Methodology

Details on the what and how the mataroa platform is designed to work.

Contents

On Values

• Mission
• Ethics
• Code of Publication
• Comments Moderation
• Business Transparency

On Business

• Account Terms
• Account Data
• Payments
• Refunds
• Liability
• Third-parties

On Maintenance

• Service Availability
• Contact and Support

On Infrastructure

• Open Source
• Infrastructure Policies
• Encryption
• Cookies
• Server Providers
• Acknowledgements

Meta

• Changes

Mission

Mataroa's mission is to provide a space for people to write without distractions and to help them publish in a minimal fashion.

Ethics

We are committed to:

• No tracking of user or visitor behaviour.
• Never sell any user or visitor data.
• No ads — ever.

Code of Publication

Mataroa is designed to be a place for people to voice their thoughts.

However, we do not want to provide a platform for thoughts that are spiteful or malevolent to an individual or a group on account of their race, colour, nationality, sex, disability, religion, or sexual orientation.

Additionally, we want to contribute to a human-focused web, in contrast to a bot-focused web. Specifically, low quality content not designed to be read by humans is now allowed and will be deleted upon discovery.

Comments Moderation

We enable blog authors to filter, review, approve, and delete the comments they receive from their users.

Business Transparency

We aim to be transparent. We maintain a Business Transparency page with data on our revenue and costs.

Account Terms

The user is responsible for all content posted and all actions performed with their account.

The user is responsible for maintaining the security of their account and password.

We reserve the right to disable or delete a user's account for any reason at any time. We have this clause because, statistically speaking, there will be people trying to do something nefarious.

We do not require an email address to register an account. However, it is the only way for us to contact a user in cases of any service update or account access restoration. For this reason, having an email registered is very useful.

Account Data

In order to have a functional mataroa.blog account a username and a password are required. An email is also asked as it is the only way for a user to restore their account in case of a forgotten password. However, an email is not required.

A user is able to change their username and password and any other details (eg. email) through their dashboard.

A user is able to export all their data directly and at any point through the export page.

A user is able to completely delete their account and all information related to their account through the dashboard, and then navigating to blog settings, and scrolling all the way down. In this case, the user account will be immediately purged from our primary servers and 20 days later from our database backups.

Payments

We offer a Premium Plan of our service which requires payment. If a user opts for the Premium Plan they are billed immediately for the next one year term, and automatically billed every year unless cancelled.

We accept card payments through Stripe, but if one is not fond of this method we support alternatives. Please, email admin@mataroa.blog for and with details.

We also fund CO₂ removal from the atmosphere using 5% of our subscription revenue through Stripe Climate.

Refunds

We wouldn’t want to cause unhappiness. Any dissatisfied with our service user can ask—and most probably get—a refund at admin@mataroa.blog.

Liability

The user expressly understands and agrees that Zermelo Fraenkel LTD, the operators of this website shall not be liable, in law or in equity, to them or to any third party for any direct, indirect, incidental, lost profits, special, consequential, punitive or exemplary damages.

Third-parties

We have a strong commitment to never share any user data with any third-parties. The only neccessary exception to this rule is the payment processor we use to accept card payments. That processor is Stripe and the data sent over are card numbers. This enables us to never—not even temporarily—store card details on our servers and benefit from Stripe’s secure, PCI-compliant payment infrastructure.

Please bear in mind that Stripe may also collect other data, such as IP address and browser user agent.

Service Availability

We provide the mataroa.blog service on an “as is” and “as available” basis. We do not offer service-level agreements—but do take uptime seriously. You can find a record of outages on our blog at hey.mataroa.blog.

Contact and Support

Email us at admin@mataroa.blog with any queries.

Open Source

We have a creed to write free software. Mataroa is developed publicly on GitHub and sr.ht.

There is no backlog or roadmap or issue/ticket system for mataroa projects.

We use a mailing list and GitHub Issues for bug tracking and other discussions.

Infrastructure Policies

• We maintain a Dependency Policy for all our top-level code dependencies.
• We take daily backups of our database.
• Our backup retention policy is 20 days.
• We test our backups every 6 months.
• All passwords are stored in a hashed form.
• All data centers we use have an ISO 27001 certification.
• All rights under GDPR are exercisable:
  • via the site
  • by emailing admin@mataroa.blog

Encryption

• All user passwords are stored SHA256-hashed using PBKDF2.
• We support and require encryption in transit via TLS 1.2 and 1.3.
• We do not implement data encryption at rest.

Cookies

We do not use any cookies for analytics, advertising, preferences, or for any third-party service.

We do use two cookies, one for account authentication (keeping users logged in) and another for security (to prevent CSRF).

Server Providers

• Our servers are operated by Hetzner Online GmbH, an EU company based in Gunzenhausen, Germany.
• The main data center we use is HEL1-DC2 and is located in Helsinki, Finland.
• We store backups with Scaleway in Paris, France.

Acknowledgements

Mataroa was inspired by Bear Blog, another minimal blogging platform.

Mataroa is built using many existing open source technologies, which we deeply appreciate and want to thank for their beyond stellar work.

In somewhat particular order but not of importance:

• The Django Project, community, and the Django Software Foundation.
• The PostgreSQL community.
• The psycopg team.
• The Caddy community.
• The contributors of markdown, pygments, bleach packages.
• and of course the creators and contributors of Python, Ubuntu, Debian, Linux kernel, Bash, GNU Project, rclone, Let’s Encrypt, C, Git, vim, and the list is never ending...

Changes

Maybe we’ll change our minds for some of these statements. In cases of major changes, users with an email to their account will receive a notice 14 days prior.