April 13th, 2020
This document forms an integral part of the Terms of Services provided by A/I-ODV.
This document sets forth the privacy practices of A/I describing what information we collect, the use we make of such information and the security level we provide for this purpose. We acknowledge and respect your legitimate expectations of privacy concerning any communication or data transiting or stored on our information systems, this is why our work process is structured in order to collect only the minimum possible amount of personal information necessary. We do not sell, provide or rent to third parties any of the data regarding the use of our Services.
A/I is located at the address Corso Italia n.115, Pisa 56125, Italy.
Our organization’s overriding policy is to collect as little user information as possible to ensure a completely private and secure user experience when using the Services, since such information may be used in different ways and against your interest, including activities such as fraud, invasion of privacy, identity theft or others. We also have no technical means to access your encrypted message contents. Our processing of your information is limited to temporarily storing it for you to use.
We retain only the bare minimum of information about each user that is required to make the service work correctly. We do not sell or share any of it. We will not process any of your incoming or outgoing mail other than to protect you from viruses and spam, or when directed to do so by you when directly contacted by you in regard to a problem, in the troubleshooting process.
A/I does not retain or collect any data obtained via client fingerprint, namely the uniquely identifying information that your web browser communicates to all web servers it visits by allowing the site to know details about your operating system, browser information, plugins installed, fonts installed, screen resolution and much more.
We require/provide a username (email address) and a password to identify and authorize the account holder in order to access the services offered by A/I; no personal data is required for this process. A/I merely selects and filters the individuals to whom the Services are delivered by preventively asking to submit a written statement of intents before any account request is approved; the aforementioned statements are always evaluated by an appointee of A/I and deleted right after the approval process is terminated. Any further personal information offered spontaneously by the user will not be stored and preserved if not strictly necessary. Every further communication between A/I and a user will take place through the email address provided by us.
In order to ensure the highest security standards A/I uses only “encrypted by design” servers, meant to protect all data with automated anonymization applied before we start processing it (including IP addresses and other personal data). Even when a user might engage in activities that constitute a breach of our Terms of Services (spamming, DDoS and others), we will only be able to recover from our servers an anonymized IP address possibly relatable to a user’s account but not to a certain physical subject. We store logs of user activity for a period up to 15 days (unless otherwise specified per service). Data regarding users’ activity helps us diagnose software issues, protect security of the systems from intrusion, and monitor the health of the platform.
We use disk encryption on all data to mitigate the risk of data leaks in cases where servers might be stolen, seized, or in any way physically tampered with. We provide and require SSL/TLS encryption on all provided services.
We do not ask for any personal information in order to provide our Services, since an A/I email account is the only identifier a user needs. For the sake of your privacy, we discourage you to use your real name (or other personal identifier, such as a user on another internet provider connected to your real identity) as your username / email address, but we have no way to determine when that is the case or not. We do not require any additional information that is not crucial for operation of the Services (we do not ask for additional email addresses, phone numbers, street address or any other identifier that could correlate your email address to your real identity).
Although A/I does not intentionally collect any sensitive personal information, such as genetic data, health information, sexual preferences and others, we realize that users might store this kind of information in their email account, websites and other part of our platform. If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data.
If you are a visitor of our platform or a user of our Services using a mobile phone, a tablet or a laptop, we collect and use information about you in the same way and for the same purposes in a consistent way, regardless of which device, application, client or browser extensions you use.
Services’ user data is limited to the following:
Visiting A/I’s platform
Whenever you interact with our platform or Services, whether you have an account or not, the automatic exchange of information between your client and our servers will provide us with some non-personal data, including, for example, data relating to the browser you are using (browser type, whether it is a mobile/desktop device, OS version, preferred language), the date and time of your visit and the referring website, but not your IP address. None of the non-personal (meta)data allows the identification of the individual user, as it is not associated with or linked to your personal information.
It is not necessary to provide personal information in order to create an account. All data provided in the request is deleted from our systems 15 days after the request has been successfully granted. We do not ask our users to set a recovery email address and we do not take record of their password in plain text, therefore credentials administration is not under our responsibility. A/I will be able to communicate with the users, if necessary, only through the email created within the registration process.
Your communication with A/I via help tickets for support requests, bug reports or any other issue will be saved by our staff. The content of any help ticket you create or comment on while authenticated will be associated with your user account. We periodically delete old tickets that are solved or closed. We recommend that you refrain from communicating any personal data to us since plain-text email is not a safe media of communication. Help ticket queries and replies will be sent via email.
Session ID and cookies
When you are logged in, we keep a temporary session identifier on your computer that your client software uses to prove your authentication state. This is automatically erased after you log out or if the session expires. We do not use any third party cookies or tracking mechanism of any kind. Users are free to change their cookies preferences at any time in the settings panel of their browser, being able to control which cookies to allow, which cookie to block in the future and also to delete cookies. Some links may take you outside of our digital platform and are beyond our control, redirecting you to other sites that may send their own cookies and collect data or solicit personal information; therefore we do not take any responsibility for your use of third party websites.
Email transit logs
In order to detect abuse of our email services, we keep track of email metadata (message sender and recipient only) for every message that goes through our systems. These logs are retained for 15 days.
Remember that even when using end-to-end PGP encryption for email messages, the email “subject” and routing information can be seen in clear by our servers when the email initially arrives (as well as any other observer on the network); this is due to inherent limitations in the email protocol and in OpenPGP.
Last log in
We keep record of your last successful authentication, so that it is possible for us to disable and delete unused or abandoned accounts.
We keep track of the users’ activity on our Services, but the logs we store never contain any personally identifying information, and do not include information related to activities outside of our platform. A/I uses this data to help diagnose software issues, protect the system from intrusion, and monitor the health of the services. We store anonymized logs of the Services‘ operation for a period up to 15 days, unless otherwise specified.
Data storage and use
Data is stored only inside of the EU or within GDPR abiding countries; we have direct and exclusive access to all the dedicated servers where the data is stored. The processing of data takes place exclusively within EU territory and GDPR abiding countries. Communication between all servers is encrypted with “state of the art” protocols in order to protect any information from unauthorized access, unauthorized alteration, destruction or disclosure of data. We do not use any public cloud providers (as AWS, Google cloud, Digital Ocean or the like).
All the data used by our services is stored in an encrypted format, and only A/I has the keys to decrypt the data. Furthermore, user-specific data (such as content of email messages) is encrypted with keys that are only available to the user and not to the operators / AI staff. We provide and require SSL/TLS encryption on all provided Services. If you have a reason to believe that your interaction with our servers is no longer secure, for example if you think that the security or your account has been compromised, please contact us immediately.
We do not in any way process, analyze your behavior or personal characteristics by profiling users or other similar practices. We do not publish advertisements or have any business relationships with advertisers. A/I does not share, rent or sell any data to any third party. We do not send any marketing related information to our users, also given the fact that we do not sell our Services.
We do not share your data to third parties unless network inter-operatable (federated) services require certain data to function correctly (eg. other service provider needs to know your email address to be able to deliver a service). In those cases, you actively operate the choice and act of sharing the data and we have no way to stop you from doing that. In order to protect your privacy, we discourage you from doing that.
We do not access your data, emails, files etc. stored on our servers unless needed for troubleshooting purposes, or under suspicion of violation of our policy.
In the case of troubleshooting, we ask for your permission previously to the act of accessing your data and inform you afterwards of all actions taken on the account in the transparency report addressed to the account holder.
In the case of suspicion of behavior non-compliant to our policies, we might kindly ask the user to comply or decide to erase an account permanently and without notice: again, users are admitted conditionally to their compliance to our policy and what we judge is their affinity to our Manifesto.
Anonymous, aggregated information that cannot be linked back to an individual user may be made available to experienced researchers for the sole purpose of developing better systems for anonymous and secure communication. For example, we may aggregate information on how many messages on average a group of anonymous users send and receive, and with what frequency.
As stated in our ToS, A/I provides a web statistic tool as part of our Services therefore no other similar tool or analytic is allowed. Our tools and analytics will never collect any personal data. We do not directly use these tools and analytics, but this service is available to all the users that choose to use them.
In order to ensure security of all the data, A/I employs various administrative, technical and physical security measures, however it is your responsibility to exercise caution and reason when using A/I Services. You will be personally responsible if such action violates any third party’s privacy or any other rights. We will not be liable for the consequences of your unjust activities, your deliberate and negligent actions, as well as any circumstances that may not have been reasonably controlled or foreseen.
A/I will disclose user data and any information only if instructed to do so by a fully binding request coming from the competent Italian authorities or other compelling judicial authority; if permitted by law, we will promptly inform the user before any data disclosure if such a situation may arise. Even if we may comply with electronically delivered notices, A/I will consider mandatory any subpoena, court order, warrant or other legal document, but only if notified according to the right procedure and receiving an original copy by registered post or in person, with a contact eligible to receive a formal response. If a request is made for encrypted message content (or any other data that has been encrypted automatically or by the user) that A/I does not possess the ability to decrypt, the fully encrypted information will be turned over. We may from time to time consent to a request if there is a public interest in doing so; but in such situations A/I will not comply with the request until all legal or other remedies have been exhausted. Therefore, not all requests will lead to a data disclosure.
Access to your information
Access to your personal data and stored files and other information you provide to any of the Services offered by A/I is under your control.
We do not access your data, emails, files etc. stored on our servers unless needed for troubleshooting purposes, or under suspicion of breaking our policy. In the case of troubleshooting, we ask for your permission previously to the act of accessing your data and inform you afterwards of all actions taken on the account in the transparency report addressed to account holder.
Some of the Services provided by A/I such as Email and Jabber are operating based on so called Federation Protocols. This enables users signed up at different service providers to interact with each other. Because of the nature of the protocols (ability to send each other messages, share files, chat) some of the data is naturally shared with other entities. However, sharing data with other service provider is the user’s choice and is configured by the users in their settings per service including the decision of with whom and what to share. You may be shown embedded videos and link previews from other websites while using services provided by A/I. This may expose you to web tracking by external services, such as (but not limited to) Facebook, Twitter, and Google. Again, in order to fully protect your privacy, you should hold your A/I account and other accounts separated. If that is not what you intend to do, your A/I email address could become a target of data collection and profiling on other systems that are not under our control and responsibility. All data and files stored on services that are bound to personal information (services that require logging in) are available for you to download for either archival purposes or to transfer to another compatible website.
Please note that no method of transmission over Internet or method of electronic storage is 100% secure, therefore A/I cannot guarantee its absolute security. If you have any question about security on our platform, you can contact us at email@example.com for further information. In the event that personal information is compromised as a breach of security, A/I will promptly notify the user and comply with applicable law.
You can choose to delete your A/I account at any time. You can disable your email account from your user panel. This does not completely delete the mail address from our system (to avoid that someone else could ask for the same address in future). Contact us if you prefer a complete deletion. When the email account is disabled, the mailbox content will be automatically erased within 3 days. Websites, mailing lists and blogs managed by that mail account will remain active, unless you deactivate them personally or require the deactivation to us subsequently to your act of deactivation of your corresponding email account. If you need to remove some personal information from a mailing list public archive or some website/blog hosted on our platform, we kindly ask you to contact us. To ask for deletion of any data, we require that you write to us from the email account connected to that data (we have no other way to verify that you are the actual owner of the data).
Under the General Data Protection Regulation (GDPR) you have certain rights with regard to your personal data, you have the right to request from A/I to inform you about the personal data we have collected about you, to request any change and correction or erasure of inaccurate information, the right to restrict or object to certain processing of your information as well as the right to request us to provide you with a copy of your personal data in a structured, commonly used and machine readable format, and the right to transmit (if technically feasible) your personal data to another controller. If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. However, as explained previously, none of our services require or request that any personal data is delivered to us. Therefore, we have never asked for your consent to process your personal data that is in fact willingly stored by you in your personal user space and not accessed or processed by us in any way other than the pure storage. You can at any time dispose of all the data you have provided to us directly, including downloading and erasing it permanently.
If you disagree with your data processing by A/I, you are free not to use the A/I Services, and to discontinue using them at any time. You may request us to stop processing your information, in which case your data will be processed only as long as it is necessary to effect the interruption of your use of the Services or finalizing other legal position.
A/I will in no case store any data or log longer than 2 years after the last use of the Services.
Besides automatic encryption, no users are subject to decisions based solely on automated processing, including profiling, which may produce legal effects concerning or similarly significantly affecting them.
Without prejudice to any other administrative or judicial procedure, every user shall have the right to lodge a compliant with a supervisory authority, in particular in the European State of his or her habitual residence, place of work or place of alleged infringement if the user believes that A/I have not complied with the requirements of the GDPR with regard to personal data.
AI-ODV is the controller of data for the purposes of the GDPR. If you have any concerns as to how your data is processed you can reach us at firstname.lastname@example.org which is our official contact email.
Changes to this policy
(This is the original version / Translated in: IT)