What we stand for
Niel.site is committed to protecting our user's data at our server environment, which are collected from our XMPP service as well as from other web presence provided by us. To guarantee our users privacy, we do not sell or give access to any third party organization and held our server and it's software up to date. As well we do not save any data permanently in our server storage (check further information about below). We have our server located in Switzerland, which ensures better privacy due to its political stability and economic independencies.
General privacy statement
Generally, we do not want to gather private information from our users, but in order to provide an excellent user experience, we have to save certain user data and vcard contact information. An overview about which data in which form are stored you can gain below:
Collecting and storage of user data's
XMPP Username, e.g. firstname.lastname@example.org
XMPP Passwords are hashed SCRAM-SHA-1 stored
Archive messages: Depending on the client you are using and if you turned to archive on in the settings, messages will be saved for two weeks until they get auto removed.
Private messages: Private messages are instant messages that you send to other XMPP users on our or other servers. If your messages are sent through other services, then it is possible that those services can log your messages, and we do not have control over those services. However, your messages are never intentionally logged here on our server**.
Offline messages: If you are not online when someone sends you a message, the message is stored on our server for delivery when you log in again. This so-called offline message storage is not encrypted and temporarily saved for two weeks.
Any other data the client stores in his vCard or made public by him/herself
Chat rooms: In our official chatrooms messages are stored by default for 3 weeks. Maximal can 400 messages are retrieved. For any other chat rooms created we disabled logging by default. (Owner of the chatroom can turn archiving on)
HTTP Upload: Files are stored for two weeks until they are deleted. Max file size of 250 MB per two weeks is permitted.
Email address: This is required by default when register and will be saved in the users vCard.
**Attention: Depending on your client's settings, messages can be archived. Please read the point 'Archive messages' for further information'
By default, IP's are not logged when connecting to our server or visiting https://niel.site. The only exception we do save the users IP is after registration attempts due to spam abuse protection. The IP's are stored on a separated secure database and auto-deleted after one day!
Neither we nor other third parties (e.g. Facebook, Twitter, or any other social media) can sniff user appearance at https://niel.site. We prohibit any kind of sniffing with the header nosniff.
Our web presence has conversejs integrated as a web client which uses local storage and session storage to store vcard, roster and login credentials locally in your browser. Username and Password are encrypted stored, whereas vcard and roster are not. To login into conversejs, we use a custom login form and pass the login credentials to conversejs. After you submit your login credentials, the strings are aes-encrypted and aswell stored in the local storage. If you intend to clear your website data, there exists a simple tweak:
Click again the image at the bottom right. An alert box will appear and ask if you really want to wipe local storage and session storage. Confirm it and you have securely removed all XMPP relevant data.
If you are using OMEMO Encryption within niel.site web client you have to make sure that you DON'T wipe local storage and session storage by clicking in the right corner! Since you will remove all your OMEMO keys stored in your browsers local storage, which are required to decrypt the message later on again when you log in the next time. Also, have in mind that clearing browser cache has the same effect! The same happens when you uncheck a trusted device before submitting the form. The explanation when this procedure might be intendedly performed is when you want to prohibit anyone to read your messages. In this case, no one can EVER read your messages again! (except the opponent chat partner has still his keys and the messages aren't yet deleted ;))
In order to prevent service interruptions, we back up data related to our services. These backups include system backups, configuration files, and databases.