Privacy and Security

Privacy Policy

YDFS takes privacy and security very seriously, we leverage industry standard protocols and best practices to protect our services and data. However, we strongly encourage you to be proactive in your own practices.

Privacy Conscious

YDFS is operated by a small group of privacy and security conscious individuals. If you have any questions, feel free to drop us a line, for more information or help.

Learn more


We enable encryption for all supported services, however we strongly encourage you to encrypt your communications using OMEMO or PGP where possible.

Learn more

Personal Data

We only collect information necessary to operate our free services, nothing more, nothing less. Messages cached for delivery, are stored for a maximum of 7 days. File uploads are cached for a maximum of 24 hours.

Learn more

YDFS Privacy Policy

Have any questions? Reach out to bean or kek.

Overview of user's data
  1. 1. JID.
  2. 2. SCRAM-SHA1 hashed password, used to authenticate clients.
  3. 3. Registration and last login timestamp, used to purge unused accounts after 3 months of inactivity.
  4. 4. User's contact list and subscriptions.
  5. 5. Offline messages and MAM.
  6. 6. User's vcard; it might contain a profile picture and other user configured information.
Data processed
  1. 1. IP addresses are not stored by default, however might be retained for as long as 1 hour to prevent bruteforce attacks.
  2. 2. Messages might be stored for as long as 24 hours on the server to provide cross device synchronization.
  3. 3. Messages might be stored on the server in case the recipient is offline, messages are deleted after being delivered or in any case after 7 days.
  4. 4. Files uploaded via the http_upload module are stored on the server for as long as 24 hours.
  5. 5. Push notifications depending on the platform and XMPP client used, might leak some metadata to third-party services not operated by us. This XMPP server is configured to prevent leaking the message body in any case, recipient JID and other information might be passed on to the third-party entity operating the push messaging platform. Check your client of choice push message implementation and settings.s
  6. 6. If we are required to cooperate with LEA, it will be done in accordance with the applicable laws.
Backups are taken daily and are stored encrypted on a remote location for 1 month.
Other information
  1. 1. Users are encouraged to protect messages by using OMEMO and other end-to-end encryption protocols.
  2. 2. Users can delete their account at any time, directly from their client (Conversions, Gajim, Siskin).