Privacy Policy

1. Introduction

Welcome to 644.ro, a Matrix homeserver operated with a singular focus: your privacy. This policy explains our data practices in plain language. Spoiler alert: there's not much to explain because we don't collect data.

2. What Data We Collect

2.1 Account Data (Minimal)

When you create an account, we store only what's technically necessary for Matrix to function:

• Username: Your chosen Matrix ID (e.g., @username:644.ro)
• Email addresses: When you register
• Password hash: A cryptographically hashed version of your password (we never store plain-text passwords)
• Profile information: Only if you choose to set a display name or avatar (optional)

We do NOT require or collect:

• Phone numbers
• Real names
• Payment information
• Any personal identification

2.2 Message Data

Your messages are stored according to Matrix protocol specifications:

• End-to-end encrypted rooms: Messages are encrypted on your device. We store only encrypted blobs that we cannot decrypt.
• Unencrypted rooms: Messages are stored in plain text on the server (we recommend using encryption for all sensitive communications).
• Retention: Messages are kept according to room settings. You control your data through your Matrix client.

2.3 Metadata

We minimize metadata collection:

• IP addresses: NOT logged or stored
• Connection timestamps: NOT logged
• Device information: NOT collected beyond what's required for Matrix device verification
• Usage patterns: NOT tracked or analyzed

2.4 What We DON'T Collect

To be absolutely clear, we do NOT collect, log, or store:

• IP addresses
• Access logs
• Browsing history
• Device fingerprints
• Location data
• Analytics or telemetry
• Cookies (except essential session cookies)
• Any third-party tracking mechanisms

3. How We Use Data

The minimal data we store is used exclusively for:

• Authentication: Verifying your identity when you log in
• Message delivery: Routing messages to intended recipients
• Federation: Communicating with other Matrix servers
• Service operation: Maintaining basic server functionality

We do NOT use your data for:

• Advertising
• Marketing
• Analytics
• Profiling
• Research
• Training AI models
• Any purpose beyond basic service operation

4. Data Sharing and Disclosure

4.1 With Third Parties

We share NOTHING with third parties. No advertisers, no analytics companies, no data brokers. Zero.

4.2 With Other Matrix Servers (Federation)

When you communicate with users on other Matrix servers, messages are transmitted according to the Matrix protocol. The privacy practices of other servers are beyond our control. Choose your federation connections wisely.

4.3 Legal Requests

We comply with valid legal requests under Singapore law. However, since we don't log IP addresses, timestamps, or metadata, there's very little we can provide even if compelled. We cannot decrypt end-to-end encrypted messages.

We commit to:

• Challenging overbroad or invalid requests
• Providing transparency reports when legally permissible
• Notifying users of requests when allowed by law

5. Data Security

We protect the minimal data we store through:

• Encryption in transit: TLS 1.2+ for all connections
• Encryption at rest: Database encryption for stored data
• Access controls: Restricted server access with strong authentication
• Regular updates: Timely security patches and software updates
• Monitoring: Security monitoring (without logging user activity)

6. Data Retention and Deletion

You control your data:

• Account deletion: You can delete your account at any time through your Matrix client. All associated data will be removed.
• Message deletion: You can delete messages through your client. Note that federated copies on other servers are outside our control.
• Server retention: We don't impose arbitrary retention periods. Your data stays only as long as you want it to.

7. Your Rights

Under various privacy laws, you may have rights including:

• Access: Request information about data we store
• Correction: Update your profile information
• Deletion: Delete your account and data
• Portability: Export your data (through Matrix client features)
• Objection: Object to data processing (though we process very little)

To exercise these rights, contact us at dnsadmin@644.ro.

8. Children's Privacy

Matrix homeservers are not specifically designed for children. We do not knowingly collect data from users under 13 (or applicable age in your jurisdiction). If you believe a child has created an account, please contact us.

9. International Data Transfers

Our server is located in Singapore. If you access 644.ro from outside Singapore, your connection data passes through international networks. However, since we don't log this data, there's minimal privacy impact.

10. Changes to This Policy

We may update this policy to reflect service changes or legal requirements. Major changes will be announced through:

• Website notification
• Server announcements (if implemented)

Continued use after changes constitutes acceptance. We recommend reviewing this policy periodically.

11. Technical Implementation Details

For the technically curious, here's how we ensure privacy:

• Web server: Access logging disabled
• Tuwunel: Configured with minimal logging
• Database: Contains only essential Matrix protocol data
• No analytics: No Google Analytics, Matomo, or similar tools
• No CDNs: All content served directly (no third-party CDNs tracking you)

12. Compliance

This server operates in compliance with:

• Singapore Personal Data Protection Act (PDPA)
• General Data Protection Regulation (GDPR) principles where applicable
• Matrix protocol specifications

13. Contact Information

For privacy-related inquiries, concerns, or requests:

• Email: dnsadmin@644.ro
• Server: 644.ro
• Location: Singapore

14. Philosophy

We built 644.ro on the principle that privacy is a fundamental right, not a feature. The best way to protect your data is to not collect it in the first place. We can't leak what we don't have. We can't sell what we don't collect. We can't be forced to hand over what we don't store.

In the spirit of Unix permissions, 644.ro gives the world read-only access by default. Your data is yours alone—readable and writable only by you (root).