This privacy policy is compiled in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 (GDPR) EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). The objectives of this policy are to explain the purposes and procedures for processing user data.
The privacy policy is based on the European Union Convention on Human Rights. This means that we will protect your right to privacy by any means available and will not share your data with third parties, whoever they may be. We will not provide user data, even to the President of the Universe, if he will not confirm access permission to account. However, you must understand that we are not a 404 is not a bulletproof hosting and in the event of an official verified court decision to spy on a user who has committed a serious crime, we are required to provide available data about the user, alike other services on the public Internet.
Jabber server is a message router on the XMPP network. For the transmission of messages and the operation of the server, the server stores XMPP the information provided by the XMPP standard. Privacy laws regarding the secrecy of correspondence and communications prohibit us from accessing users' private unencrypted communications without permission. We strictly respect confidentiality, understand that we have no right to spy on anyone, and do not never interfere in the privacy of people
The server is used by a variety of people including government officials, military, policeman, institutions, companies There is no specific privacy policy for government users and a government user is treated as a separate private user. Administrators of government and educational institutions cannot request to bypass the privacy policy to obtain employee data. Use of the server for military purposes is prohibited by the acceptable use policy. We do not have the right to disclose information about current government employees, including place of work and type of activity, however, we recommend using instant messengers with security add-ons (Standards most countries recommend using OpenPGP for e-mail, which is applicable for XMPP) when transferring sensitive information
Username - login. Used as an address for message delivery and for authentication into the system. In order to protect against address spoofing using national alphabets, only Latin characters are allowed.
XMPP ID - (username@404.city) Used for decentralized communication within a federation XMPP (XEP-0029)
Password - access key to the account and to log in to the message delivery system. The password for the account is stored as a salt hash (XEP-XXXX)
UID - user identifier. Allows you to securely delete and re-create accounts using the same XMPP address. The new account gets a new UID, even if the username matches the previously deleted account another user. In addition, the UID is a public agreement number that is subject to the Terms of Use and Privacy Policy , regardless of the previous user of the XMPP ID.
Backups are created by accident or before a major system update. Backups are stored for a month from the moment of creation
IP address - Used to establish a connection to the server, prevent abuse, operate the password protection system against brutesoft and diagnosing server errors.
Nginx logs are kept for 14 days used diagnosing server errors.
Ejabberd error logs are kept for 30 days used for diagnosing server errors.
Archive of messages for 30 days. Used to synchronize between disconnected and connected devices (XEP-0313: MAM)
Pool 50 offline undelivered messages (XEP-0160: Best Practices for Handling Offline Messages) Used to deliver messages to the first connected device, if for some reason the messenger does not support message archive or the user has disabled MAM. Messages will be deleted immediately after delivery or within 30 days if they were not delivered
User contact list. Used to synchronize contacts (RFC 6121)
Encrypted or unencrypted files sent by the user. Stored for 30 days if the user does not delete earlier. (XEP-0363: HTTP File Upload )
E-mail - used as a means of protection against abuse when creating accounts and for manual password recovery through the support contact. E-mail addresses have new accounts
Due to regulatory requirements, any connection from the Tor network is not available due to the increased risk of abuse. If you need to connect through Tor for any reason, use other servers that indicate compatibility with the Tor network and have mirrors on the darknet
404 does not control message processing rules for artificial intelligence or other bots
In accordance with the law, just like other Internet service providers, we are obliged to provide any information we have about users who have violated the law. We can only comply with a court order or other official legal act. This implies that the requestor must pass a validation check to ensure that the access is legitimate. We are not allowed to provide user information to anyone who does not have a legal basis to do so.. Because most users use device-side encrypted messaging apps and we do not have access to users devices, we can often only provide contact list and IP address (if available) . If we have to suspect that political harassment, social engineering, or any other illegal request that violates an individuals privacy rights is taking place, we will not provide the information
Abandoned accounts that have not been used for more than 2 years and 1 month are automatically deleted. The account deletion period has been adjusted to take into account the periods of compulsory military service in most countries of the world. however, in some cases accounts may be deleted earlier due to technical reasons or due to incompatibility with a previous version of the privacy policy
This policy is subject to update over time. If you cannot agree with the data processing rules you can will delete your account in setting panel
Last update 2024/09/25