Terms of Service

These terms describe how vmst.io collects, protects and uses the personally identifiable information you may provide through the vmst.io website or its API. The policy also describes the choices available to you regarding our use of your personal information and how you can access and update this information. This policy does not apply to the practices of companies that vmst.io does not own or control, or to individuals that vmst.io does not employ or manage.

System Functionality

Basic account information

If you register on this server, you may be asked to enter a username, an e-mail address and a password. You may also enter additional profile information such as a display name and biography, and upload a profile picture and header image. The username, display name, biography, profile picture and header image are always listed publicly. You can only interact with other people's content and post your own content when you are logged in. You may follow other people to view their combined posts in your own personalized home timeline.

Posts, following and other public information

The list of people you follow is listed publicly, the same is true for your followers. When you submit a message, the date and time is stored as well as the application you submitted the message from. Messages may contain media attachments, such as pictures and videos. Public and unlisted posts are available publicly. When you feature a post on your profile, that is also publicly available information. Your posts are delivered to your followers, in some cases it means they are delivered to different servers and copies are stored there. When you delete posts, this is likewise delivered to your followers. The action of boosting or liking another post is always public.

Direct and followers-only posts

All posts are stored and processed on the server. Followers-only posts are delivered to your followers and users who are mentioned in them, and direct posts are delivered only to users mentioned in them. In some cases it means they are delivered to different servers and copies are stored there. We make a good faith effort to limit the access to those posts only to authorized persons, but other servers may fail to do so. Therefore it's important to review servers your followers belong to. You may toggle an option to approve and reject new followers manually in the settings.

Please keep in mind that it is technically possible for the operators of the server and any receiving server to view such messages, and that recipients may screenshot, copy or otherwise re-share them.

Encrypted messaging via Matrix

In unencrypted and encrypted rooms, users connecting to the matrix.vmst.io homeserver (directly or over federation) will be able to see messages and files according to the access permissions configuration of the relevant room. This data is stored in the format it was received on our servers, and can be viewed by administrators under the conditions outlined below.

In encrypted rooms, the data is stored in our databases but the encryption keys are stored only on your devices or by yourself. Users can optionally backup an encrypted copy of their keys on the Service to aid recovery if they lose all their keys and devices. This key backup is encrypted by a recovery key that only the user has access to. Administrators are unable to read your message content in our database. If you lose access to your encryption keys, you lose access to your messages forever.

We use TLS to transfer all data. End-to-end encrypted messaging data is stored encrypted using AES-256, using message keys generated using the Olm and Megolm cryptographic ratchets.

IPs and Other Metadata

When you log in, we record the IP address you log in from, as well as the User Agent of your browser or application.All the logged in sessions are available for your review and revocation in the settings.

Any of the information we collect from you may be used in the following ways:

To provide the core functionality of Mastodon as defined above.
To aid moderation of the community, for example comparing your IP address with other known ones to determine ban evasion or other violations.
The email address you provide may be used to send you information, notifications about other people interacting with your content or sending you messages, respond to inquiries, and/or other requests or questions.

The latest IP address used is stored for up to 12 months.

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.

Among other things, your browser session, as well as the traffic between your applications and the API, are secured with TLS, and your password is hashed using a strong one-way algorithm. You should enable two-factor authentication to further secure access to your account.

What is our data retention policy?

We do not mass delete user uploaded data on any regular basis. However you may irreversibly delete your account and your data at anytime. You may also schedule regular deletions of previous posts.

In addition to regular backups we make of our infrastructure, you can backup your data and export it at any time.

Such exports will include archive of your content, including:

Your posts
Media attachments
Profile picture
Header image

Do we use cookies?

Yes.

Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account. We use cookies to understand and save your preferences for future visits.

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with valid legal requests, enforce our site policies, or protect the rights, property, or safety of ourselves and others.

Your public content may be downloaded by other servers in the network. Your public and followers-only posts are delivered to the servers where your followers reside, and direct messages are delivered to the servers of the recipients, in so far as those followers or recipients reside on a different server than this.

When you authorize an application to use your account, depending on the scope of permissions you approve, it may access your public profile information, your following list, your followers, your lists, all your posts, and your favorites.

Applications can never access your e-mail address or password.

Moving Away

You may close your Mastodon account or move it to another instance at any time. You may also redirect users from your profile here to your identity on your new instance. You are in control of your identity and your social graph on Mastodon (and other federated instances), but the administrators here control your ability to use this instance and to interact with its users.

FlingsElk