haeder.net Privacy Notice
Please read this document carefully before accessing or using this service!
English, Not Legalese
Data privacy is important, and we want you to understand the issues involved. For that reason we decided to use plain English instead as much as possible, to make our terms as clear as possible. Some sections still have room for improvement - we plan to tackle these over time.
When you read ‘haeder.net’ or ‘the Service’ below, it refers to the services made available at haeder.net which store your account and created content, provide services, and communicate via the federation protocols with the rest of the federated social web (which consists of hundreds of other servers).
Where you read Private individual or we or us below, it refers to the maintainers of haeder.net. This agreement does not apply to Socialhome servers run by anyone else - the federated social web is an open network like the Web and this agreement only applies to the server (haeder.net) provided by Private individual.
If this agreement is not acceptable, please use a Socialhome server provided by someone else!
Private individual is the Data Controller for the Service. We can be contacted as per the details below:
Should you have other questions or concerns about this document, please send us an email.
Using The Service Means Accepting These Terms
By accessing or using the Service in any way, whether you have created a Socialhome account on the haeder.net server, or whether you are accessing content federated from the haeder.net server to another Socialhome or other federated social web server, or are just browsing content as an unauthenticated guest, you agree to and are bound by the terms and conditions written in this document.
If you do not agree to all of the terms and conditions contained in this document, please use a Socialhome server provided by someone else and refrain from accessing content federated from this server.
This Is a Living Document
This is a living document. With your help, we want to make it the best in the industry.
If you read something that rubs you the wrong way, or if you think of something that should be added, please get in touch! We’re all ears! Email email@example.com and we’ll chat.
We don’t amend this document for any specific users or use case, but if your proposed changes apply to all of our users, we’ll be happy to update it for everyone.
We will likely improve this document over time. By continuing to use the Service, you will implicitly accept the changes we make.
Your access and use of the Service is always subject to the most current version of this document.
What is the legal basis for processing my data and how does this affect my rights under GDPR (General Data Protection Regulation)?
Legal Basis for Processing
Private individual processes your data under Legitimate Interest. This means that we process your data only as necessary to deliver the Service, and in a manner that you understand and expect.
The Legitimate Interest of our Service is the provision of decentralised and openly-federated communication services. The processing of user data we undertake is necessary to provide the Service. The nature of the Service and its implementation results in some caveats concerning this processing, particularly in terms of GDPR Article 17 Right to Erasure (Right to be Forgotten). We believe these caveats (discussed in the section below in detail) are in line with the broader societal interests served by providing the Service.
In situations where the interests of the individual appear to be in conflict with the broader societal interests, we will seek to reconcile those differences guided by our policy.
Right to Erasure
You can request that we forget your copy of content and files by instructing us to delete your account from account settings. What happens next depends on who else had access to the content and files you had shared.
Any content or files that were only accessible by your account will be deleted from our servers within 30 days.
Where you shared content or files with another user on another server, that user could still have access to their copy of the content or files. We will send out a revocation message for the content and files you have requested to be deleted to all other servers in the federated social web that we have reason to believe have received your content or files. It is impossible for us however to guarantee that the servers will receive this delete request or that they will honour it and delete your content or files they have stored on their server. Under no situation is Private individual responsible if content or files deleted on our server remain available on another server.
Under GDPR you have a right to request a copy of your data in a commonly-accepted format. You can export your data, including your profile, created content and uploaded files from the account settings page. The export is available in JSON format.
Your Rights as Data Subject
You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. Some of these rights are explored in more detail elsewhere in this document. For completeness, your rights under GDPR are:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
What Information Do You Collect About Me and Why?
The information we collect is purely for the purpose of providing your communication service via Socialhome. We do not profile users or their data on the Service.
Be aware that while we do not profile users on the Service, Socialhome clients or other servers in the federated web may gather usage data.
Information you provide to us:
We collect information about you when you input it into the Service or otherwise provide it directly to us.
Account and Profile Information
We collect information about you when you register for an account. This information is kept to a minimum on purpose, and is restricted to:
Your email address
Display Name (if you choose to provide one)
Your username and password is used to authenticate your access to the Service and to uniquely identify you within the Service.
We will use your email address to let you reset your password if you forget it, and to send you notifications from the Service. We may also send you infrequent messages about platform updates. We will not use your email for marketing purposes.
Content you provide through using the Service
We store and distribute the content and files you share using the Service (and across the wider federated social web) as described by the Diaspora and ActivityPub protocols, and according to the access rules configured within the system. Storing and sharing this content is the reason the Service exists.
This content includes any information about yourself that you choose to share.
Information we collect automatically as you use the service:
Device and Connection Information
When you access the Service, we may record details about your device (like operating system, browser and versions), the IP address it used to connect, user agent, and the time at which the access happened.
This information is gathered for debugging purposes only in webserver logs. Our logs are kept for not longer than 180 days.
What Information is Shared With Third Parties and Why?
Sharing Data with Connected Services
The haeder.net server is a decentralised and open service. This means that, to support communication between users on different servers or different platforms, your username, display name and content and files are sometimes shared with other services that are connected with the haeder.net server.
Socialhome servers share user data with the wider ecosystem over federation.
- When you create content or upload files, a copy of the data is sent to other servers. You can target content with different visibility levels (see below). When sending your content or files to other servers, your username, display name and current profile image will be replicated to the other servers.
Public - a copy of the data will be sent to every known server or every server that has indicated it is interested in public content.
Site - a copy of the data will only be shared within haeder.net.
Limited - a copy of the data will be shared with any servers that contain recipients that the content is targeted to.
Self - no copies of the data will be made visible to other servers or other users on haeder.net.
We will delete your copy of your data upon your request. We will also forward your request to have the data deleted onto federated servers. However - these servers are outside our span of control, so we cannot guarantee they will delete your data.
Federated servers can be located anywhere in the world, and are subject to local laws and regulations.
Federated servers which respect the federation protocols are asked to honour these controls and redaction/erasure requests, but other federated servers are outside of the span of control of Private individual, and we cannot guarantee how this data will be processed. Federated servers can also be located in any territory, and will be subject to the local regulations of that territory. If the way in which data is shared is not acceptable to you, please use a different server or service.
Sharing Data in Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights
In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to
(a) comply with any applicable law, regulation, legal process or governmental request,
(b) protect the security or integrity of our products and services (e.g. for a security audit),
(c) protect Private individual and our users from harm or illegal activities, or
(d) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the serious bodily harm of any person.
How Do You Handle Passwords?
We never store password data in plain text; instead they are stored hashed.
It is your sole responsibility to keep your user name, password and other sensitive information confidential. Actions taken using your credentials shall be deemed to be actions taken by you, with all consequences including service termination, civil and criminal penalties.
If you become aware of any unauthorized use of your account or any other breach of security, you must notify Private individual immediately by sending an email to firstname.lastname@example.org.
If you forget your password you can use the password reset facility to reset it.
We will never change a password for you.
Our Commitment to Children’s Privacy
We never knowingly collect or maintain information in the Service from those we know are under 16, and no part of the Service is structured to attract anyone under 16. If you are under 16, please do not use the Service.
How Can I Access or Correct My Information?
You can access and modify all your personally identifiable information that we collect from the profile and account pages in the Service. You can also download a copy of all your data as per section 2.1.3.
Who Can See My Messages and Files?
Users connecting to the haeder.net server (directly or over federation) will be able to see content and files according to the visibility setting of the particular content. This data is stored in the format it was received on our servers, and can be viewed by Private individual engineers (employees and contractors) under the conditions outlined below.
We use HTTPS to transfer all data.
What Are the Guidelines Private individual Follows When Accessing My Data?
We restrict who at Private individual (employees and contractors) can access user data to roles which require access in order to maintain the health of the Service.
We never share what we see with other users or the general public.
What Should I Do If I Find a Security Vulnerability in the Service?
If you have discovered a security concern, please email us at email@example.com. We’ll work with you to make sure that we understand the scope of the issue, and that we fully address your concern.
Please act in good faith towards our users’ privacy and data during your disclosure. White hat security researchers are always appreciated.
Making a Complaint
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention at firstname.lastname@example.org if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.