General principles
jix.IM administrator takes the protection of personal information very seriously and strictly adheres to the rules of data protection laws. Personal data is collected on this server only to the extent technically necessary and for as short as possible. The following basic rules are strictly adhered to:
- Storing as little information about users as possible.
- Give users as complete control as possible about their own data.
- Never give user data to anyone unless the user explicitly takes a corresponding action or there is a legal obligation to disclose that information.
What data is collected?
Connection information
Connection Information is about your connection to this service and what you do from where. When you use the XMPP server or this website, your IP address will be transmitted and can be logged by the server:
- IP address can be used to detect malicious traffic. When the filter systems determine that they have detected such malicious traffic, they will block the IP address and store it in the database for a period of time until the traffic is unblocked.
- The XMPP service itself does not store any connection information.
- The XMPP server does not report the IP addresses of users to other users. All communication using the XMPP protocol takes place with the server as a middleman. However, clients can exchange IP addresses, for example, before starting a file transfer. The server will not examine these addresses or pass them on to third parties.
- The web server that serves this website collects standard access logs (including the IP address and information about the used browser) that are stored for up to 30 days.
Website related information
This website sends and collects information using these third-party sources:
- Google Analytics – a tool provided by Google for analyzing website statistics. IP addresses are anonymized when data is transmitted to Google.
- Google reCAPTCHA – a tool provided by Google that protects websites from spam and abuse by using advanced risk analysis techniques to tell humans and bots apart. Used on this website to protect all forms.
- MailCheck.ai – a service used to prevent users to sign up with temporary email addresses. In order to protect personal data, only the domain name from the e-mail address is transmitted to this service.
- Akismet – a spam fighting service that checks contact form submissions.
Account information
The following data directly related to your account is stored:
- The Jabber ID (JID), consisting of username and domain, used for identifying your account.
- Your email address to enable you to reset your password in case you lose it.
- The SCRAM-SHA1 hash of the password to your account to authorize login.
- Date of account creation and when your account was last used. This data is used to periodically delete unused accounts.
XMPP related information
An XMPP client can send data to the server, and whether this data will be available to others or only to you is entirely up to you or the settings of the XMPP client you are using.
The server may store the following data:
- Account related data that you can voluntarily provide in your XMPP client, e.g. home address or phone number.
- A list of your contacts (often called as “roster” or “buddies”) and information about the visibility between your account and those contacts. This list is managed by you, you decide who gets on this list and who gets removed.
- Offline messages, when someone sent you a message while you were offline, are stored until you log in again.
- Message Archive, which is disabled by default and to enable it, you need to change server-side archiving preferences with your XMPP client. This can come in handy if you are logging in with a new device and want access to your message history and is also required if you want to use the OMEMO encryption with multiple devices.
- If your XMPP client uses XEP-0363: HTTP File Upload, your file uploads are stored on the server. It is useful when you want to share files with your contacts or a multi-user conference chat for later retrieval by the recipients.
- Semi-public data that you are publishing for your contacts, such as your avatar or the OMEMO public keys.
- Other private data that your XMPP client might upload, such as a list of conference bookmarks.
When using transports, the server stores the following information:
- Username and password to connect to that transport (e.g. Facebook, Skype, Gadu-Gadu).
- A log that identifies what JID and at what point of time used the user’s identity to connect to the transport.
- Note that when using transports to other networks, the data you send to them is subject to the privacy policies of those networks.
What happens to this data?
The data is only used to provide the XMPP service. In no case will the collected personal data used commercially nor sold or passed on to third parties, unless there is a legal obligation to disclose this data.
You can delete all data about yourself by deleting your account and all related information will be deleted with it. Including stored files and messages.
If you connect with other users on a different server, the data you send to them is subject to the privacy policies of that server.
Statistics about the server load are created from the collected data. These statistics are anonymous and information about individual persons cannot be obtained from them.
Who can access to this data?
Only one person has access to the stored data: Krzysztof Grochocki – administrator and owner of the servers that provide these services.
Backups
Every four hours, an encrypted backup of the XMPP server data is performed to a remote location. Backups are kept for 14 days.
Notes
This server is subject to the laws and regulations of the Republic of Poland and the European Union.