iliketrains.fyi (hereinafter "the Service") is a Matrix homeserver instance operated by Luna (hereinafter "the Provider") under Swedish jurisdiction. The Service provides federated, end-to-end encrypted (E2EE) communication infrastructure based on the Matrix protocol, an open standard for decentralized, real-time communication.
The Matrix protocol operates on a federated architecture where individual homeserver instances communicate with each other through server-to-server federation. The Service stores encrypted message content and metadata as requested by recipients, but by design, the Provider has no technical capability to decrypt end-to-end encrypted communications between users.
This document is drafted in accordance with:
Under Article 3(g)(iii) of the DSA, the Provider operates as a "hosting service provider," defined as "a service consisting of the storage of information provided by, and at the request of, a recipient of the service." This classification is consistent with Swedish implementation of EU intermediary service regulations.
Pursuant to Article 6 of the Digital Services Act, the Provider is exempt from liability for information stored at the request of service recipients, provided that the Provider:
Due to the fundamental architecture of the Matrix protocol with end-to-end encryption (E2EE):
Article 8 of the DSA explicitly states that no general obligation shall be imposed on hosting service providers to monitor the information they transmit or store, nor to actively seek facts or circumstances indicating illegal activity. This principle is particularly applicable to E2EE services where such monitoring would be technically impossible without fundamentally undermining the encryption.
If the Provider qualifies as a micro or small enterprise under Commission Recommendation 2003/361/EC (fewer than 50 employees and annual turnover under €10 million for small enterprises; fewer than 10 employees and annual turnover under €2 million for microenterprises), the Provider is exempt from certain DSA obligations, specifically: Article 16 (notice-and-action mechanism), Article 17 (statement of reasons), and Article 20 (internal complaint-handling system). Notwithstanding these exemptions, the Provider voluntarily maintains a notice mechanism (§4) and provides statements of reasons for moderation decisions (§4.3) as a matter of transparency and good practice.
The Provider explicitly disclaims responsibility for:
Legal Basis: The Provider operates as a neutral technical intermediary with no editorial control over user content. Under the DSA Article 6 liability exemption framework and established EU case law, hosting providers maintaining a "technical, automatic and passive" role are not liable for hosted content absent actual knowledge of illegality.
The Matrix protocol's federated nature means users may interact with users and content on external homeserver instances operated by third parties. The Provider:
Given the end-to-end encrypted nature of communications on the Service:
Users are solely responsible for:
While the Provider has no technical means to proactively monitor encrypted content, the Provider maintains a notice mechanism for users to report potentially illegal content or conduct. Reports may be submitted electronically to the Provider via me@luwuna.gay. In accordance with DSA Article 16(2), an effective notice should contain:
User reports submitted to the Provider regarding content within end-to-end encrypted rooms have inherent limitations:
Upon receiving a valid report that provides the Provider with actual knowledge of illegal activity or content, and where technically feasible, the Provider will:
The Provider operates under Swedish jurisdiction and evaluates content legality primarily according to Swedish and EU law. Content that may be illegal in other jurisdictions is not automatically subject to removal unless it also violates Swedish/EU law or the Provider's Terms of Service.
When the Provider takes a decision to restrict, suspend, or terminate a user's account, or to remove or disable access to content, the affected user will receive a statement of reasons including: the specific decision taken and the content or account affected; the grounds for the decision (identifying the applicable legal provision or Term of Service violated); whether the decision was made on the basis of a user report or the Provider's own investigation; whether any automated means were involved in the decision (currently: none — all decisions are made via human review); and available redress options, including the right to contact the Provider to appeal the decision.
The Matrix protocol employs the Olm and Megolm cryptographic ratchets to implement end-to-end encryption. This technical implementation means:
| Limitation | Consequence |
|---|---|
| Server-side encryption | Messages are encrypted before reaching the Provider's servers and remain encrypted at rest |
| No server key access | The Provider does not possess cryptographic keys necessary to decrypt message content |
| Client-side decryption | Only authorized recipients with proper keys can decrypt messages |
| Forward secrecy | Olm (1:1 sessions) provides forward secrecy via the Double Ratchet; Megolm (group sessions) provides forward secrecy within a session but has weaker post-compromise security |
While message content is encrypted, certain metadata is necessarily visible to the Provider for operational purposes:
This metadata is essential for protocol operation and cannot identify message content or substantive communications.
The Matrix federation protocol requires certain data exchanges between homeservers to function:
By using the Service, users agree to:
Users are expressly prohibited from:
The Provider acknowledges that enforcement of these prohibitions is limited by the technical constraints of E2EE. The Provider relies primarily on:
Content Moderation Disclosure (DSA Article 14): In accordance with DSA Article 14(1), the Provider discloses that content moderation is performed exclusively through human review of user-submitted reports — no algorithmic or automated content moderation tools are used. Due to E2EE, the Provider cannot inspect message content proactively. Moderation decisions are based on evidence provided in reports (§4.1), visible metadata, and publicly accessible content (profile information, room names, unencrypted rooms).
The Provider processes personal data in accordance with the GDPR and Swedish data protection law. A separate Privacy Policy details data processing activities, legal bases, retention periods, and user rights.
Due to Matrix federation architecture, multiple data controllers may exist for a single conversation:
The Provider will respond to valid legal process (court orders, search warrants) issued by Swedish authorities in accordance with Swedish law. Due to E2EE limitations:
The Service is provided "AS IS" and "AS AVAILABLE" without warranties of any kind, express or implied. The Provider does not guarantee:
To the maximum extent permitted by Swedish law, the Provider shall not be liable for:
The Provider's total aggregate liability for all claims arising from or relating to the Service shall not exceed the amount paid by the user to the Provider in the twelve (12) months preceding the claim. For free accounts, liability shall not exceed one hundred (100) Swedish Kronor. This limitation does not apply to damages caused by the Provider's wilful misconduct or gross negligence, nor does it affect any mandatory consumer rights under Swedish or EU consumer protection law that cannot be limited by contract.
The Provider is not liable for failure to perform obligations due to circumstances beyond reasonable control, including but not limited to acts of God, war, terrorism, civil unrest, government actions, network failures, power outages, or acts of third parties.
The Matrix protocol is open source and governed by the Matrix.org Foundation. The Provider's implementation, configuration, and any proprietary modifications remain the intellectual property of the Provider.
Users retain all intellectual property rights in content they create and transmit through the Service. By using the Service, users grant the Provider a limited, non-exclusive license to store, transmit, and display content solely as necessary to provide the Service.
The Provider respects intellectual property rights. In accordance with the EU E-Commerce Directive (Directive 2000/31/EC, Article 14) and the EU Copyright Directive (Directive (EU) 2019/790), users who believe their rights have been infringed should submit a substantiated notice containing:
False or bad-faith claims may give rise to liability under applicable civil law.
The Provider reserves the right to suspend or terminate user accounts:
Users may terminate their use of the Service at any time by:
Upon termination, the user's access to the Service will be revoked, the Provider will delete user account data in accordance with the Privacy Policy and GDPR requirements, content may persist on external federated servers beyond the Provider's control, and backup copies may be retained for a limited period as required by law or legitimate operational needs.
To the extent permitted by applicable law, users agree to indemnify, defend, and hold harmless the Provider, its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising from:
This indemnification obligation survives termination of the user's account or use of the Service. Nothing in this section overrides mandatory consumer protections under Swedish or EU law.
These Terms of Service and any dispute arising from or relating to the Service shall be governed by and construed in accordance with the laws of Sweden, excluding conflict of law principles.
Any disputes, claims, or controversies arising from or relating to these Terms or the Service shall be subject to the jurisdiction of the Swedish courts, with venue in the district court where the Provider is domiciled. This clause does not prevent consumers from bringing proceedings in the courts of the Member State in which they are domiciled, in accordance with applicable EU consumer protection law.
Users agree to first attempt informal resolution by contacting the Provider before initiating formal legal proceedings. The Provider will make good faith efforts to resolve disputes amicably within thirty (30) days of receiving written notice of a dispute.
Nothing in these Terms limits any mandatory consumer rights under Swedish or EU consumer protection law. If any provision conflicts with applicable consumer protection law, the consumer protection provisions shall prevail.
The Provider reserves the right to modify these Terms of Service at any time. Material changes will be communicated to users through:
Minor changes (clarifications, formatting, corrections that do not materially affect user rights or obligations) take effect thirty (30) days after notice is provided. Changes required by law may take effect immediately upon notice.
Material changes (changes that alter user rights, obligations, or the scope of the Service) take effect thirty (30) days after notice; continued use of the Service after the effective date constitutes acceptance of the updated Terms. Users who do not agree with material changes may terminate their use of the Service and request account deletion before the effective date.
If any provision of these Terms is found to be unlawful, void, or unenforceable by a court of competent jurisdiction, that provision shall be deemed severable and shall not affect the validity and enforceability of the remaining provisions. The invalid or unenforceable provision shall be replaced with a valid, enforceable provision that most closely matches the intent of the original provision.
For questions, concerns, or notices regarding these Terms of Service or the Service, users may contact:
This contact point serves as the Provider's single point of contact for the purposes of DSA Article 11 (communication with Member State authorities, the European Commission, and the European Board for Digital Services) and DSA Article 12 (communication with recipients of the Service). This contact point is accessible by electronic means (email) and is available in English and Swedish. Communications shall not rely solely on automated tools.
These Terms of Service, together with the Privacy Policy and any other policies incorporated by reference, constitute the entire agreement between users and the Provider regarding use of the Service and supersede all prior or contemporaneous understandings, agreements, representations, and warranties, whether written or oral, regarding the Service.
By creating an account, accessing, or using the Service, users acknowledge that they have read, understood, and agree to be bound by these Terms of Service. Users represent and warrant that they have the legal capacity to enter into this agreement and that their use of the Service complies with all applicable laws. Users specifically acknowledge: