- Information we collect and retain
- Information we choose to not retain
- How we store and share collected information
- Account deletion
- Changes to this policy
You have a reasonable expectation of privacy regarding any communication or data transiting or stored on this information system. We collect very little personal information, and none of the information we do collect is ever shared.
When you create an account, we retain the date you registered. Account request information is removed after four months, and invite status is removed after one month. Unless you delete it from your user account, we retain the alternate email addresses that you specify. You may choose to delete your alternate email address, but if you do so, we will not be able to restore access to your account if you lose the password.
The content of any help ticket you create or comment on while authenticated will be associated with your user account. You can choose to fill out a help ticket anonymously by creating a ticket while not logged in. We periodically delete old help tickets that are closed.
While currently logged in, we keep a temporary session identifier on your computer that your software uses to prove your authentication state. This is erased immediately after you log out or the session expires. We do not use any third party cookies or tracking of any kind.
In order to detect when our servers are under attack from a “spam bomb” or when a spammer is using our system, we keep a log of the “from” or “to” information for every message relayed. These logs are purged on a daily basis.
We keep a record of the current calendar month and year of your last successful authentication (in order to be able to disable and delete dormant accounts). We do not record the time or day of the last log in.
No IP addresses of any user for any service are retained.
Your web browser communicates uniquely identifying information to all web servers it visits by allowing the site to know details about your operating system, browser information, plugins installed, fonts installed, screen resolution, and much more. We do not retain any of this information.
Even when using end-to-end OpenPGP encryption for email messages, the email “subject” and routing information regarding the message “from” and “to” are seen by our servers in the clear when the email initially arrives. This is due to inherent limitations in the email protocol and in OpenPGP.
All of your data is stored in an encrypted format, and only Riseup has the keys to decrypt the data.
Some messages that you send or receive will not be end-to-end-encrypted (for example, when the other party does not support email encryption). Once we receive these clear-text messages, they are stored on an encrypted disk drive. If they are sent from or to our system without encryption, we cannot ensure that the contents of the mail have not been intercepted in transit.
We retain only the bare minimum of information about each user that is required to make the service work. We do not sell or share any of it.
Anonymous, aggregated information that cannot be linked back to an individual user may be made available to experienced researchers for the sole purpose of developing better systems for anonymous and secure communication. For example, we may aggregate information on how many messages a typical user sends and receives, and with what frequency.
We will not read, search, or process any of your incoming or outgoing mail other than to protect you from viruses and spam or when directed to do so by you when troubleshooting.
You may choose to delete your riseup.net account at any time. Doing so will destroy all the data we retain that is associated with your account. The usernames associated with deleted accounts remain unavailable for others to use for one year.
We reserve the right to change this policy. If we make major changes, we will notify our users in a clear and prominent manner. Minor changes may only be highlighted in the footer of our website.