Snikket Service Privacy Policy

This document is a draft privacy policy that outlines the data that is stored by a standard Snikket server. The Snikket server software is open-source and may be run freely by anybody. It may also be customized.

If you are a user of a Snikket service, please confirm with your Snikket service operator what privacy policy is applicable to your use of their service.

What information does a Snikket service collect?

Basic account information

When you create an account on this service, your username will be stored, along with a hashed version of your password.

You may additionally provide a profile picture (avatar) and display name. These will be shared with other users on the network so they may identify you. You can control visibility of this information in the profile section of the {{SNIKKET_DOMAIN}} website.

Contacts that you add within the app will be stored in your contact list on the {{SNIKKET_DOMAIN}} server. This is so that the server can identify who you have permitted to view your online status, profile and other information, and to synchronize your Snikket contacts if you have multiple apps or devices.

Messages

When you send or receive a message on Snikket, we store this temporarily in your personal “message archive” on {{SNIKKET_DOMAIN}}. The purpose of your message archive is to enable an app you use with your account to “catch up” on recent conversations. This allows Snikket to:

  • ensure delivery of messages even if you are temporarily offline or experiencing connectivity issues, and
  • allow synchronization of messages across multiple devices and apps that you may use.

The data stored for each entry in the message archive is:

  • A unique identifier for the message
  • The time and date that the message was sent/received
  • The sender and recipient of the message
  • The message contents (encrypted according to your app’s settings)

Entries in the message archive are stored for a minimum of {{RETENTION}} days. The server will routinely erase all entries after they have been in the archive for this amount of time.

We encourage the use of encryption of your message contents, as is the default within the Snikket app.

Uploaded files

You may also use the server to upload files (including images and videos) within your conversations. These files will remain on the server for a minimum of {{RETENTION}} days. This allows your contacts time to retrieve the file, even if they are offline. Similarly to message archives, the server will routinely erase files beyond this age.

Uploaded files are assigned a long random identifier which is included in the link to the file. This ensures your files can only be viewed by people you share the link with.

The server will store the following information for every shared file:

  • A unique identifier
  • The time and date that the file was uploaded
  • The file name
  • The file size
  • The file type (as reported by the app)
  • The file contents (encrypted according to your app’s settings)

The Snikket app will automatically encrypt file contents when sharing a file within an encrypted conversation.

Once you share a file with a contact, understand that the contact may store a copy of the file on their device that is beyond our control and may remain even after the file is removed from {{SNIKKET_DOMAIN}}.

Access and network information

The Snikket server may record the time and general location from which you connect to your account or perform certain security-related actions such as changing your password.

This is to help identify unauthorized access to your account, and detect when your account becomes inactive for administrative purposes (for example, so that it may be erased when no longer needed).

Cookies

When you access your account through the {{SNIKKET_DOMAIN}} website, one or more small pieces of data known as “cookies” may be stored in your web browser. These essential cookies allow us to securely identify your browser as you move between different pages on {{SNIKKET_DOMAIN}} and therefore protect your account. The cookies are not shared with third-parties or used for tracking, advertising or any such purposes.