Details on our privacy and security approach.
In order to have a functional mataroa.blog account a username and a password are required. An email is also asked as it is the only way for a user to restore their account in case of a forgotten password. However, an email is not required.
A user is able to change their username and password and any other details (eg. email) through their dashboard.
A user is able to export all their data directly and at any point through the export page.
A user is able to completely delete their account and all information related to their account through the dashboard, and then navigating to blog settings, and scrolling all the way down. In this case, the user account will be immediately purged from our primary servers and a month later from our database backups.
We have a strong commitment to never share any user data with any third-parties. The only neccessary exception to this rule is the payment processor we use to accept card payments. That processor is Stripe and the data sent over are card numbers. This enables us to never—not even temporarily—store card details on our servers and benefit from Stripe’s secure, PCI-compliant payment infrastructure.
Please bear in mind that Stripe may also collect other data including:
- IP address
- Browser user agent
- We have a strict Dependency Policy for our top-level code dependencies.
- Our backup retention policy is 30 days.
- We store passwords in a hashed form.
- All data centers we use have an ISO 27001 certification.
All rights under
- via the site
- by emailing email@example.com
- Our servers are operated by Hetzner Online GmbH, an EU company based in Gunzenhausen, Germany.
- The data center we use is HEL1-DC2 and is located in Helsinki, Finland.
- We take daily backups of our database and store it with Scaleway in Paris, France.
- All user passwords are stored SHA256-hashed using PBKDF2.
- We support and require encryption in transit via TLS 1.2 and 1.3.
- We do not implement data encryption at rest.
- Developed publicly on sr.ht and GitHub.
We do not use any cookies for analytics, advertising, preferences, or for any third-party service.
We do use two cookies, one for account authentication (keeping users logged in) and another for security (to prevent CSRF).