This social network exists out of an obsession with privacy, so let's cut to the chase ...
from one
paranoid human
to another
data kept about you
Given the simplicity of your interaction with this social network, the only data actively kept and directly attached to you is:
1. Your email address
2. Your display name
3. Your messages
4. (new) If you're online/offline(*)
5. (new) Time of your last visit(*)
(*) This data is necessary for email notifications. At the moment, it's captured even if notifications are turned off, which will be fixed in the future.
data used for analysis
Any time you interact with the web, you give away more data than you think you do. This includes:
1. Your device, operating system, browser, and display resolution
2. Your IP address, i.e. rough location
Additionally, the system you're interacting with generates tons of timestamped data that is often logged, at least temporarily. For example:
3. Pages visited, API endpoints requested, etc.
4. Emails sent to you and their delivery status, e.g. for a login link
For the time being, some of this data is kept and analyzed for feedback purposes, especially in the context of error tracking and system performance monitoring. It is not, however, used to keep a behavioral profile of you for any purposes whatsoever.
More transparency about the specifics of these analyses to be provided in the near future.
data NOT actively captured(*)
1. How you navigate, what buttons you click, how you spend your time in the app
2. If you see a post or a message or not
3. (new) If you're online or not
4. How often you log in or not
(*) It can be hard to distinguish between what's captured and not when the system generates all sorts of data all the time and one can put together different pieces to reach a certain piece of information even if it is not captured explicitly. The use of "actively" here means whether such data is systematically stored or analyzed.
cookies, anyone?
1. One cookie so you don't have to log in every time you visit the website.
2. One cookie used by Sentry for error tracking (currently NOT self-hosted, see below).
third-party services
This first iteration is looser than one would like with regards to using hosting and SaaS services, for the sake of agility. Currently, these services are:
1. DigitalOcean for hosting
2. Sentry for error tracking
3. Mailgun for sending emails
4. (new) Matomo for visitor analytics
5. New Relic for system monitoring
Watch this space as more and more of these services are replaced with self-hosted versions or self-hosted alternatives.
there's good transparency
but not enough control
Fair enough. In the near future, you'll be able to opt in and out of much of what's being captured and how it's used. For the time being, your help in giving feedback about this app is highly appreciated.