Privacy Policy for Parahub Instance

We, (NIPC 519046161, hereinafter 'Operator', 'we'), managing this Parahub instance (hereinafter 'Service'), are committed to protecting your privacy and digital sovereignty. Parahub is architecturally designed so that users retain full control over their data and cryptographic identity. This Privacy Policy explains what personal data we collect, how we use, process and protect it, as well as your rights regarding your data, in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller

The controller of your personal data is:

2. What Data We Collect and Process

Parahub is designed with a focus on data minimization and user control.

Data you provide directly:

• Account: Your human-readable network alias (HNA, like ), hashed password (if using password authentication).
• Profile: Any information you choose to include in your Parahub profile (e.g., name, description, contacts, skills). You control the visibility of this data.
• Public PGP Key: If you upload or generate one, it will be associated with your profile and available to other users for encrypting messages to you and verifying your signatures.
• Content: Offers, Wants, messages in public or group Matrix chats (if not E2EE), transaction details, reviews, and other content you create on the platform. Messages in E2EE Matrix chats are not accessible to us.
• Web of Trust (WoT): Information about who you have verified and who has verified you.

Data collected automatically:

• System Logs: IP address, browser type, access time, pages visited. This data is used for security, troubleshooting, and service usage analysis (in aggregated and anonymized form where possible). Log retention period: days.
• Session Cookies: To maintain your login session.
• Matrix: Your Matrix User ID () for chat functionality.

Data we do NOT intentionally collect:

• We do not collect sensitive personal data (racial or ethnic origin, political views, religious beliefs, health data, etc.) unless you voluntarily and explicitly include it in public parts of your profile or content.
• Location data is processed with privacy fuzzing (approximate to 100m radius). Precise geolocation is never stored or shared without your explicit consent.
• Cryptographic private keys (PGP) are generated and stored exclusively on your device. The server never has access to your private keys — only public keys are stored. This is a fundamental architectural principle, not a policy choice.

3. Legal Basis for Data Processing (under GDPR)

• Consent (Art. 6(1)(a) GDPR): For processing data you voluntarily provide (e.g., profile completion, content publishing). You may withdraw your consent at any time.
• Contract (Art. 6(1)(b) GDPR): To provide you with the Service and fulfill our obligations under the User Agreement (e.g., authentication, facilitating user communications).
• Legitimate Interests (Art. 6(1)(f) GDPR): For ensuring Service security, fraud prevention, usage analysis for Service improvement, logging.
• Legal Obligations (Art. 6(1)(c) GDPR): If we are required to process data by law.

4. How We Use Your Data

• To provide, support, and improve the Service.
• For authentication and account management.
• To facilitate communication between users (including Matrix chats).
• For the reputation system and Web of Trust functionality.
• To personalize your experience (if you provide relevant data and settings).
• To ensure security and prevent abuse.
• For analysis and statistics (preferably in anonymized form).
• To respond to your inquiries and communicate with you.

5. Data Sharing with Third Parties and Federation

• Federation: Parahub is a federated system. When interacting with users on other Parahub or Matrix instances, some of your public data (HNA, public PGP key, public profile, public content) may be transmitted to those instances.
• Matrix: If this instance uses a Matrix server managed by a third party, or you communicate with users on other Matrix servers, data is transmitted according to the Matrix protocol.
• Legal Requirements: We may disclose your data if required by law or in response to a valid legal request from law enforcement (following applicable procedures).
• We do not sell your personal data.

6. Data Storage and Security

• We implement reasonable technical and organizational measures to protect your personal data from unauthorized access, modification, disclosure, or destruction (e.g., HTTPS, password encryption, regular software updates, restricted data access for staff).
• Data is stored on servers located in the European Union.
• Data retention periods are determined by their purpose and legal requirements. Data is not stored longer than necessary for the purposes for which it was collected. You may request deletion of your data (see Your Rights).

7. Your Rights (under GDPR)

You have the following rights regarding your personal data:

• Right of Access (Art. 15 GDPR): Request information about what data of yours we process.
• Right to Rectification (Art. 16 GDPR): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17 GDPR): Request deletion of your data under certain conditions.
• Right to Restriction of Processing (Art. 18 GDPR): Request restriction of your data processing.
• Right to Data Portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format and transmit it to another controller.
• Right to Object (Art. 21 GDPR): Object to processing of your data based on our legitimate interests.
• Right to Withdraw Consent: If processing is based on consent, you may withdraw it at any time.
• Right to Complaint (Art. 77 GDPR): Lodge a complaint with a data protection supervisory authority.

To exercise these rights, please contact us at .

8. Cookies

We use only session cookies necessary for authentication. We do not use tracking or advertising cookies.

9. Changes to Privacy Policy

We may update this Privacy Policy. We will notify you of significant changes by posting the new version on the Service. We recommend checking this page regularly.

10. Contact Information

If you have questions about this Privacy Policy, please contact us: