Privacy policy

Last update: 2025-01-18

This Privacy Policy explains how pix.grzeca.eu (”pix.grzeca.eu,” “we,” “our,” or “us”) processes, protects, and uses your personal data that may be collected through our website or API. It also outlines your rights regarding access, updates, and deletion of your personal information. This policy applies exclusively to the services provided by pix.grzeca.eu and does not cover the practices of other companies or individuals not affiliated with us.

What information do we collect?

  • Basic account information: If you register on this server, you will be required to provide a username, an email address, and a password. You may also choose to provide additional profile information, such as a display name or a biography, and upload a profile picture or header image. Please note that your username, display name, biography, profile picture, and header image will always be publicly visible.
  • Posts, Following, and Other Public Information: The list of people you follow is publicly visible, and your followers are also publicly listed. When you submit a message, we store the date and time of submission, as well as the application you used. Messages may contain media attachments, such as images. Public and unlisted posts are publicly accessible. When you feature a post on your profile, it becomes publicly available. Your posts are delivered to your followers; in some cases, this means they are transmitted to different servers, where copies may be stored. When you delete a post, a corresponding deletion request is sent to your followers (and potentially to any other servers hosting that post). The action of reblogging (or favoriting) another post is always public.
  • Direct and Followers-Only Posts: All posts are stored and processed on this server. Followers-only posts are delivered to your followers and to any users mentioned in those posts, while direct posts are delivered only to the mentioned users. In some cases, this means the posts may be delivered to other servers, where copies could be stored. We make a good-faith effort to ensure that only authorized recipients have access to these posts, but other servers may not maintain the same standards. Therefore, it is important to review the servers your followers use. You can enable an option in your settings to manually approve or reject new followers. Please be aware that both the operators of this server and any receiving servers may view such messages, and recipients can screenshot, copy, or otherwise redistribute them. We strongly advise against sharing any sensitive information via Vernissage.
  • IPs and other metadata: We do not store IP addresses in our database. However, our hosting provider may collect and retain IP addresses as part of their standard server operations or for security purposes. We may also capture IP addresses in server logs, but we only keep those logs for up to 12 months. Additionally, we do not store user sessions, so session history is not available for review.

What do we use your information for?

Any information we collect from you may be used in the following ways:

  • To provide the core functionality of Vernissage. You can only interact with other people’s content and post your own content when you are logged in. For example, you may follow other people to view their combined posts in your personalized home timeline.
  • To aid moderation of the community. For example, user reports with descriptions can help us provide better service.
  • The email address you provide may be used to send you information, notifications about interactions with your content or messages from other users, and to respond to inquiries or other requests.

How do we protect your information?

We implement a variety of security measures to protect your personal information whenever you enter, submit, or access it. For example, your browser session and all traffic between your devices and the API are encrypted using SSL, and your password is hashed with a robust one-way algorithm. Additionally, you can enable two-factor authentication to further secure your account.

What is our data retention policy?

We store server logs that may include your IP address for up to 12 months, after which they are automatically removed from our systems. You can also request and download an archive of your content - this includes your posts, media attachments, profile picture, and header image.

You may irreversibly delete your account at any time. When you do, we also send a removal request to all other servers known to this application, asking them to delete your account data if it was previously shared with them. However, we cannot guarantee that these servers will comply with the request.

Do we use cookies?

Yes, but only for user session.

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer your personal information to outside parties. However, we may disclose your data if we deem it necessary to comply with the law, enforce our site policies, or protect our rights, property, or safety, as well as the rights, property, or safety of others.

Your public content may be downloaded by other servers in the network. Your public and followers-only posts are delivered to the servers where your followers reside, and direct messages are delivered to the servers of the recipients, provided those followers or recipients are on a different server than this one.

When you authorize an application to use your account, it may access your public profile information, your following list, your followers, your lists, all of your posts, and your favorites, depending on the permissions you grant. However, applications can never access your email address or password.

Machine learning (AI)

Images uploaded by users may be processed using machine learning (AI) to generate descriptions that assist people with disabilities or to create hashtag suggestions. This processing occurs ONLY upon the user’s request when they initiate the appropriate action in the system. We use OpenAI technology for this purpose. According to OpenAI’s assurances, uploaded images are immediately deleted after processing and are not used to train their models. Users retain full control over which images are processed, as the process is initiated solely by their actions. For more details about OpenAI’s data policies, please refer to the official documentation available on OpenAI’s website.

Site usage by children

If this server is in the EU or the EEA: Our site, products, and services are intended for individuals who are at least 16 years old. Under the requirements of the GDPR (General Data Protection Regulation), if you are under 16, you must not use this site.

If this server is in the USA: Our site, products, and services are intended for individuals who are at least 13 years old. Under the requirements of COPPA (Children’s Online Privacy Protection Act), if you are under 13, you must not use this site.

Law requirements can be different if this server is in another jurisdiction.

This document is CC-BY-SA. Originally adapted from the Mastodon privacy policy.