This page attempts to describe what personal information this jabber server stores about you and what happens to this data. If you have any questions, please don't hesitate to contact us.

General principles

In general, we strictly adhere to the following basic principles:

  • We store as little information about our users as possible.
    • There is one exception: We take the fight against SPAM seriously. For this reason, the homepage does store connection information for a short period of time to detect automated behavior.
  • Give users as complete control as possible about their own data.
    • Any good XMPP client gives you almost complete control over your data.
    • Our homepage covers some gaps by the XMPP protocol.
  • Never give user data to anyone unless the user explicitly takes a corresponding action.
    • This means that e.g. if you send a message to an account on another server, your JID will obviously be sent along with it. This is part of the normal operation of the XMPP protocol.
    • There is one exception: A court order according to Austrian law (see below).

Connection information

Connection Information is about your connection to our service and what you do from where.

  • The Jabber-service itself does not store any connection information.
  • This homepage does keep track of your activities to enable you to review any suspicious behavior. You can view all data under Recent activity and it is removed after 31 days.
  • Your activities on this homepage are stored in a short-term cache to enable us to detect automated behavior that might impact the stability of this service. Depending on the data, this data disappears automatically after anywhere from an hour to a week.
  • The webserver that serves this website (and e.g. list.jabber.at) keeps access logs (in the standard Apache log format) that are stored for up to four weeks.
    • This includes access to HTTP based Jabber-services, e.g. web presence and any BOSH connections (usually done by web clients).

Account information

We store the following data directly related to your account:

  • The Jabber ID (jid), consisting of user name and domain, used for identifying your account.
  • Your email address to enable you to reset your password in case you ever loose it.
  • The SCRAM-SHA1 hash of the password to your account for authorization when your client connects to the server.
  • Date and time of account creation and when your account was last used. We use that data to periodically delete unused accounts after one year without any login.

Jabber/XMPP related information

A Jabber client may store data on the server. If that data is accessible to others (like a vCard which contains contact details) or accessible only to you (like configuration settings for a Jabber client) lies in the hand of the client you use.

Per default, the server stores the following data about you:

  • The saved contacts (often called "buddies") of a user, plus information about the visibility between this account and the contacts. This ensures that your buddy list stays the same, no matter which client you are using.
  • "Offline messages" (that is, messages others send to you while you are offline) are stored until you log in again (but only for up to 31 days), along with the time the message was sent.
  • If an error occurs while delivering messages, we save a log entry detailing who sent the message to whom at which point of time and why it failed. The actual content of the message is not a part of that entry. We only need the metadata to determine the root of the problem when things go awry.
  • If your client uses XEP-0313: Message Archive Management, your chat messages are stored for 21 days.
  • If your client uses XEP-0363: HTTP File Upload, your file uploads are stored for at most 31 days. Note that some clients only store an encrypted version of the file.

When using gateways/transports, the jabber-server stores the following information:

  • Username and password (if necessary) to connect to that transport (e.g. ICQ, MSN...).
  • A log laying out which Jabber ID at what point of time used which user identity to connect to a gateway/transport.
  • We use different software for various transports, which in turn saves data depending on what is needed for using the transport. If you require detailed information, please contact us.

What happens to that data?

The data is exclusively used to provide you with a Jabber/XMPP service. No data will ever be used commercially nor sold or otherwise made available to third parties. No advertisements are being sent to the users of this service. These principles cannot be changed without notifying all users in advance!

If you connect with other users on a different server, the data you send to them is subject to the privacy policies of that server.

Users of gateways to other IM networks may find that the preservation of his/her privacy also depends on the other system. Specifically, some systems allow third parties to see the presence/online status of users without their confirmation.

The Jabber server does not report the IP addresses of users to other users. All communication using the Jabber protocol (XMPP) takes place with the server as a middleman. Clients can, however, exchange IP addresses, for instance before starting a file transfer. The server will neither examine those addresses nor forward them to third parties.

Statistics about the server's load will be derived from collected data. These statistics are anonymous. No information about single persons can be obtained from them.

Who can access this data?

Two persons have access to the stored data: David and Mati.

Legal situation and cooperation with law enforcement

Austria currently has no data retention laws. It would be illegal for us to retain data longer then directly necessary for running this service. In Austria, a public court can order us to cooperate with law enforcement agencies to help with a criminal investigation. Such an order is only possible if the supposed criminal offense is punishable by at least a year in prison. An order is always only valid for a single accounts and must have a fixed time limit. Cooperation usually means that we have to hand over any stored data as well as start logging the connection (including all messages henceforth send from and to the user) and hand over this data as well. In case of such an order, we are

  • legally forced to cooperate with law enforcement and provide all information requested by the court order.
  • legally barred from informing the person under surveillance.

This of course means that in case of such an order, we will comply, even if we don't like it. None of us is willing to go to prison for an anonymous account. You are of course, regardless of any legal situation, advised to use either OTR, GPG or any other technology for end-to-end encryption. Surveillance orders are fortunately not very numerous:

year No. of court orders
2010 0
2011 0
2012 0
2013 1
2014 0
2015 0
2016 0
2017 0

Backups

The data of the jabber-server is backed up hourly to a remote location. The data is encrypted using GPG before it is sent over the wire, therefore, only Mati and David can decrypt the backups, even if the backup-server is compromised. The hourly backups are stored for 3 days, daily backups are kept for an additional 4 days.

Notes

Please contact us, if you have any further questions.

This server is subject to the laws and regulations of the Republic of Austria and the European Union.