You have a reasonable expectation of privacy regarding any communication or data transiting or stored on this information system. We collect very little personal information, and none of the information we do collect is ever shared.
Information we collect and retain
When you create an account, we retain the date you registered. Unless you delete it from your user account, we retain the alternate email addresses that you specify. You may choose to delete your alternate email address, but if you do so, we will not be able to restore access to your account if you lose the password have another method of identity validation.
While currently logged in, we keep a temporary session identifier on your computer that your software uses to prove your authentication state. This is erased immediately after you log out or the session expires. We do not intentionally use any third party cookies or tracking of any kind.
Email transit logs
In order to detect when our servers are under attack from a “spam bomb” or when a spammer is using our system, we keep a log of the “from” or “to” information for every message relayed. These logs are purged on a regular basis.
Information we choose to not retain
No IP addresses of any user for any service are retained.
Your web browser communicates uniquely identifying information to all web servers it visits by allowing the site to know details about your operating system, browser information, plugins installed, fonts installed, screen resolution, and much more. We do not retain any of this information.
Even when using end-to-end OpenPGP encryption for email messages, the email “subject” and routing information regarding the message “from” and “to” are seen by our servers in the clear when the email initially arrives. This is due to inherent limitations in the email protocol and in OpenPGP. Matrix also stores metadata on encrypted conversations by design.
How we store and share collected information
All of your data is stored in a secure data center, and only bunker.is admins have access to the machines. Off-site backups are fully encrypted.
We strongly suggest encrypting as much as possible client side for your privacy.
Some messages that you send or receive will not be end-to-end-encrypted (for example, when the other party does not support email encryption or when matrix is used without end-to-end encryption enabled). We cannot ensure that the contents of the mail have not been intercepted in transit.
We do not share user information
We retain only the bare minimum of information about each user that is required to make the service work. We do not sell or share any of it.
Anonymous, aggregated information that cannot be linked back to an individual user may be made available to experienced researchers for the sole purpose of developing better systems for anonymous and secure communication. For example, we may aggregate information on how many messages a typical user sends and receives, and with what frequency.
We will not read, search, or process any of your incoming or outgoing mail other than to protect you from viruses and spam or when directed to do so by you when troubleshooting.
You may choose to delete your bunker.is contributor account at any time. Doing so will destroy all the data we retain that is associated with your account. The usernames associated with deleted accounts remain unavailable for others to use for one year.
For public services such as matrix and mastodon accounts can not be currently deleted but only deactivated due to restrictions in the software itself.
Changes to this policy
We reserve the right to change this policy. If we make major changes, we will notify our users in a clear and prominent manner. Minor changes may only be highlighted in the footer of our website.
Our free services are possible due to the generosity of our users. Becoming a contributor gives you access to a wider range of services. We dont think the users should be the product. We think you should know who has access to your data and why. Meet us and find out more.