feddit.ch adheres to the current and new swiss data protection policies, you find here:
Current: https://www.fedlex.admin.ch/eli/cc/1993/1945_1945_1945/de
New from 01.09.2023: https://www.fedlex.admin.ch/eli/cc/2022/491/de
Data controller
The data controller is @_Frog@feddit.ch
What data is collected?
Regarding this point, we must distinguish two steps.
(a) Registration in the community: username, password, sign up form and email (optional);
(b) Access to the community and user activities: IP address, username, password, (email).
The user data (username, password, sign up form and email) are stored in the database and specifically, the passwords are “hashed” (i.e., transformed into alphanumeric strings using the hash function).
Access to the community and user activities
Having completed the account creation process, the user can log in (Login) to the community through the browser, the IP address is acquired.
Each user is responsible for the content they intend to post on the Lemmy community.
In that phase, the personal data of users collected are the username, password, email address, and IP address.
Who can access the data and for what activities?
The server administrator (instance) can read data of the activities performed on the community recorded on the server and precisely in the database or log files (username, email, IP address, community web address, type of activity - technically GET or POST).
The administrator only accesses the users personal data for strictly technical reasons.
We should point out that access to a users personal data, whether in the database or logs, is a specific activity that is not generally performed except to resolve particular conflicts or errors.
The purposes of the processing
The purpose is to consult this website or interact by posting content, comments, or creating other communities. Accessing this website, and requesting to register as a user, means the user gave consent.
Furthermore, the purposes are also related to server maintenance and system and application upgrades.
The optional, explicit, and voluntary sending of electronic mail to the addresses indicated on this site involves the acquisition of the sender’s address necessary for the replies and any other personal data contained in the message. These data are processed to respond to messages sent and handle related requests. Failure to provide personal data for communications with us or send requests will prevent evading them. We store data for the time strictly necessary for the purposes related to data processing.
The only cookies are only functional ones and, therefore, no profiling or tracking activities.
Thus, this site does not use cookies other than functional cookies solely for the functional purposes described above, and their installation does not require the user’s consent.
Data recipients
We do not communicate personal data collected from this website following its consultation to recipients or categories of recipients.
Period for storing personal data
Apart from what is specified above, the data collected by this website during its operation are stored for the time strictly necessary for the activities specified. The data will be deleted or anonymized at the expiry date unless there are no other purposes for storing the same.
Transferring personal data to a third country or international organization The data controller, the administrator of Lemmy’s instance, does not transfer data outside of Switzerland.
Users registered on an instance are always solely responsible for their activities by creating communities or publishing posts or comments.
There is no transfer outside of Switzerland when registered users on an instance within Switzerland perform activities on the same server (instance). For example, our instance (https://feddit.ch) is located in Zurich, Switzerland. If users registered on our instance perform activities on our server, there is no data transfer outside the Switzerland. Similarly, there is no data transfer outside the Switzerland even if registered users on our instance subscribe, publish posts, or comments on other instances. Indeed, in the latter case, our instance administrator can access the logs and see only the domain (and thus not even the full URL of the community on which activities are performed) and its IP address. No further user data is transferred outside of Switzerland by the administrator or automatically by the Lemmy platform. The user should be aware that their username in the form “@username@domainofcommunity” (e.g., in our case, @username@feddit.ch) will be visible in the community in which they have intervened (e.g., to publish posts or comments).
There will be no transfer of data outside of Switzerleand even if the user intends to create a community on the existing Lemmy instance within Switzerland.
All of this is because it is a proper function of the fediverse’s system and the ActivityPub protocol used by Lemmy.
Security measures
Visitor or user data are processed lawfully and correctly by adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of data. Your data in the communication session with this website are protected by a Secure Sockets Layer (SSL) certificate that uses a cryptographic presentation protocol, encrypting the information. Any data stored on a disk in the Azure cloud is encrypted and protected from unauthorized access.