The ARI.LT Terms of Service Author: Ari Archer at 2024-08-21 Last modified: 2024-08-21 License: The Unlicense By using the services provided by ari-web, including but not limited to XMPP, Matrix, Vikunja, email, and email hosting, you agree to the following terms and conditions which apply since the last modification: 0. Definitions * The Authoritative party: Refers to the owner of ari.lt which funds, manages, administrates, authorises, and moderates whole of ari.lt and its services. * Ari-web (ari-web): Refers to all volunteers working with/on ari.lt, referring to people authorised to do so by the Authoritative party. This encompasses the Authoritative party as well. * Hosters: Any people, not specifically a part of ari-web, who may host services on ari-web servers or use managed services relating to ari-web. * User: Any person using ari-web services. 1. Parties * The Authoritative party: Ari Archer * Email: ari@ari.lt * Matrix: @ari:ari.lt * XMPP/Jabber: ari@ari.lt * Fediverse: @ari@ak.ari.lt * Form: https://ari.lt/#gb (public guestbook, which goes directly to the party * Public GPG key: https://ari.lt/4FAD63E936B305906A6C4894A50D5B4B599AF8A2.asc (signature 4FAD63E936B305906A6C4894A50D5B4B599AF8A2) * Other ari-web members * Cubiq (part of the ari-web git organization, front-end advisor) * Twitter/X: @CubiqNation * Instagram: @tennajivniblazenztgm * LinkedIn: @jakub-lajsek * Email: jlajsek@gmail.com * Zayd (administrates Akkoma (Fediverse)) * IRC: zayd on libera.chat * Session (not checked often): 05d790add6647a049f58ce81c80aacc476859880af911cad105cf34fb8757b8872 * Signal: https://signal.me/#eu/CDgDVDNMuKpx2BxAwHIcMq2iR3G-gw2XbKOOMm5BAg4XnhVXqHhKtJPvBXCDpwnu * Matrix: @zayd:imagisphe.re * XMPP: zayd@telepath.im * Telegram (avoid unless needed): https://t.me/nsa_employee * Website: https://wanderer.envs.net/ * Joseph Winkie AKA jjj333_p (moderates parts of Matrix) * Signal: @jjj333_p.69 * Telegram: @jjj333_p_1325 * Matrix: @jjj333:pain.agency, @jjj333_p_1325:envs.net, @jjj333_p_1325:matrix.org, and more alternative accounts on their website * Phone: +1 (740) 481 1253 * XMPP: jjj333@pain.agency * Snapchat: @jjj333_p * Email: jjj333.p.1325@gmail.com * Fediverse: @jjj333_p@ak.ari.lt * Twitter/X: @Jjj333P * Website: https://pain.agency/ * LDA (moderates parts of Matrix) * Matrix: @lda:a.freetards.xyz, @fourier:ari.lt * Discord (avoid): ldasux * Fediverse: @lda@ak.ari.lt * XMPP: lda["at&t" without the "&t"]freetards.xyz * Website: https://freetards.xyz/ * Morguldir (moderates parts of Matrix) * Matrix: @morguldir:sulian.eu, @morguwuldir:uwu.sulian.eu * Website: https://sulian.eu/ * Hosters * Alyssa/T1nklas/Al (hosted/managed email Hoster) * Email: alyssa@t1nklas.lt * Fediverse: @lyra@crumb.lt * Website: https://t1nklas.lt/ * Lenvx (hosted/managed email Hoster) * Email: hi@lenvx.dev * Fediverse (inactive): @lonely@ak.ari.lt * Website: https://lenvx.dev/ 2. Purpose This document serves as a non-legally binding agreement between you, the User, ari-web, and the Authoritative party, regarding the use and management of ari-web's services. It outlines the expectations, responsibilities, and limitations for both parties. 3. User Agreement By using ari-web's services, you acknowledge and agree to the terms outlined in this document. You understand that exceptions authorized by the Authoritative party in writing with a digital signature may apply, with or without notice, depending on the circumstances and opinion of the Authoritative party. 4. Liability Disclaimer Ari-web disclaims all liability for any damages, data loss, dissatisfaction, or any other legal liability. You, as an individual user, are solely responsible for your actions, their consequences, and protecting yourself as well as your privacy and security. 5. Privacy and Data Protection The Authoritative party will make reasonable efforts to protect your privacy unless circumstances call for access termination, transfer, or limitation with or without notice, such as in cases of legal compliance or suspected misuse of services. 6. Modifications and Exceptions The Authoritative party reserves the right to modify these terms at any time without prior notice. Exceptions to these terms may be granted by the Authoritative party in writing with a digital signature, at their discretion. 7. Limitation of Liability In no event shall ari-web be liable for any indirect, special, incidental, or consequential damages related to your use of its services. 8. Servers * Processing server 0 * IPv4: 153.92.126.2 * IPv6: 2a0e:dc0:2:11f1::/64 (Primary 2a0e:dc0:2:11f1::1) * Location: Stockholm, Sweden * Hosting provider: HostHatch * Hardware: 4 AMD EPYC cores (2 dedicated, 2 fair-shared), 16 GB of DDR4 RAM, 75 GB of NVMe storage, 4 TB of network bandwidth * Purpose: Processing of all requests, traffic, and hosting as well as processing of data and services. * Access: Only explicitly allowed traffic is allowed, exposed traffic is rate limited and sometimes strongly authenticated where needed. * Storage server 0 * IPv4: 153.92.126.215 * Location: Stockholm, Sweden * Hosting provider: HostHatch * Hardware: 1 vCPU core, 1024 MB of RAM, 1000 GB of HDD storage, 2500 GB of network bandwidth. * Purpose: Storing data * Access: Cut off from the rest of the internet except rate limited and strongly autheticated port 22 traffic for SSH. 8. Transparency The Authoritative party is committed to providing the utmost transparency in its operations and services wherever possible. This commitment includes, but is not limited to, clear communication regarding the use of data, service functionality, and any changes to terms or policies. While the Authoritative party strives to maintain this level of transparency, it acknowledges that certain circumstances may limit the extent of disclosure. Users are encouraged to reach out with any questions or concerns regarding transparency in the services provided. Ari-web will do their best to nodify of changes of ToS, but it is your responsibility to keep up with the changes. 9. Services Ari-web provides the following services: * Matrix homeserver at matrix.ari.lt running Dendrite (contact the Authoritative party for registration) * XMPP/Jabber server at most standard ports of this protocol on ari.lt servers running Prosody (contact the Authoritative party for registration) * Git Forge instance at https://git.ari.lt/ running Forgejo (open registration, requires email) * Email mailboxes on ari.lt (contact the Authoritative party for registration) * Email hosting on ari.lt servers (only possible if the Authoritative party and the User have established trust) * Vikunja at https://vi.ari.lt/ (open registration, requires an email) * PrivateBin at https://pb.ari.lt/ (free encrypted pastebin, nobody can see the contents of your paste without knowing the secret key) * Akkoma (Fediverse) instance at https://ak.ari.lt/ (federated social network) Other hosted services by others: * https://db.cubiq.dev/ pocketbase hosting (private) * https://t1nklas.lt/ email hosting * https://lenvx.dev/ email hosting * https://git.kappach.at/ Forgejo hosting * More to come... 10. Community standards You are expected to comply with the following standards while using ari.lt and ari-web related services: 1. Abide by United States of America, Lithuanian, and Swedish Laws 2. Maintain a Healthy Environment 3. Uphold Human Decency. This includes: - Tolerance. - Ensuring non-discrimination. This covers racism, homophobia, transphobia, sexism, xenophobia, fatphobia, and other negative attitudes. - Avoiding the spread of misinformation and disinformation. - Being responsible and accountable for your actions. - Prohibiting the spread of Child Sexual Abuse Material (CSAM) (including Lolicon and Shotacon). - Respecting other users. - Adhering to other generally accepted norms of behaviour. 4. Do not share anyone's personal information without their explicit consent (also known as Doxing) - respect privacy of everyone. 5. Do not engage in activities that infringe on the intellectual property rights of others. 6. No Spam. 7. No Harassment or Stalking. Engaging in harassment or stalking of other users is strictly prohibited. 8. Avoid Harmful Behaviors - do not partake in actions that could harm individuals, jurisdictions, or systems. 9. Sending sexually explicit or suggestive messages is not allowed. 10. Follow Admin Guidelines - any behaviour deemed abusive by the administrators will be considered a violation of these guidelines. 11. Compliance Ari-web is committed to complying with the General Data Protection Regulation (GDPR) and the Digital Millennium Copyright Act (DMCA). It adheres to the principles outlined in the GDPR, ensuring that all personal data is processed lawfully, fairly, and transparently. I collect and process personal data only for specified, legitimate purposes and ensure that such data is accurate, up-to-date, and retained only as long as necessary for those purposes. Users have rights regarding their personal data, including access, rectification, and erasure, which we honor in accordance with GDPR requirements. It also respects intellectual property rights and complies with the provisions of the DMCA. We have implemented procedures to address any claims of copyright infringement and provide a mechanism for copyright holders to report alleged infringements. We take such claims seriously and will respond promptly to any notices of claimed infringement. If you see any resource violating the law, GDPR, or DMCA, contact the Authoritative party with all information and full paths and URLs/URIs of the violating content. Without sufficient information, the Authoritative party cannot do anything about the violations. By using our services, you acknowledge our commitment to these regulations and understand that we will take all necessary steps to ensure compliance with the law, GDPR, and DMCA. 12. Privacy and Logging This describes how Privacy and Logging work on all ari-web provided services. By using the services I provide, you agree with these terms and policies, and acknowledge the fact that it won't be public unless it is obviously made to be public (for instance, in case of Git forge public repositories). No private data (such as email data) will be released or even exported or read without a serious need to do so (for example, need to comply with law enforcement or back email data up to avoid data loss). * Website: Your IP is stored temporarily in memory for rate limiting purposes. Nothing is logged. * Matrix homeserver: All data you sent to the Matrix homeserver is stored (including, but not limited to: sessions (including their IPs) for as long as you don't log out, media (for as long as needed), ciphertext of messages in encrypted rooms and plaintext ones in non-encrypted rooms, profile pictures, and generally decentralised Matrix events). For maximum privacy, it is recommended you use encrypted rooms, so the Authoritative party may not see your messages. This data is required for ensuring security and usability of the service and you can delete this data by deleting events yourself and deactivating your account. For full data deletion only on ari.lt, due to how the Matrix protocol works, contact the Authoritative party, which will delete it manually from the database only for ari.lt (as other servers may still have this data due to the decentralised nature of Matrix). Non-identifiable errors on the server are logged for a period of time. You may request deletion of these logs at any point without deleting your account. * XMPP/Jabber server: All data you sent to the XMPP/Jabber server is stored (including, but not limited to muti-user-chat (MUC) state, non-encrypted media, and message ciphertext). For maximum privacy, it is recommended you use encrypted MUCs, so the Authoritative party may not see your messages in any way. This data is required for ensuring security and usability of the service and you can delete this data by deleting events yourself and deactivating your account. For full data deletion only on ari.lt, due to how the XMPP/Jabber protocol works, contact the Authoritative party, which will delete it manually from the database only for ari.lt (as other servers may still have this data due to the decentralised nature of XMPP/Jabber). Nothing personal is truly logged except non-identifiable Prosody errors. * Git forge: All data you store and send there, including private repositories, is stored on the server unencrypted alongside all user profile data, such as email, avatar, description, email, password hashes, git commits, public GPG and SSH keys, 2-factor-authentication (2FA), preferences, blocked users, organizations, etc. This data can be deleted by you deleting your account. Your IP address and what endpoints it is hitting is logged in memory for a period of time until it is either restarted, cleared, or overwritten. You may request deletion of these logs at any point without deleting your account. * Email mailboxes: They log the following information for security, moderation, legal, diagnostic, and functionality purposes: Your IP address(es), Login/logout (authentication) attempts, Rate limit triggers, Origin and target of e-mails, Email subject matter and spam score. Some of these logs are purely in memory, though some (last two) are stored for a prologed period of time for diagnostic, moderation, and legal purposes. You may request deletion of these logs at any point without deleting your mailbox. All data you send and recevie to it is stored on the server in an encrypted and compressed format, though that does not mean that the plain text is unrecoverable as the secret keys are stored on the server as well. It is your responsiblity to ensure privacy yourself by using encryption such as RSA or GPG. * Email hosting: Same logging policy applies to email hosting as email mailboxes, except with the addition of DMARC reports which show errors and deliverability problems in certain email servers if you choose the DMARC policies the Authoritative party recommends. All data you send and recevie to it is stored on the server in an encrypted and compressed format, though that does not mean that the plain text is unrecoverable as the secret keys are stored on the server as well. It is your responsiblity to ensure privacy yourself by using encryption such as RSA or GPG. * Vikunja: Similarly to Git forge, Vikunja stores your IP and endpoints you access in it temporarily in memory. You may request the deletion of these logs at any point without the deletion of your account. All data you store in Vikuja is stored in plain text, unless otherwise encrypted by you. * PrivateBin: Does not log anything and ari-web in no capacity can see you IP address or the contents of your pastes without the secret key. Knowing the ID will only allow the deletion of content, but not modification or decryption. * Akkoma server: All data you sent to the Akkoma server is stored (including, but not limited to: sessions for as long as you don't log out, media (for as long as needed), plaintext posts and user-generated content, profile pictures, and generally decentralised Activitypub protocol events). This data is required for ensuring security and usability of the service and you can delete this data by deleting events yourself and deleting your account. No major logs are stored, except in-memory error logs. * Other services: The Hosters are the ones who are responsible for handling the privacy and logging aspect of them. Ari-web only provides the infrastructure for them, but it is not responsible for anything relating to them, except having the ability to limit, transfer, or terminate access to the said infrastructure. 13. Service Availability Ari-web does not provide any guarantees regarding service availability or uptime. Users and hosts of ari-web services are permitted to assume a maximum of 95% yearly uptime; however, this assumption is not to be construed as a guarantee. The Authoritative party disclaims any liability for service interruptions or downtime, and users acknowledge that they are using the services at their own risk. This statement does not create any contractual obligation or liability on the part of ari-web regarding service performance. You may check the uptime of whole of ari-web at https://status.ari.lt/ which is hosted by https://fsky.io/. 14. Termination, Limitation, and Transfer Ari-web reserves the right to terminate, limit, or transfer services, infrastructure, or general access in certain circumstances, as outlined below: Termination or Limitation of Services: ari-web may terminate or limit services if the Authoritative party deems the service too difficult to control or moderate, or if a constant pattern of violations or one extreme and severe violation is detected. For individuals, services may be terminated without notice if they continue to violate the terms of service or engage in behavior that the Authoritative party considers unacceptable. Such decisions will be based on the Authoritative party's interpretation of this document and their own discretion. Transfer of Services: Ari-web will only transfer access to services in two scenarios: * User-Requested Transfer: Upon proof of identity, a user may request a transfer of their service to another party. * Legal Compliance Transfer: The Authoritative party may be required by law to transfer access to a user's service, with or without notice, to legal authorities. In both cases, the Authoritative party reserves the right to make the final determination regarding the transfer of services based on their interpretation of the law and the circumstances surrounding the request. Users acknowledge and agree that the Authoritative party's decisions regarding service termination, limitation, and transfer are final and not subject to appeal or legal action. 15. Governing law Ari-web and its services are subject to the laws of the United States of America, Lithuania, and Sweden. Users acknowledge that these jurisdictions govern the use of ari-web services and any disputes that may arise in connection with them. This statement is intended to clarify the legal framework applicable to the services offered by ari-web and does not create any binding obligations beyond this acknowledgment. --- By continuing to use ari-web's services, you agree to be bound by these terms and acknowledge the Authoritative party's right to enforce them as needed. This document serves as a general guide for accessing and using ari-web's services and is not intended to be a legally binding contract. You understand and accept that ari-web is not a legal entity or company, but rather a service provided by a random person. As such, the terms outlined in this document are non-binding and subject to change without notice. The Authoritative party reserves the right to enforce these terms as deemed necessary, but makes no guarantees regarding the consistency or enforceability of the policies described herein. Users are advised to use ari-web's services at their own risk and discretion. By continuing to access and use ari-web's services, you signify your understanding and acceptance of these non-binding terms of service. If you do not agree with the terms, you are advised to discontinue using ari-web's services immediately.