Legal framework of Ari-web

This is the legal framework of Ari-web which covers topics such as logging policy, privacy policy, data control, data control compliance, as well as other legal aspects when it comes to using Ari-web services. By using or requesting to use any Ari-web services you agree to the legal framework outlined in this document, and agree to keep yourself updated with or without notice.

This document serves as an agreement between you and Ari-web parties, regarding the use and management of Ari-web's services. It outlines the expectations, responsibilities, and limitations for both parties.

# Involved Parties

Ari-web, albeit mainly a single-person curated project by the Authoritative party, has multiple members separated into three authority layers: Authoritative Party (the party/-ies who make and finalize decisions as well as handling most of the project), Members (which may have the say in Authoritative Party's decisions as well as have volunteer responsibilities on the project), and Hosters (which may use or host services on Ari-web managed servers as per decision of the Authoritative Party).

Full list of the parties involved:

Collectively, we are called Ari-web. You are an outside party using our free (Libre and Gratis) and open source services. Although, responsibility for Ari-web goes to the Authoritative party.

# Liability Disclaimer

Ari-web disclaims all liability for any damages, data loss, dissatisfaction, or any other legal liability. You, as an individual user, are solely responsible for your actions, their consequences, and protecting yourself as well as your privacy and security.

In no event shall Ari-web be liable for any indirect, special, incidental, or consequential damages related to your use of its services.

# Privacy and Data Protection

Ari-web will make reasonable efforts to protect your privacy unless circumstances call for access termination, transfer, or limitation with or without notice, such as in cases of legal compliance or suspected misuse of services. Ari-web reserves the right to manage your access at its discretion. We will report any violations of the law to the required authorities if needed with the information you have consented to be logged for genuine interest.

# Modifications and Exceptions

Ari-web reserves the right to modify these terms at any time without prior notice. Exceptions to these terms may be granted by the Authoritative party in writing with a digital signature, at their discretion.

# Servers

# Transparency

Ari-web is committed to providing the utmost transparency in its operations and services wherever possible. This commitment includes, but is not limited to, clear communication regarding the use of data, service functionality, and any changes to terms or policies. While Ari-web strives to maintain this level of transparency, it acknowledges that certain circumstances may limit the extent of disclosure. Users are encouraged to reach out with any questions or concerns regarding transparency in the services provided. Ari-web will do their best to notify of changes of the legal framework, but it is your responsibility to keep up with the changes.

# Services

This table lists all self-hosted software (semi-)open for the public that people are welcome to use.

Service Description Link
Matrix homeserver (using Dendrite (s7evink/fetch-auth-events patch)) Semi-open registration, contact register@ari.lt for an account. matrix.ari.lt
XMPP/Jabber server (using Prosody) Semi-open registration, contact register@ari.lt for an account. lh/xmpp
Forgejo git forge instance Open registration. git.ari.lt
Email server hosting Mailcow Contact domains@ari.lt for custom domains (aggressive policy). mail.ari.lt (register here) Hosted domains: ari.lt, t1nklas.lt, lenvx.dev, cubiq.dev
Roundcube webmail Only for semi-managed Ari-web email users rc.ari.lt
Akkoma fediverse instance (source repository) Open registration. ak.ari.lt
SchildiChat & Cinny Matrix web clients Web clients for Matrix. schildi.ari.lt & cinny.ari.lt
PrivateBin instance Private public encrypted pastebin. pb.ari.lt
Private PocketBase instance Private database storage for Github: TheCubiq db.cubiq.dev
Forgejo instance for kappach.at Git forge instance of KappaChat - An extensible Matrix client written in C. git.kappach.at

# Community standards

  1. Abide by International, United States of America, Lithuanian, and Swedish Laws
  2. Maintain a Healthy Environment
  3. Uphold Human Decency. This includes:
    • Tolerance.
    • Ensuring non-discrimination. This covers racism, homophobia, transphobia, sexism, xenophobia, fatphobia, and other negative attitudes.
    • Avoiding the spread of misinformation and disinformation.
    • Being responsible and accountable for your actions.
    • Prohibit the spread of Child Sexual Abuse Material (CSAM), which includes forms such as Lolicon and Shotacon. Additionally, avoid any discussions that might imply a positive view of CSAM or related content.
    • Respecting other users.
    • Adhering to other generally accepted norms of behaviour.
  4. Do not share anyone's personal information without their explicit consent (also known as Doxing) - respect privacy of everyone.
  5. Do not engage in activities that infringe on the intellectual property rights of others.
  6. No Spam.
  7. No Harassment or Stalking. Engaging in harassment or stalking of other users is strictly prohibited.
  8. Avoid Harmful Behaviors - do not partake in actions that could harm individuals, jurisdictions, or systems.
  9. Sending sexually explicit or suggestive messages is not allowed.
  10. Follow Admin Guidelines - any behaviour deemed abusive by the administrators will be considered a violation of these guidelines.

# Compliance

Ari-web is committed to complying with the General Data Protection Regulation (GDPR) (as well as COPPA (Children's Online Privacy Protection Rule) if you live in the U.S.) and the Digital Millennium Copyright Act (DMCA).

It adheres to the principles outlined in the GDPR, ensuring that all personal data is processed lawfully, fairly, and transparently. We collect and process personal data and logs only for specified, legitimate purposes and ensure that such data is accurate, up-to-date, and retained only as long as necessary for those purposes. Users have rights regarding their personal data, including access, rectification, and erasure, which we honor in accordance with GDPR requirements even for non-EU citizens. We believe that such freedom is a basic human right.

It also respects intellectual property rights and complies with the provisions of the DMCA. We have implemented procedures to address any claims of copyright infringement and provide a mechanism for copyright holders to report alleged infringements through contact by email. We take such claims seriously and will respond promptly to any notices of claimed infringement.

If you notice any resource or action violating the law, GDPR, COPPA, or DMCA, contact Ari-web with all information and full paths and URLs/URIs of the violating content. Without sufficient information, we cannot do anything about the violations, so you may be requested for more information to be able to process your request.

By using our services, you acknowledge our commitment to these regulations and understand that we will take all necessary steps to ensure compliance with the law, GDPR, COPPA, and DMCA. Furthermore, you acknowledge that you are the age of digital consent and allow your data to be processed, or that your legal guardians have consented to your data being processed for non-commercial uses, for instance, instant messaging or serving of user-generated content to provide functionality to our provided services.

Contact us for any violations, questions, or various other things by either Authoritative party's contacts or by:

# Logging, privacy, and data processing

By using our services, you agree that any data you send to Ari-web servers to be processed, stored, logged, and served. We reserve to change these policies at any point for genuine interest which includes service functionality, moderation, administration, or allowing extra features with or without prior notice.

You reserve the right to request mass data deletion of any data logged or stored by simply sending a request to bye@ari.lt. Logs are mainly collected for moderation and service stability insurance.

Service Logged information Stored information Notes
All Your IP address (logs are rotated every 64 days), access URI, authentication attempts, timestamp, response code, and parameters Your IP address (temporarily for up to a week in-memory), all data you sent to be processed and expect it to be stored (such as comments, messages, files, ...), cookies You are responsible for your own privacy by using client-side encryption. Data on Ari-web is minimally processed, and even though we strive for best privacy and security, we place the responsibility of true privacy so only you see your data by using client-side encryption on you. (See OpenPGP). Your IP may be stored indefinitely if we notice large amount of potentially abusive traffic from you to block your IP address. Most logs are rotated every 64 days.
Computing (access to the server's compute resources) Everything you do on the system is logged, including file access, login attempts, and resource usage as well as the normal logs as described above ("All"). Stored information is all information you may put on the server, which includes (but is not limited to) files, logs, software, and code. These assets will not be served unless you choose to serve them yourself, in which case, you should request the Authoritative party to allow you to use certain ports and for them to be open to the open internet. You are responsible for ensuring your own privacy and not compromising the security of the compute resources, although, it will and is monitored to ensure best practices are being followed. You are responsible for managing your own resource usage without abusing them as well as adhering to Ari-web policies and initiating your own. You may not distribute or even read data or configuration that is not meant for you.
Matrix (matrix.ari.lt) Error reporting information with nonindefinable or minimally identifiable information. All Matrix rooms and events as well as files to be stored, federated or not. Federates the aforementioned events to other servers out of our control due to the nature of the mash nature of the Matrix protocol.
XMPP/Jabber (ari.lt ports 5222, 5269, 5223, 5270, and 5281) Client/server events (federated or not), including (but not limited to) connections and error reporting information. All XMPP events and multi-user chats as well as files to be stored, federated or not. XMPP has a unique way of storing various events, therefore, you are strongly encouraged to use private-only MUCs (multi-user chats) on muc.ari.lt with encryption with OMEMO or OpenPGP.
Git forge (Forgejo at git.ari.lt) Any events or actions taken by You on git Forge, including authenticating, creating repositories, organisations, using runners (actions), deleting repositories, commits, etc. All repositories (private and public) and their data as well as metadata, user profile data, authentication data, preferences, blocked users, avatars, descriptions, emails, organizations, etc. Git forge is meant to store data like a versioned file store of sort (i.e. Git VCS), therefore, all you send there will be served, to public or not (depending on your preferences).
Email mailboxes of Ari-web email using Mailcow (mail.ari.lt) All actions performed on email are logged. This includes: Email subject, email headers, rSpamD scan result, ClamAV antivirus results, access and authentication of both email and web UI, sent and received mail, IP address spam statistics, mailbox spam statistics, email (and its body) spam statistics (fuzzy hashes and scores mainly). This ensures full stability and deliverability of the email server. All data related to your email is stored. This includes: IP address, email body, attachments, headers, spam scores and metadata, email threads, WebUI accounts (and their associated data), etc. Even though we try to ensure best security of emails as well as secure access and storage, you are responsible for ensuring your total privacy. We are NOT allowed to invade your privacy unless circumstances call for it, although, to be safe, we suggest public key encryption to be used. See Termination, Limitation, and Transfer for more details.
Semi-managed email using custom domains using Mailcow (goes to mail.ari.lt) All data related to email mailboxes is logged as described above. Although, email hosting with custom domains comes with its own unique logging as well, for instance, you may be requested to add DMARC reports support to your domain. All administrator actions will also be logged and stored relating to your custom domain like login attempts, change of settings and rules as well as related events. Mailbox information is stored as described above. Administrator information is stored similarly to mailbox WebUI accounts, including authentication information and various domain-related information such as logs and private keys (like DKIM). You, as the domain administrator, are required to ensure best security practices when using Ari-web email and to not violate the described terms in this document. Your violation of these terms will be considered a breach, therefore, your access will be terminated with notice.
PrivateBin (pb.ari.lt) Logs your paste ID, although, does not log the private key used for encrypting the paste. Encrypted paste information is stored on the paste as sent by the client. When reporting a paste for violating content, please provide us with as much information as possible about the paste, including its ID and private key (all in the URL, which you can just supply to us).
RoundCube webmail (rc.ari.lt) Logs error information. Stores your sessions as well as your password in an encrypted format as well as user preferences, identities, and other related webmail data.
Matrix clients (schildi.ari.lt and cinny.ari.lt) All data and processing happens client-side.
Akkoma/fediverse instance (ak.ari.lt) All actions taken by administrators are logged as well as errors / warnings / faults related to various parts of the applications. Stores all data sent to the server, federated or not, such as user-generated content (posts, DMs), descriptions, content warnings, avatars, alt texts, interactions, tags, avatars, uploads, etc. and federates them to other servers out of our control due to the nature of the mesh nature of the ActivityPub protocol.

# Service availability

Ari-web tries to provide the best uptime, although, there is zero guarantee on any sort of service availability in percentage. You get what you get essentially. Although, expect minor downtime monthly or bimonthly for maintenance tasks such as a maintenance reboot or a configuration change. This assumption is not to be construed as a guarantee.

Ari-web disclaims any liability for service interruptions or downtime, and users acknowledge that they are using the services at their own risk. You may see Ari-web service status and messages at https://status.ari.lt/ which don't guarantee anything, but, may provide valuable insight in current status of Ari-web if you are experiencing any issues with it.

# Termination, Limitation, and Transfer

Ari-web reserves the right to terminate, limit, or transfer services, infrastructure, or general access in certain circumstances, as outlined below:

Termination or Limitation of Services: Ari-web may terminate or limit services if Ari-web deems the service too difficult to control or moderate, or if a constant pattern of violations or one extreme and severe violation is detected. For individuals, services may be terminated without notice if they continue to violate the terms of service or engage in behaviour that Ari-web considers unacceptable. Such decisions will be based on the outlines in this document as well as Ari-web interpretation of this document and their own discretion.

Transfer of Services: Ari-web will only transfer access to services in two scenarios:

In both cases, the Authoritative party reserves the right to make the final determination regarding the transfer of services based on their interpretation of the law and the circumstances surrounding the request.

Users acknowledge and agree that the Authoritative party's decisions regarding service termination, limitation, and transfer are final and not subject to appeal or legal action.

# Governing law

Ari-web and its services are subject to international laws as well as the laws of the United States of America, Lithuania, and Sweden. Users acknowledge that these jurisdictions govern the use of Ari-web services and any disputes that may arise in connection with them. This statement is intended to clarify the legal framework applicable to the services offered by Ari-web and does not create any binding obligations beyond this acknowledgment.

We are also subject to the terms of HostHatch which you can read at:

# Affiliations

Any member (volunteer) considered an Ari-web member (volunteer) is affiliated with Ari-web in a way where they are related and working on making Ari-web a better place for everyone at their own discretion. Furthermore, Ari-web as a non-legally-formed organization of individuals, cannot be affiliated with any legal entities. Affiliations are handled by the Authoritative party individually, and all benefits from that affiliation will be used at the Authoritative party's discretion whether it be by using it to support Ari-web, other projects, or for personal use.

All affiliate content on Ari-web share a part of the Ari-web license set, which usually includes copyright to the Authoritative party provided by licenses such as MIT, GPL, AGPL, BSD, or CC-BY-SA, or no copyright at all as provided by public domain licenses such as Unlicense, CC0, or WTFPL. Ari-web shalt never produce proprietary assets licensed under a proprietary license with greatly restricts others' ability to copy, modify, publish, use, compile, or distribute parts or full of it in source code form.

# Data scraping

You shall not scrape any data from Ari-web for unethical, wasteful, or abusive scraping purposes. For example, any scraping of data for training corporate AI models or Large Language Models using our Data and/or User Content in any way is prohibited and not deemed acceptable. You may scrape data solely for the purpose of indexing to improve searchability or for the development of client applications that utilize Ari-web services, as well as for education or entertainment purposes that would be considered reasonable and okay in most other applications, so long as it does not violate privacy, freedom, or rights of others and complies to our terms.

Should you fail to comply to these policies, you hereby acknowledge and agree that in situations where data scraping is found to be a breach of these terms, you agree to pay a fee of 1 euro per byte (8 bits) of digital data scraped from Ari-web, directly to the Authoritative Party, after which the finances will be treated and used donations - to support Ari-web, the Authoritative party, and also giving back to the people who's content was stolen. This clause is designed to prevent unethical and wasteful practices that not only harm the environment but also infringe upon the rights of our users and our organization.

If you are unsure whether or not you may scrape data for a certain purpose on Ari-web, you should contact scraping@ari.lt with your enquiries listing what purpose the data will be scraped for, what data will be scraped, and what you promise to do to protect the rights of others with your data scraping acts.

# Finances

Ari-web is fully funded by the Authoritative party and volunteer donations by Cryptocurrency. This includes:

Nobody shall ever, unless a change of status in Ari-web, be forced to pay for a publicly available service to use it unless it is by their own discretion through direct (monetary, which are logged in a public donation log) or indirect (code and help) donations.

Ari-web, as a project almost exclusively out of the Authoritative party's pocket, costs as follows:

Purpose Payment model Annual cost
Processing server 0 (mail.ari.lt) Quarterly ($45/qr) $180
Storage server 0 (cdn.ari.lt) Quarterly ($15/qr) $60
Domain (ari.lt) Annual ($12.58/yr) ~$13
Total ~$253 ±$20 (for misc. costs and taxes)

These costs do not include labour costs as well as various mishaps. We spend a lot of effort and time trying to maintain Ari-web a clean, nice, and stable place as much as it is in our power, while maintaining best security and community.

By continuing to use Ari-web's services, you agree to be bound by these terms and acknowledge Ari-web's right to enforce them as needed. You understand and accept that Ari-web is not a legal entity or company, but rather a service provided by a random person. As such, the terms outlined in this document are subject to change without notice.

Ari-web reserves the right to enforce these terms as deemed necessary, but makes no guarantees regarding the consistency or enforceability of the policies described herein. Users are advised to use Ari-web's services at their own risk and discretion with common sense.

By continuing to access and use Ari-web services, you signify your understanding and acceptance of these terms. If you do not agree with the terms, you are advised to discontinue using Ari-web services immediately and/or request a permanent data deletion by sending a request to bye@ari.lt.