Modus Operandi

Details on the what and how of our mode of operation.

Contents

Values

• Purpose
• Ethics
• Code of Content Publication
• Comments Moderation
• Transparency

Business

• Account Terms
• Account Data
• Payments
• Refunds
• Liability
• Third-parties

Maintenance

• Service Availability
• Contact and Support

Infrastructure

• Open Source
• Infrastructure Policies
• Encryption
• Cookies
• Server Providers
• Acknowledgements

Meta

• Changes

Purpose

mataroa.blog exists to enable people to have their own voice on the web without needing to rely on the platforms and infrastructure of the most powerful.

We want to do that by empowering personal independent blogs.

Ethics

We are committed to:

• No tracking of user or visitor behaviour.
• Never sell any user or visitor data.
• No ads — ever.

Code of Content Publication

Mataroa is designed to be a place for people to voice their thoughts.

However, we do not want to provide a platform for thoughts that are spiteful or malevolent to an individual or a group on account of their race, colour, nationality, sex, disability, religion, or sexual orientation.

Additionally, we do not want to contribute to the current state of the web, which is ridden with ads, SEO tricks, and bot content. This includes blogs with extremely low quality content that is designed to serve as marketing for a specific shop or professional. Eg: a blog named "Dentist in London" which contains a post titled "How to find the best dentist", which itself contains a few paragraphs of random advice and a link to one specific dentist in London.

Any blogs found that match the above descriptions will be immediately deleted, with an final markdown export emailed to the blog author (in case they have an email on their account), and a notice of why their blog was deleted.

Comments Moderation

Comments in mataroa are filtered and reviewed by blog authors.

Transparency

We aim to be as transparent as possible. We maintain a Modus Transparency page with recent statistics about users, posts, costs.

Account Terms

• The user is responsible for all content posted and all actions performed with their account.
• The user is responsible for maintaining the security of their account and password.
• We reserve the right to disable or delete a user's account for any reason at any time. We have this clause because, statistically speaking, there will be people trying to do something nefarious.
• We do not require an email address to register an account. However, it is the only way for us to contact a user in cases of any service update or account access restoration. For this reason, having an email registered is very useful.

Account Data

In order to have a functional mataroa.blog account a username and a password are required. An email is also asked as it is the only way for a user to restore their account in case of a forgotten password. However, an email is not required.

A user is able to change their username and password and any other details (eg. email) through their dashboard.

A user is able to export all their data directly and at any point through the export page.

A user is able to completely delete their account and all information related to their account through the dashboard, and then navigating to blog settings, and scrolling all the way down. In this case, the user account will be immediately purged from our primary servers and 20 days later from our database backups.

Payments

We offer a Premium Plan of our service which requires payment. If a user opts for the Premium Plan they are billed immediately for the next one year term, and automatically billed every year unless cancelled.

We accept card payments through Stripe, but if one is not fond of this method we support alternatives. Please, email admin@mataroa.blog for and with details.

We also fund CO₂ removal from the atmosphere using 5% of our subscription revenue through Stripe Climate.

Refunds

We wouldn’t want to cause unhappiness. Any dissatisfied with our service user can ask—and most probably get—a refund at admin@mataroa.blog.

Liability

The user expressly understands and agrees that Zermelo Fraenkel LTD, the operators of this website shall not be liable, in law or in equity, to them or to any third party for any direct, indirect, incidental, lost profits, special, consequential, punitive or exemplary damages.

Third-parties

We have a strong commitment to never share any user data with any third-parties. The only neccessary exception to this rule is the payment processor we use to accept card payments. That processor is Stripe and the data sent over are card numbers. This enables us to never—not even temporarily—store card details on our servers and benefit from Stripe’s secure, PCI-compliant payment infrastructure.

Please bear in mind that Stripe may also collect other data, such as IP address and browser user agent.

Service Availability

We provide the mataroa.blog service on an “as is” and “as available” basis. We do not offer service-level agreements—but do take uptime seriously. You can find a record of outages at status.mataroa.blog.

Contact and Support

Email us at admin@mataroa.blog with any queries.

Open Source

We have a creed to write open source software. Mataroa is developed publicly on sr.ht and GitHub.

There is no backlog or roadmap or issue/ticket system for mataroa projects.

We use a mailing list and GitHub Issues for bug tracking and other discussions.

Infrastructure Policies

• We maintain a Dependency Policy for all our top-level code dependencies.
• We take daily backups of our database.
• Our backup retention policy is 20 days.
• We test our backups every 6 months.
• All passwords are stored in a hashed form.
• All data centers we use have an ISO 27001 certification.
• All rights under GDPR are exercisable:
  • via the site
  • by emailing admin@mataroa.blog

Encryption

• All user passwords are stored SHA256-hashed using PBKDF2.
• We support and require encryption in transit via TLS 1.2 and 1.3.
• We do not implement data encryption at rest.

Cookies

We do not use any cookies for analytics, advertising, preferences, or for any third-party service.

We do use two cookies, one for account authentication (keeping users logged in) and another for security (to prevent CSRF).

Server Providers

• Our servers are operated by Hetzner Online GmbH, an EU company based in Gunzenhausen, Germany.
• The main data center we use is HEL1-DC2 and is located in Helsinki, Finland.
• We store backups with Scaleway in Paris, France.

Acknowledgements

Mataroa was inspired by Bear Blog, another minimal blogging platform.

Mataroa is built using many existing open source technologies, which we deeply appreciate and want to thank for their beyond stellar work.

In somewhat particular order but not of importance:

• The Django Project, community, and the Django Software Foundation.
• The PostgreSQL community.
• The psycopg team.
• Unbit and the uWSGI community.
• The Caddy community.
• The contributors of markdown, pygments, bleach packages.
• and of course the creators and contributors of Python, Ubuntu, Debian, Linux kernel, Bash, GNU Project, MinIO, Let’s Encrypt, C, Git, vim, and the list is never ending...

Changes

Maybe we’ll change our minds for some of these statements. In cases of major changes, users with an email to their account will receive a notice 14 days prior.