Privacy Policy

1. What information do we collect?
  • Basic account information: If you register on this server, you may be asked to enter a username, an e-mail address and a password. You may also enter additional profile information such as a display name and biography, and upload a profile picture and header image. The username, display name, biography and avatar image are always listed publicly.
  • Posts, following and other public information: The list of people you follow is listed publicly, the same is true for your followers. When you submit a message, the date and time is stored as well as the application you submitted the message from. Messages may contain media attachments, such as pictures and videos. Public and unlisted posts are available publicly. When you feature a post on your profile, that is also publicly available information. Your posts are delivered to your followers, in some cases it means they are delivered to different servers and copies are stored there. When you delete posts, this is likewise delivered to your followers. The action of reblogging or favouriting another post is always public.
  • Direct and followers-only posts: All posts are stored and processed on the server. Followers-only posts are delivered to your followers and users who are mentioned in them, and direct posts are delivered only to users mentioned in them. In some cases it means they are delivered to different servers and copies are stored there. We make a good faith effort to limit the access to those posts only to authorized persons, but other servers may fail to do so. Therefore it’s important to review servers your followers belong to. You may toggle an option to approve and reject new followers manually in the settings. Please keep in mind that the operators of the server and any receiving server may view such messages, and that recipients may screenshot, copy or otherwise re-share them. Do not share any dangerous information over Pixelfed.
  • IPs and other metadata: When you log in, we record the IP address you log in from, as well as the name of your browser application. All the logged in sessions are available for your review and revocation in the settings. The latest IP address used is stored for up to 12 months. We also may retain server logs which include the IP address of every request to our server.
2. What do we use your information for?

Any of the information we collect from you may be used in the following ways:

  • To provide the core functionality of Pixelfed. You can only interact with other people’s content and post your own content when you are logged in. For example, you may follow other people to view their combined posts in your own personalized home timeline.
  • To aid moderation of the community, for example comparing your IP address with other known ones to determine ban evasion or other violations.
  • The email address you provide may be used to send you information, notifications about other people interacting with your content or sending you messages, and to respond to inquiries, and/or other requests or questions.
3. How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. Among other things, your browser session, as well as the traffic between your applications and the API, are secured with SSL, and your password is hashed using a strong one-way algorithm. You may enable two-factor authentication to further secure access to your account.

4. What is our data retention policy?

We will make a good faith effort to:

  • Retain server logs containing the IP address of all requests to this server, in so far as such logs are kept, no more than 90 days.
  • Retain the IP addresses associated with registered users no more than 12 months.
  • You can request and download an archive of your content, including your posts, media attachments, profile picture, and header image.

You may irreversibly delete your account at any time.

5. Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account.

We use cookies to understand and save your preferences for future visits.

6. Hosting

6.1 Cloudflare

We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (Cloudflare) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 Abs. 1 lit. f DSGVO). A CDN is a network of [globally] distributed servers that is able to deliver optimized content to the website user. For this purpose, personal data may be processed in server log files by Cloudflare.

Cloudflare is a recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the scope of Art. 6 Abs. 1 S. 1 lit. f DSGVO not to operate a content delivery network ourselves.

The processing of the data provided under this section is not required by law or contract. The functionality of the website is not guaranteed without the processing.

Your personal data will be stored by Cloudflare for as long as necessary for the purposes described.

Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses.

For more information, please visit: Cloudflare Customer SCCs-German

6.2 Amazon Web Services - Simple Storage Service (Amazon S3)

We use the "Simple Storage Service" from Amazon Web Services. Amazon Web Services EMEA SARL ("AWS EU"), 38 Avenue John F. Kennedy, L-1855 Luxembourg, is the controller of personal data collected and processed through the "Amazon Web Services" offerings. AWS EU is the authorized representative of Amazon Web Services Inc ("AWS US"), 410 Terry Avenue North, Seattle WA 98109, United States.

By using the Services, data is transmitted to AWS EU and, in certain circumstances, from AWS EU to AWS US. The Amazon Group may process the transmitted data to create anonymized user profiles for statistical purposes. In principle, we have no influence on this data processing. AWS EU is therefore responsible for this data processing.

Amazon S3 is an object storage service. Customers can use this service to store and back up any amount of data for a wide variety of use cases, including websites, mobile apps, backup and recovery, archiving, enterprise apps, and IoT devices.

6.3 Hetzner

We host our website with Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen.

For details, please refer to Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz.

The use of Hetzner is based on Art. 6 Abs. 1 lit. f DSGVO. We have a legitimate interest in ensuring that our website is presented as reliably as possible. Insofar as a corresponding consent has been requested, processing is carried out exclusively on the basis ofArt. 6 Abs. 1 lit. a DSGVO und § 25 Abs. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG.

We have concluded an order processing agreement (Auftragsverarbeitung) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

7. Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.

Your public content may be downloaded by other servers in the network. Your public and followers-only posts are delivered to the servers where your followers reside, and direct messages are delivered to the servers of the recipients, in so far as those followers or recipients reside on a different server than this.

When you authorize an application to use your account, depending on the scope of permissions you approve, it may access your public profile information, your following list, your followers, your lists, all your posts, and your favourites. Applications can never access your e-mail address or password.

8. Site usage by children

Our site, products and services are all directed to people who are at least 18 years old. If you are under the age of 18, do not use this site.

9. Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page.

Last updated Aug 25, 2023.