- Information we collect and retain
- Information we choose to not retain
- How we store and share collected information
- Account deletion
- Changes to this policy
You have a reasonable expectation of privacy regarding any communication or data transiting or stored on this information system. We collect very little personal information, and none of the information we do collect is ever shared.
When you create an account, we retain the date you registered (rounded to the nearest quarter year). Account request information is removed after four months, and invite status is removed after one month. If you choose to set a reset email address, we retain this record but in a format that is unreadable by us (it is stored in a hashed digest, similar to how passwords are stored).
The content of any help ticket you create or comment on while authenticated will be associated with your user account. You can choose to fill out a help ticket anonymously by creating a ticket while not logged in. We periodically delete old help tickets that are closed.
While currently logged in, we keep a temporary session identifier on your computer that your software uses to prove your authentication state. This is erased immediately after you log out or the session expires. We do not use any third party cookies or tracking of any kind.
In order to detect when our servers are under attack from a “spam bomb” or when a spammer is using our system, we keep a log of the “from” or “to” information for every message relayed. These logs are purged on a daily basis.
We keep a record of the quarter and year of your last successful authentication (in order to be able to disable and delete dormant accounts). We do not record the time or day of the last log in. For example, this information looks like “Q3 2018”.
No IP addresses of any user for any service are retained.
Your web browser communicates uniquely identifying information to all web servers it visits by allowing the site to know details about your operating system, browser information, plugins installed, fonts installed, screen resolution, and much more. We do not retain any of this information.
Even when using end-to-end OpenPGP encryption for email messages, the email “subject” and routing information regarding the message “from” and “to” are seen by our servers in the clear when the email initially arrives. This is due to inherent limitations in the email protocol and in OpenPGP.
All of your data is stored in an encrypted format, and only Riseup has the keys to decrypt the data. Additionally, as of March 2017, the storage for all new accounts is personally encrypted. Riseup is unable to read any of the stored content for these accounts. Any user with an account created prior to March 2017 may opt-in to personally encrypted storage.
We retain only the bare minimum of information about each user that is required to make the service work. We do not sell or share any of it.
Anonymous, aggregated information that cannot be linked back to an individual user may be made available to experienced researchers for the sole purpose of developing better systems for anonymous and secure communication. For example, we may aggregate information on how many messages a typical user sends and receives, and with what frequency.
We will not read, search, or process any of your incoming or outgoing mail other than to protect you from viruses and spam or when directed to do so by you when troubleshooting.
You may choose to delete your riseup.net account at any time. Doing so will destroy all the data we retain that is associated with your account. The usernames associated with deleted accounts remain unavailable for others to use for one year.
We reserve the right to change this policy. If we make major changes, we will notify our users in a clear and prominent manner (like our 新闻简报). Minor changes may only be highlighted in the footer of our website.