iliketrains.fyi (hereinafter "the Service") is a Matrix homeserver instance operated by Luna (hereinafter "the Provider") under Swedish jurisdiction. The Service provides federated, end-to-end encrypted (E2EE) communication infrastructure based on the Matrix protocol, an open standard for decentralized, real-time communication.
This Service operates as a safe space for queer communities and marginalized individuals. We are committed to fostering an inclusive, welcoming, and respectful environment where all users can communicate freely without fear of discrimination, harassment, or bigotry. The Service explicitly prohibits all forms of discrimination, hate speech, and targeted harassment based on identity, including but not limited to:
The Matrix protocol operates on a federated architecture where individual homeserver instances communicate with each other through server-to-server federation. The Service stores encrypted message content and metadata as requested by recipients, but by design, the Provider has no technical capability to decrypt end-to-end encrypted communications between users.
This document is drafted in accordance with:
Under Article 3(g)(iii) of the DSA, the Provider operates as a "hosting service provider," defined as "a service consisting of the storage of information provided by, and at the request of, a recipient of the service." This classification is consistent with Swedish implementation of EU intermediary service regulations.
Pursuant to Article 6 of the Digital Services Act, the Provider is exempt from liability for information stored at the request of service recipients, provided that the Provider:
Due to the fundamental architecture of the Matrix protocol with end-to-end encryption (E2EE):
Article 8 of the DSA explicitly states that no general obligation shall be imposed on hosting service providers to monitor the information they transmit or store, nor to actively seek facts or circumstances indicating illegal activity. This principle is particularly applicable to E2EE services where such monitoring would be technically impossible without fundamentally undermining the encryption.
If the Provider qualifies as a micro or small enterprise under Commission Recommendation 2003/361/EC, the Provider is exempt from certain DSA obligations, specifically: Article 16 (notice-and-action mechanism), Article 17 (statement of reasons), and Article 20 (internal complaint-handling system). Notwithstanding these exemptions, the Provider voluntarily maintains a notice mechanism (§5) and provides statements of reasons for moderation decisions (§4.4) as a matter of transparency and good practice.
The Provider explicitly disclaims responsibility for user-generated content transmitted, stored, or accessed through the Service; messages, files, images, or any other content uploaded, shared, or communicated by users; actions, statements, or conduct of users while utilizing the Service; content in federated rooms hosted on external Matrix homeservers; and any illegal, defamatory, offensive, or otherwise objectionable content that may be transmitted through the Service.
Legal Basis: The Provider operates as a neutral technical intermediary with no editorial control over user content. Under the DSA Article 6 liability exemption framework and established EU case law, hosting providers maintaining a "technical, automatic and passive" role are not liable for hosted content absent actual knowledge of illegality.
The Matrix protocol's federated nature means users may interact with users and content on external homeserver instances operated by third parties. The Provider has no control over external homeservers or their policies, cannot be held responsible for content originating from or stored on external servers, cannot guarantee the security, privacy practices, or legal compliance of external homeservers, and is not liable for actions taken by administrators of external homeservers. The Provider cannot enforce the community values and anti-discrimination policies of this Service on external servers.
Given the end-to-end encrypted nature of communications on the Service, the Provider cannot access, read, inspect, or moderate the content of encrypted messages; cannot verify compliance with these Terms or applicable law with respect to encrypted message content; has no means to detect illegal content or prohibited conduct within encrypted communications without user reports; and users bear sole responsibility for the legality and appropriateness of content they transmit via encrypted channels.
Users are solely responsible for ensuring their use of the Service complies with all applicable laws in their jurisdiction, the content of their communications and materials shared through the Service, respecting the intellectual property rights, privacy rights, and other legal rights of third parties, their interactions with other users and any consequences arising therefrom, maintaining the security and confidentiality of their account credentials and encryption keys, and treating all community members with dignity and respect.
By using the Service, users agree to comply with all applicable Swedish and EU laws, respect the rights, dignity, and safety of other users, use the Service only for lawful purposes, foster an inclusive, welcoming environment consistent with the Service's community values, not use the Service to transmit, store, or distribute illegal content, not attempt to compromise the security, availability, or integrity of the Service, and report violations of these Terms to the Provider when encountered.
Illegal Content:
Harmful Conduct:
Discrimination and Hate:
Technical Abuse:
The Provider acknowledges that enforcement of these prohibitions is significantly limited by the technical constraints of E2EE. The Provider relies primarily on user reports and community cooperation, visible metadata analysis for patterns of abuse, account-level actions (warnings, suspension, termination) rather than content-level moderation, pattern recognition, and cooperation with law enforcement when legally required and technically feasible.
Enforcement Philosophy: Given the technical impossibility of monitoring encrypted content, the Provider takes a trust-based approach combined with responsive action upon receiving substantiated reports. The Provider prioritizes protecting the safety and dignity of marginalized users while respecting the privacy guarantees of end-to-end encryption.
Content Moderation Disclosure (DSA Article 14): In accordance with DSA Article 14(1), the Provider discloses that content moderation is performed exclusively through human review of user-submitted reports — no algorithmic or automated content moderation tools are used. Due to E2EE, the Provider cannot inspect message content proactively. Moderation decisions are based on evidence provided in reports (§5.1), visible metadata, and publicly accessible content (profile information, room names, unencrypted rooms). The complaint and appeals process is described in §5.5.
Upon violation of these Terms, the Provider may issue a formal warning, apply temporary or permanent suspension, apply IP/device bans, apply federation restrictions blocking specific external homeservers that violate policies, or refer serious illegal activity to appropriate law enforcement authorities.
Statement of Reasons (DSA Article 17): When the Provider takes a decision to restrict, suspend, or terminate a user's account, or to remove or disable access to content, the affected user will receive a statement of reasons including: the specific decision taken and the content or account affected; the grounds for the decision (identifying the applicable legal provision or Term of Service violated); whether the decision was made on the basis of a user report or the Provider's own investigation; whether any automated means were involved in the decision (currently: none — all decisions are made via human review); and available redress options, including the right to submit a counter-notice or appeal (§5.5).
While the Provider has no technical means to proactively monitor encrypted content, the Provider maintains a notice mechanism for users to report potentially illegal content, policy violations, or harmful conduct. Reports may be submitted electronically via the designated contact email, in-room moderation reports (where available), or direct contact to the Provider via designated channels. In accordance with DSA Article 16(2), an effective notice should contain:
Reports do not automatically include message content due to encryption. The Provider cannot independently verify the accuracy or validity of reports without user-provided evidence, may request screenshots or message exports to substantiate claims, is not obligated to take action based on unsubstantiated or vexatious reports, and may take action against reporters who submit false reports in bad faith.
Upon receiving a valid report, the Provider will acknowledge receipt, assess the report, evaluate whether the reported content violates Swedish/EU law or these Terms, take appropriate action (which may include account suspension, termination, content removal, or reporting to relevant authorities), and act expeditiously to remove or disable access to illegal content as required by Article 6 DSA.
The Provider operates under Swedish jurisdiction and evaluates content legality primarily according to Swedish and EU law. However, the Provider's community standards (particularly anti-discrimination and anti-harassment policies) may be enforced more broadly than minimum legal requirements. Content that may be illegal in other jurisdictions is not automatically subject to removal unless it also violates Swedish/EU law or these Terms of Service.
Users whose accounts are suspended or terminated may submit a counter-notice or appeal explaining why the action was improper. The Provider will review appeals in good faith and may reinstate accounts where appropriate.
The Matrix protocol employs the Olm and Megolm cryptographic ratchets to implement end-to-end encryption. This technical implementation means:
| Limitation | Consequence |
|---|---|
| Server-side encryption | Messages are encrypted before reaching the Provider's servers and remain encrypted at rest |
| No server key access | The Provider does not possess cryptographic keys necessary to decrypt message content |
| Client-side decryption | Only authorized recipients with proper keys can decrypt messages |
| Forward secrecy | Olm (1:1 sessions) provides forward secrecy via the Double Ratchet; Megolm (group sessions) provides forward secrecy within a session but has weaker post-compromise security |
While message content is encrypted, certain metadata is necessarily visible to the Provider for operational purposes: user account identifiers (Matrix IDs), timestamp information, room membership and participation data, federation connection data, device and session information, and message size and frequency patterns. This metadata is essential for protocol operation but cannot reveal message content or substantive communications.
Room state information is replicated across participating servers, server-to-server communication occurs for message routing, the Provider cannot control actions taken by external federated servers, data deletion requests may not be honored by external homeservers, and users joining rooms hosted on external servers should be aware their data will be replicated there.
The Provider processes personal data in accordance with the GDPR and Swedish data protection law. A comprehensive Privacy Policy (published below) details categories of personal data collected, legal bases for data processing, data retention periods and deletion procedures, user rights under GDPR, data security measures, international data transfers, and cookie usage and tracking.
Due to Matrix federation architecture, multiple data controllers may exist for a single conversation. Each homeserver in a federated room is typically considered a separate data controller for data it stores. The Provider is the data controller only for data stored on iliketrains.fyi servers. Users exercising GDPR rights must contact each relevant homeserver administrator separately. The Provider cannot guarantee data deletion from external federated servers.
The Provider will respond to valid legal process issued by Swedish authorities in accordance with Swedish law. The Provider can provide metadata and account information within its control but cannot provide decrypted message content due to technical inability. The Provider will notify affected users of legal requests when legally permissible.
The Service is provided "AS IS" and "AS AVAILABLE" without warranties of any kind, express or implied. The Provider does not guarantee uninterrupted or error-free service operation, data backup or recovery, compatibility with all client applications or devices, availability of federation with external homeservers, protection against all security threats, or freedom from bugs, vulnerabilities, or protocol limitations. The Service is operated on consumer-grade hardware with limited redundancy; while the Provider makes reasonable efforts to back up data, users should not rely on the Service as the sole repository for any data they consider irreplaceable. Hardware failure, storage exhaustion, or other infrastructure limitations may result in partial or total data loss.
To the maximum extent permitted by Swedish law, the Provider shall not be liable for indirect, incidental, consequential, or punitive damages arising from use of the Service; loss of data, profits, revenue, or business opportunities; damages resulting from user conduct, user content, or interactions between users; content or conduct on external federated homeservers; unauthorized access to or alteration of user transmissions or data; technical failures, service interruptions, or data loss; or emotional distress resulting from harassment or harmful content where the Provider lacked actual knowledge.
The Provider's total aggregate liability for all claims arising from or relating to the Service shall not exceed the amount paid by the user to the Provider in the twelve (12) months preceding the claim. For free accounts, liability shall not exceed one hundred (100) Swedish Kronor. This limitation does not apply to damages caused by the Provider's wilful misconduct or gross negligence, nor does it affect any mandatory consumer rights under Swedish or EU consumer protection law that cannot be limited by contract.
The Provider is not liable for failure to perform obligations due to circumstances beyond reasonable control, including but not limited to acts of God, war, terrorism, civil unrest, government actions, network failures, power outages, cyber-attacks by third parties, or acts of federated third-party servers.
The Matrix protocol is open source and governed by the Matrix.org Foundation. The Provider's implementation, configuration, documentation, and any proprietary modifications remain the intellectual property of the Provider.
Users retain all intellectual property rights in content they create and transmit through the Service. By using the Service, users grant the Provider a limited, non-exclusive, royalty-free license to store, transmit, cache, and display content solely as necessary to provide the Service and maintain its operation.
The Provider respects intellectual property rights. In accordance with the EU E-Commerce Directive (Directive 2000/31/EC, Article 14) and the EU Copyright Directive (Directive (EU) 2019/790), users who believe their copyrights have been infringed should submit a substantiated notice containing: identification of the copyrighted work claimed to be infringed; identification of the allegedly infringing material and its location (to the extent possible given E2EE limitations); contact information of the rights holder or authorized representative; a statement of good faith belief that the use is not authorized; a statement that the information provided is accurate and that the complainant is authorised to act on behalf of the rights holder; and proof or explanation of ownership or authorisation. False or bad-faith claims may give rise to liability under applicable civil law.
Due to E2EE architecture, copyright enforcement is limited to content visible to the Provider (profile information, room names, unencrypted rooms). Users sharing copyrighted material in encrypted rooms bear sole responsibility.
The Provider reserves the right to suspend or terminate user accounts upon receiving actual knowledge of illegal activity or content, for violations of these Terms of Service, for conduct that poses security or operational risks to the Service, for accounts engaged in abuse, harassment, discrimination, or harmful conduct, for repeated violations despite warnings, or at the Provider's discretion for accounts engaging in serious violations.
Users may terminate their use of the Service at any time by ceasing to use the Service and deleting their account through account settings, requesting account deletion from the Provider, or exporting their data before deletion.
Upon termination, the user's access to the Service will be immediately revoked. Due to the technical architecture of the Matrix protocol (Synapse), account termination is implemented as deactivation, not full deletion. The following applies:
Users who require full data erasure under GDPR should submit an explicit erasure request to the Provider in addition to deactivating their account. See the Privacy Policy (§8.2) for full details.
To the extent permitted by applicable law, users agree to indemnify, defend, and hold harmless the Provider, its officers, directors, employees, agents, and affiliated individuals from and against any claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising from the user's use or misuse of the Service, violation of these Terms, violation of any applicable law or regulation, violation of any third-party rights, content transmitted or shared by the user through the Service, the user's interactions with other users or third parties, or the user's discriminatory, harassing, or harmful conduct toward other users. This indemnification obligation survives termination of the user's account or use of the Service. Nothing in this section overrides mandatory consumer protections under Swedish or EU law.
These Terms of Service and any dispute arising from or relating to the Service shall be governed by and construed in accordance with the laws of Sweden, excluding conflict of law principles. This includes Swedish criminal law, Swedish Discrimination Act (Diskrimineringslagen), Swedish Electronic Communications Act, and applicable EU regulations.
Any disputes, claims, or controversies arising from or relating to these Terms or the Service shall be subject to the jurisdiction of the Swedish courts, with venue in the district court where the Provider is domiciled. This clause does not prevent consumers from bringing proceedings in the courts of the Member State in which they are domiciled, in accordance with applicable EU consumer protection law.
Users agree to first attempt informal resolution by contacting the Provider before initiating formal legal proceedings. The Provider will make good faith efforts to resolve disputes amicably within thirty (30) days of receiving written notice of a dispute.
Nothing in these Terms limits any mandatory consumer rights under Swedish or EU consumer protection law. If any provision conflicts with applicable consumer protection law, the consumer protection provisions shall prevail to the extent of the conflict.
The Provider reserves the right to modify these Terms of Service to reflect changes in legal or regulatory requirements, changes to Service features or operations, clarifications or improvements to policies, or community feedback and evolving community standards. All changes will be communicated through notice posted on the Service website, email notification to registered users (where email addresses are provided), in-service notifications or announcements, and server notices visible to all users.
Minor changes (clarifications, formatting, corrections that do not materially affect user rights or obligations) take effect thirty (30) days after notice is provided. Material changes (changes that alter user rights, obligations, or the scope of the Service) take effect thirty (30) days after notice; continued use of the Service after the effective date constitutes acceptance of the updated Terms. Users who do not agree with material changes may terminate their use of the Service and request account deletion before the effective date. Changes required by law may take effect immediately upon notice.
If any provision of these Terms is found to be unlawful, void, or unenforceable by a court of competent jurisdiction, that provision shall be deemed severable and shall not affect the validity and enforceability of the remaining provisions. The invalid or unenforceable provision shall be replaced with a valid, enforceable provision that most closely matches the intent of the original provision while complying with applicable law.
For questions, concerns, notices, or reports regarding these Terms of Service or the Service, users may contact:
This contact point serves as the Provider's single point of contact for the purposes of DSA Article 11 (communication with Member State authorities, the European Commission, and the European Board for Digital Services) and DSA Article 12 (communication with recipients of the Service). This contact point is accessible by electronic means (email) and is available in English and Swedish. Communications shall not rely solely on automated tools.
These Terms of Service, together with the Privacy Policy and any other policies incorporated by reference, constitute the entire agreement between users and the Provider regarding use of the Service and supersede all prior or contemporaneous understandings, agreements, representations, and warranties, whether written or oral, regarding the Service.
By creating an account, accessing, or using the Service, users acknowledge that they have read, understood, and agree to be bound by these Terms of Service. Users represent and warrant that they have the legal capacity to enter into this agreement, their use of the Service complies with all applicable laws, they will not use the Service to violate the rights of others, they understand and accept the technical limitations of the Provider's moderation capabilities, and they will contribute to a safe, inclusive community environment. Users specifically acknowledge that the Provider operates as a hosting service provider with limited technical capability to monitor or moderate encrypted content; the Provider's liability is limited by the technical architecture of the Matrix protocol and applicable law; users bear primary responsibility for the legality and appropriateness of content they transmit through the Service; the Provider's role is that of a neutral technical intermediary exempt from liability under DSA Article 6; the Service is operated as a safe space for queer communities, and discrimination or bigotry will not be tolerated; and violations of community standards may result in immediate account suspension or termination.
This Privacy Policy explains how iliketrains.fyi (hereinafter "the Service" or "the Homeserver") collects, uses, stores, and protects personal data in accordance with:
Important: The Matrix protocol operates on a federated architecture. When you participate in rooms with users from external homeservers, multiple data controllers exist for your data. This homeserver (iliketrains.fyi) is the data controller for data stored on our servers. External homeservers in federated rooms are separate data controllers for data they store. Each homeserver administrator is independently responsible for complying with data protection law. You must contact each homeserver administrator separately to exercise GDPR rights regarding data they control. This Privacy Policy covers only data processing by iliketrains.fyi.
Under GDPR Article 6, we process personal data based on the following legal grounds:
| Legal Basis | Processing Activities |
|---|---|
| Consent (Art. 6(1)(a)) | Account creation, optional data collection (email, avatar), analytics (if implemented with consent) |
| Contractual Necessity (Art. 6(1)(b)) | Providing Matrix communication services, message routing and storage, federation |
| Legal Obligation (Art. 6(1)(c)) | Responding to valid legal process, compliance with law enforcement requests, data retention as legally required |
| Legitimate Interests (Art. 6(1)(f)) | Service security, abuse prevention, technical troubleshooting, improving Service reliability |
Your right to object (GDPR Article 21): Where we process your personal data on the basis of legitimate interests (Art. 6(1)(f)), you have the right at any time to object to such processing on grounds relating to your particular situation. Upon receiving your objection, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims. To exercise this right, contact us at me@luwuna.gay. See also §9.6 below.
Data collected: Matrix ID (e.g., @username:iliketrains.fyi) — required, chosen by user; password (hashed, never stored in plaintext) — required; display name — optional; avatar image — optional; email address — optional, for account recovery and notifications; phone number — optional (if three-party identity verification enabled); account creation timestamp; account status (active, suspended, deactivated).
Purpose: Account authentication, user identification within Matrix protocol, service provision. Retention: Until account deletion or 90 days after account deactivation.
Data provision requirements (GDPR Article 13(2)(e)): Providing a Matrix ID and password is a contractual requirement necessary to create an account and use the Service. Failure to provide these will prevent you from accessing the Service. Providing a display name, avatar, email address, or phone number is voluntary; failure to provide these will not prevent use of the Service but may limit certain features (e.g., account recovery).
Data stored: encrypted message content (end-to-end encrypted using Olm/Megolm); message metadata (sender, recipients, timestamp, room ID, event type); media files (encrypted if uploaded to encrypted rooms); encryption keys (device keys, one-time keys, fallback keys for E2EE operation); device information (device IDs, device display names, encryption key identifiers).
Critical limitation: Due to end-to-end encryption (E2EE), we cannot access, read, or decrypt message content. Only the intended recipients with proper cryptographic keys can decrypt messages. We store encrypted ciphertext but have no technical means to access plaintext.
Purpose: Core service functionality, message delivery and storage, E2EE operation. Retention: Messages stored while the user's account exists; may be pruned if storage capacity requires it. Users will be notified before any storage-related pruning where practicable.
Data visible to homeserver: room participation (which rooms you are a member of, room names, room topics); timestamps (when messages are sent/received, last active time); federation data (which external homeservers you interact with); read receipts; typing indicators (ephemeral); presence information; device list; IP addresses for active sessions.
Important: While message content is encrypted, metadata is necessarily visible for protocol operation. Metadata can reveal communication patterns, relationships, and activity but cannot reveal what you're saying.
Retention: Active session data until session ends; historical metadata 90 days (for security and troubleshooting); IP addresses 7 days (unless required for abuse investigation).
Data collected: IP addresses; user agent strings; session tokens; rate limiting data; server logs (error logs, access logs — IP addresses anonymized after 7 days); security events (failed login attempts, suspicious activity patterns).
Purpose: Service security, abuse prevention, troubleshooting, legal compliance. Retention: Session data until logout or session expiration; security logs 30 days; anonymized aggregate statistics indefinitely.
Current status: The Service does not currently use cookies for tracking or analytics. If implemented in future, strictly necessary cookies (authentication, session management) would require no consent, while analytics/performance cookies would require explicit opt-in consent. Third-party cookies are not used.
We use personal data to authenticate users and maintain account security, route and deliver messages to intended recipients, store encrypted messages for offline delivery, enable federation with external Matrix homeservers, display user profiles to other users, facilitate room membership and participation, and provide search functionality within your accessible content.
We use personal data to detect and prevent spam, flooding, and automated abuse; identify patterns of malicious activity or policy violations; respond to user reports of harassment or harmful conduct; protect against unauthorized access and security threats; investigate Terms of Service violations; and block abusive users or federated servers. Legitimate interests basis: Protecting Service integrity and community safety.
We may use personal data to respond to valid legal process (court orders, search warrants), comply with law enforcement requests under Swedish law, fulfill statutory data retention obligations, cooperate with regulatory investigations, and defend legal claims or enforce our rights. Legal obligation basis: Compliance with applicable law.
We may use anonymized, aggregated data to analyze Service performance and reliability, identify technical issues and improve functionality, understand usage patterns for capacity planning, and optimize federation performance. We do not use individual personal data for marketing, advertising, or profiling.
Critical aspect of Matrix architecture: When you join a federated room (a room with users from multiple homeservers), your personal data is necessarily shared with those external homeservers. Data shared includes your Matrix ID, display name and avatar (if set), encrypted message content (which they also cannot decrypt without keys), message metadata, your device information and encryption keys (for E2EE operation), and room state events.
External homeservers store copies of your messages and metadata. We cannot control external homeservers' data retention or privacy practices. External homeservers may be in different jurisdictions with different laws. Deleting data from our server does not delete it from external federated servers. You should review external homeservers' privacy policies before joining rooms hosted there.
Current status: The Service does not currently use third-party processors. If implemented in future, we will only share personal data necessary for the specific service, will use GDPR Article 28 Data Processing Agreements, will ensure processors comply with GDPR and provide adequate security, and will list all processors in this Privacy Policy.
We will disclose personal data to law enforcement or government authorities only when required by valid Swedish court order or search warrant, required by Swedish or EU law (e.g., child safety reporting obligations), necessary to prevent imminent harm or serious crime, or required to comply with regulatory investigations.
Data we can provide: account information (Matrix ID, email, creation date), metadata (room participation, timestamps, IP addresses), encrypted message content (which cannot be decrypted by us or law enforcement). Data we cannot provide: decrypted message content (technical inability due to E2EE), content of messages in rooms hosted on external servers (not under our control). We will notify affected users of legal requests when legally permitted and when doing so would not compromise an investigation.
We do not sell, rent, or share personal data with advertisers or marketing companies, data brokers, social media platforms, or any entity for commercial purposes.
Due to Matrix's federated nature, data may be transferred internationally when you join rooms hosted on external homeservers in other countries, when external homeservers in other jurisdictions participate in your rooms, or when federation traffic routes through international networks.
When personal data is transferred to countries outside the EU/EEA, we ensure adequate protection through EU Commission adequacy decisions, Standard Contractual Clauses (SCCs), or user consent. Federation caveat: We cannot control or guarantee the data protection practices of external homeservers in third countries. Users choosing to join rooms on external servers accept this risk.
Technical measures include end-to-end encryption (E2EE) using Olm/Megolm for message content, transport encryption (TLS) for all server-to-server and client-to-server connections, password hashing using bcrypt or similar strong algorithms, access controls limiting system access to authorized administrators only, firewall protection and network segmentation, regular security updates for server software and dependencies, and encrypted backups (if backup system implemented).
Organizational measures include principle of least privilege for system access, security awareness and training for administrators, incident response procedures, regular security audits and vulnerability assessments, and data minimization practices.
No system is perfectly secure. Potential risks include compromise of external federated homeservers (outside our control), client-side vulnerabilities in Matrix client applications, user device compromise (malware, stolen devices), social engineering or phishing attacks targeting users, zero-day vulnerabilities in Matrix protocol or server software, and quantum computing threats to current encryption standards (future risk). Users should maintain strong passwords, enable two-factor authentication (if available), keep client software updated, and protect device security.
In the event of a personal data breach that poses a risk to user rights and freedoms, we will notify the Swedish Data Protection Authority (Integritetsskyddsmyndigheten) within 72 hours, notify affected users without undue delay if the breach poses high risk, and document the breach, its effects, and remedial actions taken.
| Data Category | Retention Period |
|---|---|
| Account information | Until account deletion + 90 days |
| Encrypted messages | While the user's account exists; may be pruned for storage capacity |
| Message metadata | While the user's account exists; may be pruned for storage capacity |
| IP addresses | 7 days (anonymized after) |
| Security logs | 30 days |
| Session tokens | Until logout or expiration |
| Deactivated accounts | MXID reserved indefinitely (technical necessity); remaining account data retained until manual admin purge or explicit GDPR erasure request |
To deactivate your account, use the account deactivation feature in your Matrix client settings, or contact the Service Provider directly. Due to the technical architecture of the Matrix protocol (Synapse), account removal is implemented as deactivation, not full deletion. This is a fundamental characteristic of the Matrix protocol, not a policy choice.
What happens upon deactivation:
Data that persists after deactivation (technical limitations of Synapse):
GDPR erasure requests: If you wish to exercise your right to erasure under GDPR Article 17, please submit an explicit written erasure request to me@luwuna.gay in addition to deactivating your account. We will make best efforts to purge your personal data from our systems to the extent technically feasible, and will document any data that cannot be deleted and the technical reason why.
Federation limitations: We cannot delete data from external federated homeservers (separate data controllers), recipients' local devices (client-side storage), or backups held by external homeservers. You must contact external homeserver administrators separately to request deletion of data they control.
You can redact (delete) your own messages. Redaction replaces message content with a tombstone marker. Redactions propagate to federated servers (but cannot be guaranteed). Some metadata may persist for protocol operation. If all users leave a room, the room state is deleted. The Provider will delete room data when no local users have access. We may retain data longer if required by valid legal hold, ongoing investigation of Terms violations, or Swedish law or legal obligations.
You have the right to obtain confirmation whether we process your personal data, a copy of your personal data, and information about processing purposes, categories, recipients, and retention. Contact the Service Provider to request a data export. We will provide account information and metadata we control. We cannot provide decrypted message content (due to E2EE) or data on external federated servers.
You have the right to correct inaccurate personal data. Update your profile information through your client settings, or contact us for data you cannot change yourself.
You have the right to request deletion of your personal data. Deactivate your account or request deletion from the Service Provider. Limitations: we cannot delete data on external federated servers (contact those administrators separately), we may retain data required by law or for legal claims, and anonymized data may be retained for statistical purposes.
You have the right to request we limit processing of your data in certain circumstances. Contact the Service Provider explaining the basis for restriction. Effect: we will store the data but not actively process it (except as legally required).
You have the right to receive your personal data in a structured, commonly used, machine-readable format. Request data export from the Service Provider. We will provide account data and metadata in JSON format. We cannot provide decrypted message content or data on external servers.
You have the right to object to processing based on legitimate interests. Contact the Service Provider explaining your objection. We will assess whether our legitimate interests override your rights and freedoms.
Where processing is based on consent, you can withdraw consent at any time by contacting the Service Provider or adjusting settings. We will cease processing that relied on consent (but lawfully processed data prior to withdrawal is not affected).
You have the right to lodge a complaint with a supervisory authority.
The Service does not knowingly collect personal data from children under the age of 13 years without parental consent. If you are under 13, do not create an account without your parent/guardian's permission. If we discover we have collected data from a child under 13 without proper consent, we will delete the account and associated data as soon as reasonably possible and notify the account holder of the deletion. Parents/guardians may request access to or deletion of their child's personal data by contacting us with verification of parental authority.
We reserve the right to modify this Privacy Policy to reflect changes in data processing practices, changes in legal or regulatory requirements, new Service features affecting data collection, or improvements to transparency and clarity. Material changes will be communicated through prominent notice on the Service website, email notification (if you provided an email address), and server notice visible to all users. Changes become effective 30 days after notice, unless required by law (effective immediately) or minor clarifications that do not materially affect your rights. Continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.
For privacy-related questions, concerns, or to exercise your GDPR rights, contact:
Current status: Under GDPR Article 37, a DPO must be appointed when an organisation's core activities involve regular and systematic monitoring of individuals on a large scale, or large-scale processing of special categories of data. As the Service's core activity is providing federated messaging infrastructure — not systematic monitoring or processing of sensitive personal data — no DPO appointment is currently required. If our processing activities change to meet those thresholds, we will appoint one and publish contact information here.
In accordance with GDPR Article 12(3), we will respond to your privacy inquiries and data subject requests within one month of receipt. Where requests are complex or numerous, this period may be extended by up to two further months (maximum three months total). We will inform you of any extension and the reasons for the delay within the initial one-month period.
We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any abuse detection systems are used only for flagging suspicious activity for human review, not for automated decisions affecting your account.
We implement data protection principles: data minimization (collecting only necessary data), purpose limitation (using data only for stated purposes), storage limitation (retaining data no longer than necessary), integrity and confidentiality (protecting data security), and accountability (documenting compliance measures).
We are committed to operating this Service transparently. This Privacy Policy fully discloses our data practices. We will not make material changes to data use without notice, will respond honestly and completely to privacy inquiries, and will maintain transparency reports (if legally feasible) regarding government requests.
By using the Service, you acknowledge that you have read and understood this Privacy Policy, you understand Matrix's federated architecture means data is shared with external homeservers, you understand end-to-end encryption limits our ability to access message content, you understand we cannot guarantee data deletion from external federated servers, and you consent to data processing as described in this Policy.