Privacy Policy

1. Introduction#

1.1 English, Not Legalese#

Most Terms of Use and Privacy Policy documents are unreadable. They are written by lawyers and for lawyers, and in our opinion are not very effective.

Privacy is important, and we want you to understand the issues involved. For that reason we decided to use plain English as much as possible, to make our terms as clear as possible. Some sections still have room for improvement - we plan to tackle these over time.

Where you read 'Greyman Network', 'GMN', or 'greyman.network' it refers to all services made available at greyman.network for:

  • The GMN hosted Element chat web application, an open source Matrix client which you can use to connect to our server that implements the Matrix protocol;
  • The GMN hosted Matrix homeserver and associated services that implements the Matrix protocol.

Where you read 'homeserver', 'homeservers' or 'the Homeserver', it refers to the services hosted by GMN which store the user account and personal conversation history, provide additional functionality such as bots and bridges, and communicate via the open Matrix decentralized communication protocol with the Greyman Network.

Where you read 'the Service' in this document, it refers to all services exposed on the following root and subdomains by GMN:

GMN is the Data Controller for your data. We can be contacted as per the details below:

Email: [email protected]

Should you have any other questions or concerns about this document, please send us an email.

1.2 Scope of This Document#

This document explains how we process personal data, as it relates to:

  • GMN hosted Element chat web application at greyman.network
  • GMN hosted Matrix homeserver and associated services that implement the Matrix protocol.

1.3 The User#

This document is designed to explain Data Protections issues relating to GMN Users. Put simply, if you have an account registered on our GMN homeserver that you use to send and receive messages, or use the GMN hosted Element web application to connect to our homeserver, you are a User.

1.4 Changes to This Document#

Over time we may make changes to this document. If we make a material change we will provide the User with reasonable notice prior to the change. We will set forth the date upon which the changes will become effective; any use of GMN by the User will constitute the User's acceptance of these changes.

Your access and use of GMN is always subject to the most current version of this document.

2. Access to Your Data#

2.1 What is the legal basis for processing my data and how does this affect my rights under GDPR (General Data Protection Regulation)?#

2.1.1 Legal Basis for Processing#

We collect your IP address when you request access to the GMN. This data is collected under Legitimate Interest, to support operational maintenance and to protect against malicious actions against our infrastructure.

2.1.2 Data Ownership - Messaging and File data within GMN#

GMN owns and controls all messages and files submitted to our homeserver by User accounts registered natively on our homeserver.

This means that, in addition to the usual data access controls defined by the Matrix protocol, all unencrypted messages and files can be accessed by the GMN, and that access is retained even if no User account within the system retains access to the data.

2.1.3 Your Rights as Data Subject#

You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. Some of these rights are explored in more detail elsewhere in this document. For completeness, your rights under GDPR are:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

For more information about these rights, please see the guidance provided by the ICO. If you have any questions or are unsure how to exercise your rights, please contact us at [email protected].

2.2 What Information Do You Collect About Me and Why?#

2.2.1 Information you provide to us:#

We collect information about you when you input it to the GMN hosted Element web application or otherwise provide it directly to us.

2.2.2 Information we collect automatically as you use the service:#

Connection Information#

We log the IP addresses of everyone who accesses GMN. This data is used in order to mitigate abuse, debug operational issues, and monitor traffic patterns. Our logs are kept for 180 days.

2.3 Sharing Data in Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights#

In exceptional circumstances, we may share information about you with a third party if we believe sharing is reasonably necessary to:

  1. Comply with governmental request (see footnote),
  2. Protect GMN and our Users from harm or illegal activities, or
  3. Respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the serious bodily harm of any person.

With regards to #1, please see our documentation on how encryption on GMN works to understand which data would be available in such a request.

2.4 How Do You Handle Passwords?#

We never store password data in plain text; instead they are stored hashed (with at least 12 rounds of bcrypt, including both a salt and a server-side pepper secret). Passwords sent to the server are encrypted using SSL. โ€ It is your sole responsibility to keep your user name, password and other sensitive information confidential. Actions taken using your credentials shall be deemed to be actions taken by you, with all consequences including service termination, civil and criminal penalties.

If you become aware of any unauthorized use of your account or any other breach of security, you must notify GMN immediately by sending an email to [email protected]. Users should manage good password hygiene (e.g. using a password manager) and change their password if they believe their account is compromised.

If you forget your password (and you have registered an email address) you can use the password reset facility to reset it.

2.5 Our Commitment to Children's Privacy#

We never knowingly collect or maintain information in GMN, through any of the Services provided, from those we know are under 16, and no part of GMN is structured to attract anyone under 16. If you are under 16, please do not use the Service.

2.6 How Can I Access or Correct My Information?#

You can request a copy of your data by emailing [email protected]. We are working on a solution which will allow you to download the data automatically.

2.7 What Are the Guidelines GMN Follows When Accessing My Data?#

We restrict who at GMN can access GMN data to roles which require access in order to maintain the health of the GMN apps and services.

We never share what we see with other Users or the general public.

2.8 Who Else Has Access to My Data?#

We host all of GMN services locally on our own hardware and network. Physical access to our systems are protected under typical access restrictions and typically under armed protection.

We use Cloudflare to mitigate the risk of DDoS attacks. Here's Cloudflare's privacy policy.

2.9 How Is My Data Protected from Another User's Data?#

All of the GMN User data resides within the system. We use software best practices to guarantee that only GMN can access it. In other words, we segment User data via software. We do our best and are very confident we're doing a good job at it, but, like every other service that hosts User data on the same database, we cannot guarantee that it is immune to a sophisticated attack.

2.10 What Should I Do If I Find a Security Vulnerability in the Service?#

If you have discovered a security concern, please email us at [email protected] or contact an administrator in the GMN server. We'll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. Information security is our highest priority, and work to address any issues that arise as quickly as possible.

Please act in good faith towards our users' privacy and data during your disclosure. White hat security researchers are always appreciated.

3. Making a Complaint#

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention at [email protected] if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

4. Document History#

VersionDateComment
1.0.02021, March 15Policy document created and exposed online.