PEERGOS Privacy Policy

Version 0.11 dated 22 February 2021

This privacy policy forms part of the Peergos Terms of Use and applies to all accounts created on https://beta.peergos.net. In this policy, defined terms have the same meanings as in the Terms of Use.

This privacy policy applies only to the instance of the Peergos encrypted storage platform that we operate. We are not a data controller or processor with respect to any self-hosted Peergos server. If you are connecting to a self-hosted Peergos server running on another domain then contact the administrator of that instance for details of their terms and privacy policy.

Data collection

Peergos is an encrypted storage platform. This means that we cannot exercise any control over (i) what users choose to store on peergos, (ii) for what purposes data are stored or accessed, or (iii) the purposes or means of processing such data.

We are a data controller with respect to certain limited categories of personal data, as set out below.

Personal data that you may supply to us

Data protection by design

Peergos has been designed to respect your privacy. With limited exceptions (like your username), the data you upload to Peergos is encrypted automatically. We do not collect or store any personal data except where it is necessary to operate your account, take payments, or maintain the security and integrity of Peergos. We consider privacy as a core part of our system design and engineering processes. You are left in control of your privacy by requiring you to intervene to determine what data if any is shared, with whom, and for how long.

Personal data that we may collect from you

Key:
1 = Thing we are collecting
2 = Why are we collecting it
3 = Retention duration

Things we collect directly and store on our servers

  1. username
  2. ensure uniqueness globally
  3. forever
  1. feedback messages (such as feature requests and bug reports) that you send to us
  2. to improve the service and help users
  3. 2 years
  1. current space usage and allowance on your account and any error returned by taking payment
  2. to enforce maximum space usage per user
  3. until account is deleted by the account owner
  1. IP address reported by your device when you access the Peergos server
  2. to ensure the security and integrity of Peergos (for example by protecting against DOS attacks or identifying inauthentic requests)
  3. 1 week
  1. confirmation that you have accepted the Peergos Terms of Use and Privacy Policy, and the time when you did so
  2. for legal and record-keeping purposes
  3. until 6 years after the deletion of your account
  1. transmitting encrypted follow requests to you which relate to your account (if you accept a follow request, you will then be able to share data with the requesting user)
  2. to allow you to share data with other Peergos users
  3. until you reply to or refuse the request

Things we store on the user's device (e.g. cookies, local data)

None. When you access Peergos via your web browser, we do not set, store or read any cookies or other local data. Your browser may cache data if you have configured it to do so.

Peergos Pro: personal data collected if you make payments to Peergos

All payments are processed by Peergos's payment processor, Stripe (or its affiliate companies) and any personal data you supply will be processed in accordance with Stripe's privacy policy: https://stripe.com/gb/privacy.

This includes:

  1. Payment information (name, credit or debit card number, purchase amount, date and time of purchase, and payment method, billing address)
  2. To take payment (we cannot see full card number, just last 4 digits)
  3. Indefinitely
  1. email address
  2. To contact you about your payment or account (for example about any failure to process the payment, and upcoming renewals)
  3. As specified in Stripe's privacy policy
  1. Browser and device data (IP address, device type, operating system name and version, device manufacturer and model, language, plug-ins)
  2. Fraud prevention (both by us and by Stripe)
  3. Indefinitely

Where data is stored or processed indefinitely, this is either because it is a requirement of our payment provider to prevent fraud, or technically necessary to ensure the security and integrity of Peergos (e.g. uniqueness of usernames). However, we will periodically review the data we hold and delete anything that we no longer need.

Location of processing

The Peergos hosted instance is hosted on servers located in Germany. We make use of object storage buckets to store encrypted data. Our servers may also be backed up on infrastructure operated by other service providers, including Backblaze S3.

Security measures

All data that you supply to us, and that we transmit to you, will be encrypted whilst in transit and during storage. This includes the categories of data set out above, with the exception of usernames.

We use encryption, digital signatures, peer review of source code, and trust free servers, among other security measures, to ensure the integrity and security of your personal data.

Your rights

If your personal data is processed by Peergos (e.g. because you are a Peergos user), you have the right of access to your data, and to rectification and erasure. You may access, amend and delete any data hosted with Peergos by logging into your account. You may download a copy of your Peergos hosted data (e.g. for purposes of data portability) or migrate your account between Peergos servers and storage providers — but, because it is encrypted, we cannot access, supply or export your data for you.

You also have the right to restrict or object to processing your personal data by Peergos. You can exercise this right by either (i) deleting the relevant data from your account, (ii) revoking any shared links to your files/directories, (iii) closing your account from your account settings page, or (iv) contacting us for assistance.

Data protection officer

If you have a question about your privacy on Peergos or wish to find out more about this policy, please contact our data protection officer at privacy@peergos.org.