Privacy Policy - Wusoup help

# Privacy Policy Wusoup takes your privacy very seriously and complies with the EU's **General Data Protection Regulation ([GDPR](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation))**. The same level of privacy protection is offered to both EU and non-EU users. I'd like this policy to be as **clear** and **fair** as possible - please [[About/Contact|let me know]] if anything is unclear, or if you have any concerns! ## Cookies and tracking Wusoup does **not** track you, and it does **not** enable any 3rd parties to track you. Wusoup uses only **one** cookie, and it is used **exclusively** for secure authentication. The cookie is set during login, onboarding, or access of Wusoup's "guest mode". The cookie does not contain any personal information. ## Personal data stored | What data | When it's collected | Why it's collected | How it's stored, and for how long | Comments | | ------------------------------------------- | ----------------------------------- | ----------------------------------------------------------------------- | ------------------------------------------- | --------------------------------------------------------------------- | | **Part** of your **IP address** (x.y.z.000) | Automatically when you visit Wusoup | Security: rate-limiting, and to help detect malicious requests | On my (EU) server, for <30 days | Doesn't directly identify you, but can identify your country and city | | Your browser data (**user agent**) | Automatically when you visit Wusoup | Analytics: so I know which devices to optimise for | On my server, for < 30 days | Doesn't directly identify you | | Your **email address** | When you choose to join Wusoup | Used for logging in (email links) and notifications (e.g. new messages) | On my server, until your account is deleted | Never shared with users or companies, and never used for marketing | ## Personal data shared Wusoup does **not** share any personal data with any 3rd party companies or services. Wusoup allows you to decide what profile information to share with other Wusoup or internet users: - Your email address will **never** be shared. - Your chosen username **will** be shared, but may be anonymous. - Your age and location (country, city) **may** be shared or hidden (you decide). - Your uploaded profile photos **may** be shared or hidden (you decide). You profile options should make it clear what will be visible, and to whom. Please [[About/Contact|let me know]] if anything is unclear! ## Message privacy The messages you write on Wusoup are visible **only** to: - The message recipient. - Me (Peter Taoussanis, Wusoup's author). I will review a user’s messages **only** when necessary to investigate potential violations of Wusoup’s [[About/Community Standards|community standards]] or [[Legal/terms of use]]. In such cases, I will make every effort to view only the minimum number of messages required to complete the investigation. In cases involving serious illegal activity (such as fraud, abuse, or child endangerment), I may report such activities to the appropriate law enforcement agencies. ## Anonymous community statistics Your behaviour on Wusoup (e.g. logging in, starting chats, sending messages) may be anonymously recorded for aggregate statistical purposes to help me understand community trends like engagement over time and the usage of certain features. These anonymous community statistics may be [[Misc/Community Stats|shared publicly]] for fun, but will never personally identify any individual users. ## Account security It is **solely your responsibility** to ensure that you keep private any credentials used to log in to your Wusoup account: - If you have a Wusoup password: use a strong password (some minimums are enforced) and **keep your password private**. - If you have **email login** enabled: use a strong email password and follow any other security recommendations from your email provider. ## Export or delete your data You can permanently delete all your data on Wusoup at any time via your **account options** [here](https://www.wusoup.com/wz/opts/account). To get an export of your data, just [[About/Contact|let me know]]. (I can also make this self-serve in future if there's interest). Note that for privacy and technical reasons, Wusoup may store only your **most recent messages** from each chat - and **may regularly delete messages** from old inactive chats! ## Automatic data deletion As a privacy measure, all your data (including messages) **may** be **automatically deleted** if you don't log in for more than **24 months**. In this case, warning emails will be sent at 3 months, 1 month, and 48 hours before deletion. This behaviour is intended to cover cases like someone passing away, etc. Also note that for privacy and technical reasons, Wusoup may store only your **most recent messages** from each chat - and **may regularly delete messages** from old inactive chats! ## Technical security measures Wusoup is designed, built, and deployed following security best practices including: - Forced [strong HTTPS](https://www.ssllabs.com/ssltest/analyze.html?d=www.wusoup.com) everywhere with [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) (preload). - Single-tenant hardened server deployment with 2FA SSH access, hosted in Germany under EU data protection laws. - Updated, mature server software including: NGINX, JVM 10+, etc. - Modern browser protections incl. anti CSRF/XSS, CSP, strict transport security, etc. - [Scrypt](https://en.wikipedia.org/wiki/Scrypt) key derivation to protect passwords and prevent brute-forcing.