we2.ee Privacy Policy
We are pleased about your interest in we2.ee. Data protection is of particularly high priority for the management of we2.ee.
Thank you for using we2.ee. We prioritize the protection of your personal data. While our services can be used with minimal data collection, some features may require processing certain personal information.
We process all data in compliance with the General Data Protection Regulation (GDPR) and applicable local laws. This privacy notice explains what data we collect, how we use it, and your rights as a data subject.
While we implement robust security measures to protect your data, please note that no Internet transmission is completely secure.
1. Services Overview
we2.ee operates several privacy-focused services:
- A Matrix homeserver for secure, decentralized communication
- Element Web client for accessing Matrix
- PrivateBin instance at txt.we2.ee for secure text sharing
- Associated DNS and auxiliary services
2. Data Collection and Processing
2.1 Matrix Service
When using the Matrix service, we collect:
- Username and encrypted authentication credentials
- Email address (optional, only if provided for account recovery)
- Message metadata (timestamps, room IDs)
- Encrypted message content (only accessible to intended recipients)
We specifically do not collect or retain:
- IP addresses
- Access logs
- User tracking data
2.2 PrivateBin Service (txt.we2.ee)
For the PrivateBin service:
- No personal data is collected
- Content is end-to-end encrypted in the browser
- Only encrypted data is stored
- IP addresses are not logged
- Posts are automatically deleted after their expiration time
2.3 Web Access
When accessing our web services:
- TLS encryption is mandatory
- No tracking cookies are used
- No JavaScript telemetry is collected
- No third-party resources are loaded
- Server logs are minimized and routinely rotated
3. Infrastructure
3.1 Server Locations
Our primary infrastructure is hosted at Hetzner's green datacenter in Helsinki, Finland. Auxiliary services and certain DNS operations are handled through facilities in Tallinn, Estonia. All data processing occurs within the European Union.
3.2 Technical Security Measures
We implement:
- Mandatory TLS encryption with modern cipher suites
- Strict content security policies
- Regular security updates
- Firewall rules limiting connections to necessary services
- Network segregation where appropriate
- Hardware security modules for critical operations
4. Data Retention and Deletion
- Email addresses: Retained only for account functionality
- IP addresses: Maximum 30 days retention
- Matrix messages: Retained in encrypted form until deleted by users
- PrivateBin content: Retained in encrypted form until deletion or automatic expiry
- Account data: Retained until account deletion is requested
5. Your Rights Under GDPR
Each data subject has the right to:
- Request confirmation of whether personal data is being processed
- Obtain information about stored personal data
- Receive copies of personal data
- Have inaccurate data corrected
- Have personal data erased ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
6. Basis for Processing
We process data under the following legal bases:
- Consent (Art. 6(1)(a) GDPR)
- Contract fulfillment (Art. 6(1)(b) GDPR)
- Legal obligations (Art. 6(1)(c) GDPR)
- Legitimate interests (Art. 6(1)(f) GDPR)
7. Matrix Federation
As part of the Matrix protocol, our server federates with other Matrix servers. This means:
- Message data may be shared with other servers in rooms
- All federation traffic is encrypted
- We implement standard Matrix security practices
- Server access tokens are securely managed
8. Third Party Services
We do not use third-party analytics, tracking, or advertising services. The only third-party interactions are:
- Matrix federation (necessary for protocol operation)
- DNS services (for domain resolution)
- Email delivery (for account functions)
9. Contact Information
For privacy-related inquiries:
- Email: [email protected]
- Matrix: @sij:we2.ee
10. Changes to Privacy Notice
We reserve the right to update this privacy notice. Significant changes will be announced via:
- Matrix announcements
- Website notices
- Email (for significant changes affecting user data)
Last updated: December 2024
Controller: Sangye Ince-Johannsen
Contact: [email protected]