Privacy Policy

TL;DR: MastoMetrics users can opt-in (sign up) to get insights about their activity and interactions on Mastodon. We collect and store only publicly available data about your Mastodon account and posts, and only to provide insights to you alone.

Your responsibility

• Do not use our application if you aren’t interested in historical data and insights into your Mastodon Account.
• Any public posts or profile updates that you publish on your Mastodon Account we consider public information. As a general best practice, do not post (Sensitive) Personal Information about yourself or others. While you explicitly ask us to store your activity, many other systems may track your activity without your consent.
• Request for your account to be deleted if you no longer wish to use MastoMetrics.

Data Collected

When opting-in (signing up) for MastoMetrics we store and collect data about you:

• Your public Mastodon Account / Profile, specifically your username, display name, bio/note, profile links, profile picture and header picture.
• Your public Mastodon posts (including “follower only” posts but excluding “Direct Messages”), specifically the content posted, links, people mentioned and media shared. If you boost a post, we store the same information, in addition to the public profile information of the account you are boosting.
• Metrics and the progression of those metrics about your account and posts, like the number of followers, following and interactions such as favorites, replies and boosts.
• We store the username and individual interactions of people that favorite or boost your posts, or otherwise interact with your account. People that explicitly have set their profile to 'noindex' are excluded. We cache some of their profile data, like their profile picture and display name, in order to decrease the amount of requests made to your instance when displaying data inside MastoMetrics.
• For both your posts and your account, we store a cached version of the ‘raw’ API response in order to regenerate data attributes in the future without burdening your Mastodon instance with new requests.
• We store minimal information about your activity on MastoMetrics, specifically we only store the time you signed up and the last time you logged in.
• We store a read-only API Access Token to your Mastodon Instance so we can import data periodically.
• We may (while not as part of our core data or application) store your browser and IP information, structurally or by accident, in access logs or server proxies. In all of these cases the data is not connected to your Mastodon Account.

For clarity:

• We do not store or require your email address
• We do not store or process any “Direct Messages”, posts explicitly marked as a ‘private’ mention.
• We do not track accounts that don’t sign up for MastoMetrics, except for individual interactions with MastoMetrics users.
• We do not store or track your IP Address, browser or device information in connection to your account.

We store data for as long as you have an account, as providing historic insights is one of the main purposes of our platform. This includes any posts that you may have deleted at a later point, since we do not have a reliable or practical method of detecting deleted posts.

Purposes

We store and collect your data for only the following reasons:

• Provide users, individually, with historical insights on the number and type of interaction their Mastodon profile and posts receive.
• Provide users with insights and helpful tools to enhance their Mastodon experience.
• Occasionally, for the purpose of developing new features for the platform and providing you with support if you interact with us, we may inspect your account and data, granted this only includes the publicly available data about your account.

For clarity:

• We do not provide the data we store for your to anyone else except you.
• We do not run aggregate analytics or data analysis across accounts.
• We do not sell, share or otherwise distribute your data to any 3rd party except for the purposes of hosting and providing the application.

Consent

We only start collecting your data after explicit consent through signing up for MastoMetrics. If signed up and you want to opt-out from processing, you can instantly deleted your account from the MastoMetrics settings.

Alternatively, if you revoke access to the MastoMetrics application from your Mastodon instance account settings, we will no longer be able to collect data from your account. However, your data will remain for 30 days, if we didn't get any new login from you within that timeframe we will also delete all your data.

Third Parties (Vendors)

The following third party organizations are used to host and provide the application and may receive or store the data collected as part of normal operations:

• Application and database hosting: Railway, which itself uses Google Cloud Platform
• Proxying and content delivery: CloudFlare
• Logging and service monitoring: Logsnag

In all cases these 3rd parties only process or access data for the purposes of providing the application to you, and will not use, sell or distribute your data for any other purposes.

Cookies

No tracking cookies are used. The only cookie placed by MastoMetrics is a session cookie while you are logged in to authenticate your web requests.

Location

The Primary location of the data stored is Google Cloud Platform, in region US-West. The legal location or basis of operation for ’MastoMetrics’ is Amsterdam, The Netherlands, Europe.

Security

We follow strong but basic security principles to minimize the risk and exposure of the data we store.

• Minimization - As far as possible, we only store publicly available information.
• Transfer Restriction - Data never leaves the application servers in any form of export or download, except through the normal web application and usage.
• Access Control - Access is limited to the developer and vendors of MastoMetrics, no 3rd parties or individuals get access to the collected data. Access to data is protected through multi-factor login providers.
• Encryption – Data transfer to you and between servers is encrypted using TLS.

GDPR

We respect, embrace and encourage the rights and regulations that the General Data Protection Regulation (GDPR) provides. We intent to implement some of your rights as features in the future (i.e. data portability), in the meantime you can always call on your rights by contacting us.

Changes to our Policy

We expect to make several changes in our Privacy Policy as we continue with the development by adding new features. Changes to our policy will be communicated on our Mastodon Account: @[email protected]

Contact

If you have any worries or concerns about your privacy or feedback to this policy feel free to reach out to @[email protected]

MastoMetrics is developed by Robert van Hoesel in The Netherlands. MastoMetrics is not a formal legal (non-person) entity, but may become one in the future.