Privacy Policy

Overview

Geekdom.social is a community of people who have a passion for one or more specific topics and would like to share their enthusiasm and expertise with others. You can reach us at team@geekdom.social if you have any questions, need to submit a data subject request, want to tell us we’re wrong, or otherwise have thoughts. We’re also obviously reachable on here as @team@geekdom.social.

Cookies

Geekdom.social stores a session-based cookie mastodonsession with an identifier in the browser of unregistered and registered users until the browser is closed. This is done to ensure a secure (https) connection and allow general functionality on the site.

For registered users, the cookie sessionid stores your logged in status until you logout. This cookie is stored for a year. These cookies are strictly necessary for the site to function properly.

Geekdom.social will also store push notification, popups & redirect preferences if you consent (by clicking Allow/Accept). You can disable these by clicking on the padlock icon at the top of your browser and deselecting these features.

Geekdom.social as a Controller

Under the General Data Protection Regulation (GDPR), Geekdom.social acts as a controller of your personal data in the following cases:

• if you visit the Geekdom.social website
• if you register or sign up for an account on Geekdom.social and use the service (registered users)
• if you submit feedback to team@geekdom.social or @team@geekdom.social.

When you post content publicly, it is visible to other users, including users outside of Geekdom.social. Unless you limit your post (i.e., by only sharing with people on this server), we don’t have any control over what other users or instance admins do with your post. We’re neither controllers or processors (legally speaking) in that case.

What types of personal data are processed?

We process the following types of personal data:

• Registered user information: email address, user ID, password, IP address, metadata, subscriptions, and server preferences.
• Profile information: profile picture, bio, profile metadata/hashtags (which may infer details about our users).
• Follower and following information: For registered users on Geekdom.social, this includes information about the user’s followers and who the user is following. In some cases, this information may include the name, email/contact information (if provided), instance ID, and other profile information as well as publicly-shared posts of follower/following users.
• Content: Posts/toots, DMs, likes, & boosts that are accessible via ActivityPub.
• Website Visitors: IP address, metadata.
• Metadata: Information about the terminal or machine used to connect to Geekdom.social, your machine’s operating system, display resolution, web browser and browser version, date of access to the website, and details your logged-in sessions. If you email us, we may also see email header information.

Note: Mods do have the power to read your DMs, because DMs are recorded in our logs, and we have access to the database. If you follow the server rules, we can happily avoid reading your DMs.

Just to be safe, avoid sharing sensitive information via DMs. Use Signal, Threema, or some other encrypted channel.

Purposes for processing data

Personal data noted above is processed because otherwise the service doesn’t really work.

• Registered user information is necessary to provision and administer accounts.
• Profile information is provided by you and can be as much or as little as you desire. The same goes for follower/following information and content. If you include special category data in your profile information, such as details about your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or health information, or details about your sexual orientation or sex life, you are, legally-speaking, manifestly making this information public, which is a very lawyerly way of saying “it’s on you.”
• IP address and other machine identifiers are collected by default in Mastodon, presumably for the purposes of allowing mods to block/disable access to instances, to render the site properly on different devices, and because that is how the internet generally works.

Because the Fediverse (including other instances of Mastodon, and related platforms) is, in effect, a bunch of databases sharing data with one another, personal data is stored in databases (both a Postgres database we control on Fediversed.com, and other databases controlled by other instance admins).

Some information (such as user access, registration, errors, etc.) are also stored in separate Linux system logs (systemd), which are also maintained on Fediversed.com. These logs serve the purpose of maintenance and security of the server, and are rotated every 7 days.

Legal basis for processing data

We rely on consent obtained by the user’s (third-party) ActivityPub service for processing follower information, posts, DMs, likes, & boosts. We also rely on your consent if you create an account, update your profile, post, contact us via the team@geekdom.social email address, or follow users on this instance.

In the unlikely event that you do something that violates the site rules, we rely on legitimate interests for subsequent processing (i.e., account suspension, deletion, or if necessary, reporting to authorities). If we are served with a legal order requiring us to provide information relating to you in connection with suspected or alleged misuse of the service, and we comply with that order, our lawful basis will be necessity to comply with a legal obligation.

Please don’t let it come to that.

We rely on contractual necessity and legitimate interests to host this instance and deal with emails. We have agreements in place with freistil IT Ltd for hosting, and Sendgrid.com for email.

Retaining your data

In the Preferences section of your account, you can set an automatic deletion period for your posts, likes, and boosts. This will delete posts from your home instance. However, if your posts have been copied, liked, or boosted by other users onto other instances, your deletion preferences may not always be honored. That’s a technical limitation of the Fediverse and something admins can’t control.

Similarly, if you have a DM conversation with a user on another instance, and you delete your DM records, this does not delete the record of the conversation held by the other user.

The Geekdom.social server attempts to delete content stored in logs automatically after 7 days, to make optimal use of server space.

At the moment, we have no plans to disable accounts after a period of inactivity, so if you create an account here, it will remain on our server until:

• you choose to delete it;
• we delete the account manually;
• we delete the instance;
• something really bad happens (freistil IT goes out of business, thermonuclear war, the heat death of the universe, etc.)

Exercising your rights

You have the right to request access to and rectification or erasure of personal data. You can also ask us to restrict processing or object to processing (to the extent that’s possible).

To contact us, including to exercise your rights, please send an email to team@geekdom.social.

You can also change your profile information directly at any time by going to Settings -> Profile and making changes there.

In terms of the right of portability, you can download your data as .json and .csv files by going to Settings –> Import/Export –> Data Export and downloading your data. It’s probably a good idea to do this generally, BTW.

You also have the right to lodge a complaint with a Supervisory Authority. As a controller, the Lead Supervisory Authority for Geekdom.social is the Data Protection Commission of Ireland. You can find more information about lodging a complaint with the DPC on their website.

Security

Personal data processed by Geekdom.social is accessible to [Details of your access]. In addition to limited access, the following additional security measures are in place:

• strong, robust identity management & authentication, including 2FA for our hosted instance and email;
• reasonable security hardening of Postgres and the Mastodon instance itself;
• daily, redundant backups of instance data;
• encryption in transit (TLS 1.3, via LetsEncrypt);
• data processing agreements in place with our sub-processors.

We rely on assurances provided by sub-processors regarding their own technical and organisational measures. Details on sub-processor controls can be requested via email.

Transfers Outside of the EU

By posting, your profile information and your content is available globally, so please think twice before posting anything personal, and especially before posting the personal data of anyone else!