Privacy Policy

Data Minimization

We strive to minimize data collection and logging at the technical level to avoid having much sensitive data in the first place. The fewer sensitive data we have the fewer effort it will take us to make unauthorized access to the data we have, hard.

Website

When you visit this website we log the following information and store it for 30 days:

  • timestamp
  • HTTP request and response code
  • HTTP Referer
  • User Agent
  • TLS protocol version/cipher

(We do NOT log your IP address.)

An aggregated version of that data (amount of HTTP requests per TLS protocol/cipher per user agent string per month) is stored for one year.

We collect that data to make informed decisions on when we can disable specific TLS versions.

The frequency of HTTP requests are stored for one year.

In case of a total server outage, network outage or exceptionally high web request rate that our server is unable to handle we might temporarily host our website on third party servers (by updating our DNS records) to increase availability. In these exceptional cases we have no control over the logging practices of the third party provider, but we strive to minimize the time we use such services and aim to transparently communicate such temporary DNS changes via Twitter/Mastodon.

In the unlikely case, when your browser detects a security problem on our website, it will submit details about this security event to us via a third party service (report-uri.com). This allows us to detect and to respond to security issues.

Email

If you send us an email to our domain your email will be processed by servers operated by Mailbox.org. You can encrypt your emails to us using PGP.

3rd Party Content

Your browser will send requests to 3rd party service providers when you visit the following sub-domains:

We have no control over their logging and privacy practices.

We recommend to use Tor Browser for the web and GPG for email (i.e. via Enigmail).