>Overview of user's data

1. JID.
2. SCRAM-SHA1 hashed password, used to authenticate clients.
3. Registration and last login timestamp, used to purge unused accounts after 3 months of inactivity.
4. User's contact list and subscriptions.
5. Offline messages and MAM.
6. User's vcard; it might contain profile picture (avatar) and other information.

>Data processed

1. IP address is not stored by default, might be retained for as long as 1 hour to prevent bruteforce attacks.
2. Messages might be stored for as long as 24 hours on the server to provide cross device synchronization.
3. Messages might be stored on the server in case the recipent is offline, messages are deleted after being delivered or in any case after 7 days.
4. Files uploaded via http_upload module are stored on the server for as long as 24 hours.
5. Push notifications depending on the platform and XMPP client used might leak some metadata to third party services not operated by us.
While this XMPP server is configured to prevent leaking messages body in any case, recipient JID and other information might be passed to the third party entity operating the push messaging platform.
Check your client of choice push messaging implementation and settings.
6. If we are required to cooperate with LEA, it will be done in accordance with the applicable laws.


Backup are taken daily and stored encrypted on a remote location for 1 month.


1. Users are encouraged to protect messages by using OMEMO and other end-to-end encryption protocols.
2. Users can delete their account at any time directly from their client (Conversations, Gajim, Siskin)

XMPP Tips & Tricks!
Failed SSH login attempts
Warrant Canary
Privacy policy
Back to the homepage?

server2client | server2server score