+
+* The Authoritative party: Refers to the owner of ari.lt which funds, manages, administrates, authorises, and moderates whole of ari.lt and its services.
+* Ari-web (ari-web): Refers to all volunteers working with/on ari.lt, referring to people authorised to do so by the Authoritative party. This encompasses the Authoritative party as well.
+* Hosters: Any people, not specifically a part of ari-web, who may host services on ari-web servers or use managed services relating to ari-web.
+* User: Any person using ari-web services.
+
+1. Parties
+
+* The Authoritative party: Ari Archer
+    * Email: ari@ari.lt
+    * Matrix: @ari:ari.lt
+    * XMPP/Jabber: ari@ari.lt
+    * Fediverse: @ari@ak.ari.lt
+    * Form: https://ari.lt/#gb (public guestbook, which goes directly to the party
+    * Public GPG key: https://ari.lt/4FAD63E936B305906A6C4894A50D5B4B599AF8A2.asc (signature 4FAD63E936B305906A6C4894A50D5B4B599AF8A2)
+* Other ari-web members
+    * Cubiq (part of the ari-web git organization, front-end advisor)
+        * Twitter/X: @CubiqNation
+        * Instagram: @tennajivniblazenztgm
+        * LinkedIn: @jakub-lajsek
+        * Email: jlajsek@gmail.com
+    * Zayd (administrates Akkoma (Fediverse))
+        * IRC: zayd on libera.chat
+        * Session (not checked often): 05d790add6647a049f58ce81c80aacc476859880af911cad105cf34fb8757b8872
+        * Signal: https://signal.me/#eu/CDgDVDNMuKpx2BxAwHIcMq2iR3G-gw2XbKOOMm5BAg4XnhVXqHhKtJPvBXCDpwnu
+        * Matrix: @zayd:imagisphe.re
+        * XMPP: zayd@telepath.im
+        * Telegram (avoid unless needed): https://t.me/nsa_employee
+        * Website: https://wanderer.envs.net/
+    * Joseph Winkie AKA jjj333_p (moderates parts of Matrix)
+        * Signal: @jjj333_p.69
+        * Telegram: @jjj333_p_1325
+        * Matrix: @jjj333:pain.agency, @jjj333_p_1325:envs.net, @jjj333_p_1325:matrix.org, and more alternative accounts on their website
+        * Phone: +1 (740) 481 1253
+        * XMPP: jjj333@pain.agency
+        * Snapchat: @jjj333_p
+        * Email: jjj333.p.1325@gmail.com
+        * Fediverse: @jjj333_p@ak.ari.lt
+        * Twitter/X: @Jjj333P
+        * Website: https://pain.agency/
+    * LDA (moderates parts of Matrix)
+        * Matrix: @lda:a.freetards.xyz, @fourier:ari.lt
+        * Discord (avoid): ldasux
+        * Fediverse: @lda@ak.ari.lt
+        * XMPP: lda["at&t" without the "&t"]freetards.xyz
+        * Website: https://freetards.xyz/
+    * Morguldir (moderates parts of Matrix)
+        * Matrix: @morguldir:sulian.eu, @morguwuldir:uwu.sulian.eu
+        * Website: https://sulian.eu/
+* Hosters
+    * T1nklas/Al (hosted/managed email Hoster)
+        * Fediverese: @lyra@crumb.lt
+        * Website: https://t1nklas.lt/
+    * Lenvx (hosted/managed email Hoster)
+        * Website: https://lenvx.dev/
+
+2. Purpose
+
+This document serves as a non-legally binding agreement between you, the User, ari-web, and the Authoritative party,
+regarding the use and management of ari-web's services. It outlines the expectations, responsibilities,
+and limitations for both parties.
+
+3. User Agreement
+
+By using ari-web's services, you acknowledge and agree to the terms outlined in this document.
+You understand that exceptions authorized by the Authoritative party in writing with a digital signature may apply,
+with or without notice, depending on the circumstances and opinion of the Authoritative party.
+
+4. Liability Disclaimer
+
+Ari-web disclaims all liability for any damages, data loss, dissatisfaction, or any other legal liability resulting
+from your actions while using ari-web's services. You, as an individual user, are solely responsible for your actions
+and their consequences and protecting yourself.
+
+5. Privacy and Data Protection
+
+The Authoritative party will make reasonable efforts to protect your privacy unless circumstances call for access termination,
+transfer, or limitation with or without notice, such as in cases of legal compliance or suspected misuse of services.
+
+6. Modifications and Exceptions
+
+The Authoritative party reserves the right to modify these terms at any time without prior notice.
+Exceptions to these terms may be granted by the Authoritative party in writing with a digital signature, at their discretion.
+
+7. Limitation of Liability
+
+In no event shall ari-web be liable for any indirect, special, incidental, or consequential damages related to your use of its services.
+
+8. Servers
+
+* Processing server 0
+    * IPv4: 153.92.126.2
+    * IPv6: 2a0e:dc0:2:11f1::/64 (Primary 2a0e:dc0:2:11f1::1)
+    * Location: Stockholm, Sweden
+    * Hosting provider: HostHatch
+    * Hardware: 4 AMD EPYC cores (2 dedicated, 2 fair-shared), 16 GB of DDR4 RAM, 75 GB of NVMe storage, 4 TB of network bandwidth
+    * Purpose: Processing of all requests, traffic, and hosting as well as processing of data and services.
+    * Access: Only explicitly allowed traffic is allowed, exposed traffic is rate limited and sometimes strongly authenticated where needed.
+* Storage server 0
+    * IPv4: 153.92.126.215
+    * Location: Stockholm, Sweden
+    * Hosting provider: HostHatch
+    * Hardware: 1 vCPU core, 1024 MB of RAM, 1000 GB of HDD storage, 2500 GB of network bandwidth.
+    * Purpose: Storing data
+    * Access: Cut off from the rest of the internet except rate limited and strongly autheticated port 22 traffic for SSH.
+
+8. Transparency
+
+The Authoritative party is committed to providing the utmost transparency in its operations and services wherever possible.
+This commitment includes, but is not limited to, clear communication regarding the use of data, service functionality, and
+any changes to terms or policies. While the Authoritative party strives to maintain this level of transparency,
+it acknowledges that certain circumstances may limit the extent of disclosure. Users are encouraged to reach out with any
+questions or concerns regarding transparency in the services provided. Ari-web will do their best to nodify of changes
+of ToS, but it is your responsibility to keep up with the changes.
+
+9. Services
+
+Ari-web provides the following services:
+
+* Matrix homeserver at matrix.ari.lt running Dendrite (contact the Authoritative party for registration)
+* XMPP/Jabber server at most standard ports of this protocol on ari.lt servers running Prosody (contact the Authoritative party for registration)
+* Git Forge instance at https://git.ari.lt/ running Forgejo (open registration, requires email)
+* Email mailboxes on ari.lt (contact the Authoritative party for registration)
+* Email hosting on ari.lt servers (only possible if the Authoritative party and the User have established trust)
+* Vikunja at https://vi.ari.lt/ (open registration, requires an email)
+* PrivateBin at https://pb.ari.lt/ (free encrypted pastebin, nobody can see the contents of your paste without knowing the secret key)
+
+Other hosted services by others:
+
+* https://db.cubiq.dev/ pocketbase hosting (private)
+* https://t1nklas.lt/ email hosting
+* https://lenvx.dev/ email hosting
+* https://git.kappach.at/ Forgejo hosting
+* More to come...
+
+10. Community standards
+
+You are expected to comply with the following standards while using ari.lt and ari-web related services:
+
+1. Abide by United States of America, Lithuanian, and Swedish Laws
 2. Maintain a Healthy Environment
 3. Uphold Human Decency. This includes:
    - Tolerance.
@@ -65,8 +212,126 @@ The general guidelines & rules for ari.lt and ari.lt related communities, subcom
 9. Sending sexually explicit or suggestive messages is not allowed.
 10. Follow Admin Guidelines - any behaviour deemed abusive by the administrators will be considered a violation of these guidelines.
 
-Author: Ari Archer <ari@ari.lt> at 2024-07-07 00:00 EEST
-License: The Unlicense (https://unlicense.org/)
+11. Compliance
+
+Ari-web is committed to complying with the General Data Protection Regulation (GDPR) and the Digital Millennium Copyright Act (DMCA).
+
+It adheres to the principles outlined in the GDPR, ensuring that all personal data is processed lawfully, fairly, and transparently.
+I collect and process personal data only for specified, legitimate purposes and ensure that such data is accurate, up-to-date, and
+retained only as long as necessary for those purposes. Users have rights regarding their personal data, including access,
+rectification, and erasure, which we honor in accordance with GDPR requirements.
+
+It also respects intellectual property rights and complies with the provisions of the DMCA. We have implemented procedures to
+address any claims of copyright infringement and provide a mechanism for copyright holders to report alleged infringements.
+We take such claims seriously and will respond promptly to any notices of claimed infringement.
+
+If you see any resource violating the law, GDPR, or DMCA, contact the Authoritative party with all information and full paths
+and URLs/URIs of the violating content. Without sufficient information, the Authoritative party cannot do anything about
+the violations.
+
+By using our services, you acknowledge our commitment to these regulations and understand that we will take all necessary steps
+to ensure compliance with the law, GDPR, and DMCA.
+
+12. Privacy and Logging
+
+This describes how Privacy and Logging work on all ari-web provided services. By using the services I provide, you agree with these terms
+and policies, and acknowledge the fact that it won't be public unless it is obviously made to be public (for instance, in case of Git forge public repositories).
+No private data (such as email data) will be released or even exported or read without a serious need to do so (for example, need to comply with law enforcement
+or back email data up to avoid data loss).
+
+* Website: Your IP is stored temporarily in memory for rate limiting purposes. Nothing is logged.
+* Matrix homeserver: All data you sent to the Matrix homeserver is stored (including, but not limited to:
+  sessions (including their IPs) for as long as you don't log out, media (for as long as needed), ciphertext
+  of messages in encrypted rooms and plaintext ones in non-encrypted rooms, profile pictures, and
+  generally decentralised Matrix events). For maximum privacy, it is recommended you use encrypted rooms,
+  so the Authoritative party may not see your messages. This data is required for ensuring security and usability
+  of the service and you can delete this data by deleting events yourself and deactivating your account.
+  For full data deletion only on ari.lt, due to how the Matrix protocol works, contact the Authoritative party,
+  which will delete it manually from the database only for ari.lt (as other servers may still have this data due
+  to the decentralised nature of Matrix). Non-identifiable errors on the server are logged for a period of time.
+  You may request deletion of these logs at any point without deleting your account.
+* XMPP/Jabber server: All data you sent to the XMPP/Jabber server is stored (including, but not limited to muti-user-chat
+  (MUC) state, non-encrypted media, and message ciphertext). For maximum privacy, it is recommended you use encrypted MUCs,
+  so the Authoritative party may not see your messages in any way. This data is required for ensuring security and usability
+  of the service and you can delete this data by deleting events yourself and deactivating your account. For full
+  data deletion only on ari.lt, due to how the XMPP/Jabber protocol works, contact the Authoritative party, which will delete
+  it manually from the database only for ari.lt (as other servers may still have this data due to the decentralised nature of XMPP/Jabber).
+  Nothing personal is truly logged except non-identifiable Prosody errors.
+* Git forge: All data you store and send there, including private repositories, is stored on the server unencrypted alongside all
+  user profile data, such as email, avatar, description, email, password hashes, git commits, public GPG and SSH keys,
+  2-factor-authentication (2FA), preferences, blocked users, organizations, etc. This data can be deleted by you deleting your
+  account. Your IP address and what endpoints it is hitting is logged in memory for a period of time until it is either restarted,
+  cleared, or overwritten. You may request deletion of these logs at any point without deleting your account.
+* Email mailboxes: They log the following information for security, moderation, legal, diagnostic, and functionality purposes:
+  Your IP address(es), Login/logout (authentication) attempts, Rate limit triggers, Origin and target of e-mails, Email subject
+  matter and spam score. Some of these logs are purely in memory, though some (last two) are stored for a prologed period of time
+  for diagnostic, moderation, and legal purposes. You may request deletion of these logs at any point without deleting your mailbox.
+  All data you send and recevie to it is stored on the server in an encrypted and compressed format, though that does not mean that the
+  plain text is unrecoverable as the secret keys are stored on the server as well. It is your responsiblity to ensure privacy yourself
+  by using encryption such as RSA or GPG.
+* Email hosting: Same logging policy applies to email hosting as email mailboxes, except with the addition of DMARC reports which show errors
+  and deliverability problems in certain email servers if you choose the DMARC policies the Authoritative party recommends. All data you send
+  and recevie to it is stored on the server in an encrypted and compressed format, though that does not mean that the plain text is unrecoverable
+  as the secret keys are stored on the server as well. It is your responsiblity to ensure privacy yourself by using encryption such as RSA or GPG.
+* Vikunja: Similarly to Git forge, Vikunja stores your IP and endpoints you access in it temporarily in memory. You may request the deletion of
+  these logs at any point without the deletion of your account. All data you store in Vikuja is stored in plain text, unless otherwise encrypted by you.
+* PrivateBin: Does not log anything and ari-web in no capacity can see you IP address or the contents of your pastes without the secret key.
+  Knowing the ID will only allow the deletion of content, but not modification or decryption.
+* Other services: The Hosters are the ones who are responsible for handling the privacy and logging aspect of them.
+  Ari-web only provides the infrastructure for them, but it is not responsible for anything relating to them, except
+  having the ability to limit, transfer, or terminate access to the said infrastructure.
+
+13. Service Availability
+
+Ari-web does not provide any guarantees regarding service availability or uptime. Users and hosts of ari-web services are permitted
+to assume a maximum of 95% yearly uptime; however, this assumption is not to be construed as a guarantee.
+
+The Authoritative party disclaims any liability for service interruptions or downtime, and users acknowledge that they are using
+the services at their own risk. This statement does not create any contractual obligation or liability on the part of ari-web
+regarding service performance.
+
+14. Termination, Limitation, and Transfer
+
+Ari-web reserves the right to terminate, limit, or transfer services, infrastructure, or general access in certain circumstances, as outlined below:
+
+Termination or Limitation of Services: ari-web may terminate or limit services if the Authoritative party deems the service too difficult to control or moderate,
+or if a constant pattern of violations or one extreme and severe violation is detected. For individuals, services may be terminated without notice if they continue
+to violate the terms of service or engage in behavior that the Authoritative party considers unacceptable. Such decisions will be based on the Authoritative party's
+interpretation of this document and their own discretion.
+
+Transfer of Services: Ari-web will only transfer access to services in two scenarios:
+
+* User-Requested Transfer: Upon proof of identity, a user may request a transfer of their service to another party.
+* Legal Compliance Transfer: The Authoritative party may be required by law to transfer access to a user's service, with or without notice, to legal authorities.
+
+In both cases, the Authoritative party reserves the right to make the final determination regarding the transfer of services based on their interpretation
+of the law and the circumstances surrounding the request.
+
+Users acknowledge and agree that the Authoritative party's decisions regarding service termination, limitation, and transfer are final and not subject
+to appeal or legal action.
+
+15. Governing law
+
+Ari-web and its services are subject to the laws of the United States of America, Lithuania, and Sweden.
+Users acknowledge that these jurisdictions govern the use of ari-web services and any disputes that may arise in connection with them.
+This statement is intended to clarify the legal framework applicable to the services offered by ari-web and does not create any
+binding obligations beyond this acknowledgment.
+
+---
+
+By continuing to use ari-web's services, you agree to be bound by these terms and acknowledge the Authoritative party's right
+to enforce them as needed. This document serves as a general guide for accessing and using ari-web's services and is not
+intended to be a legally binding contract.
+
+You understand and accept that ari-web is not a legal entity or company, but rather a service provided by a random person.
+As such, the terms outlined in this document are non-binding and subject to change without notice.
+
+The Authoritative party reserves the right to enforce these terms as deemed necessary, but makes no guarantees regarding
+the consistency or enforceability of the policies described herein. Users are advised to use ari-web's services at their
+own risk and discretion.
+
+By continuing to access and use ari-web's services, you signify your understanding and acceptance of these non-binding
+terms of service. If you do not agree with the terms, you are advised to discontinue using ari-web's services immediately.
 """.strip(),
         mimetype="text/plain",
     )
@@ -425,6 +690,7 @@ def lh(_: str) -> Response:
         code=302,
     )
 
+
 @views.get("/gpg", alias=True)
 @views.get("/gpg/", alias=True)
 @views.get("/4FAD63E936B305906A6C4894A50D5B4B599AF8A2.asc/", alias=True)