Privacy & Security

How We Protect Your Privacy

End-to-End Encryption

All messages are encrypted on your device before transmission using the Matrix protocol's implementation of the Olm and Megolm cryptographic ratchets. Only intended recipients can decrypt messages. We cannot access message content.

Complete Isolation

Each customer receives a dedicated, isolated instance. There is no shared infrastructure, no federation with other servers, and no cross-tenant access. Your data never mingles with other customers' data.

Iceland Hosting

All instances are hosted in Iceland, which has some of the world's strongest data privacy laws. Your data is subject to Icelandic jurisdiction, which provides robust protections against surveillance and data requests.

Minimal Data Collection

We collect only what's necessary to operate your service: account email, billing information, and basic instance metadata. We do not track, analyze, or monetize your usage patterns or communications.

What Data We Store

• Account Information: Email, billing details, instance name
• Instance Data: Encrypted messages, user accounts, uploaded files (all within your isolated environment)
• System Logs: Connection logs, error logs for troubleshooting (retained 30 days)

What We Don't Do

• We don't read your messages (we can't—they're encrypted)
• We don't sell or share your data with third parties
• We don't serve ads or track you for marketing purposes
• We don't analyze your communication patterns or content
• We don't federate with other servers or share metadata

Data Retention & Deletion

Your messages are retained according to your plan's retention period. You can delete messages at any time. If you cancel your service, all instance data is permanently deleted within 7 days unless you request a data export.

Backups

We maintain encrypted backups of your instance for disaster recovery. Backups are stored in geographically separate locations and are encrypted at rest. We cannot access the content of encrypted messages in backups.

Your Rights

You have the right to:

• Export your data at any time
• Request deletion of your instance and all associated data
• Access information about what data we store
• Receive notification of any data breaches affecting your instance

Security Practices

• All connections use TLS encryption
• Systems are regularly updated with security patches
• Each instance runs in isolated containers with resource limits
• We follow security best practices for server hardening
• Optional TOR-only and VPN-only access configurations available

Questions?

For privacy or security questions, email us at privacy@redoubt.systems.