patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
sojorn/PRIVACY.md
Patrick Britton 2f21c3d9a6 license: switch from BSL 1.1 to AGPL-3.0 
- Replace LICENSE file with GNU Affero General Public License v3.0
- Update PRIVACY.md to reference new license
- Add *.ps1 to .gitignore
2026-02-17 00:12:56 -06:00

145 lines
7.2 KiB
Markdown
Raw Blame History

# Sojorn — Privacy & Data Sovereignty
**Effective Date:** February 12, 2026
**Last Updated:** February 12, 2026
**Operator:** MPLS LLC
---
## Our Philosophy: Privacy as a Sanctuary
Profiting from surveillance is strictly against our principles. We reject the "attention economy" model entirely.
Most social platforms treat your data as their product. They harvest your posts, your photos, your location, your relationships, and your attention — then sell access to the highest bidder. We built Sojorn to prove that a social network can exist without any of that.
**Sojorn is a walled garden where your data is not a commodity.** We are groundskeepers of this space — not owners of what grows in it.
---
## 1. Data Sovereignty
We do not sell your data. We do not license your data. We do not provide your data to third-party analytics, advertising, or data brokerage firms. Your content is not indexed on public search engines. Sojorn is a private community designed to protect your posts and identity from the extractivist economy.
## 2. What We Collect
We collect only what is technically necessary to operate the Service:
| Data | Purpose | Retention |
|---|---|---|
| **Email address** | Authentication, critical account notifications | Until account deletion |
| **Birth month & year** | Age verification (16+ requirement) | Until account deletion |
| **Display name & handle** | Profile identity within the network | Until account deletion |
| **Content you create** | Posts, comments, images, video — displayed to your chosen audience | Until you delete it |
| **Approximate location** (Beacons only) | Community safety incident reporting | Ephemeral — not stored permanently |
| **Device push tokens** | Delivering notifications you have opted into | Until account deletion or token refresh |
We do **not** collect:
- Precise GPS location outside of Beacons
- Contact lists or phone books
- Browsing history outside of Sojorn
- Biometric data
- Financial information
## 3. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| **Firebase** | Authentication, push notifications | Email, device token |
| **Cloudflare R2** | Media file storage (images, video) | Uploaded media files |
| **SendPulse** | Newsletter delivery (opt-in only) | Email address |
| **OpenAI / Google Vision** | Content moderation (hate speech, violence detection) | Text snippets and image URLs of public posts only |
We do **not** use third-party tracking pixels, cross-site cookies, behavioral analytics, or advertising SDKs.
### AI Moderation Disclosure
Public posts may be analyzed by AI moderation systems to detect policy violations (hate speech, violence, spam, NSFW content). This analysis:
- Is performed only on content you post publicly or within groups.
- Does **not** apply to end-to-end encrypted messages or capsule content.
- Does **not** train AI models on your content — we use pre-trained safety classifiers only.
- Is subject to human review before permanent moderation action.
- Produces an audit trail visible to administrators for accountability.
## 4. Zero-Knowledge Encryption
Private messages and encrypted capsule content are protected by end-to-end encryption (E2EE) using keys generated on your device. Your encryption keys are wrapped with a passphrase only you know and stored as an opaque encrypted blob on our servers. **We cannot decrypt your private content.** We cannot comply with requests to produce content we cannot read.
## 5. Your Right to Vanish
You have the absolute right to delete your account and all associated data at any time.
When you delete content or your account, we perform **hard deletes**:
- Database records are permanently removed (not soft-deleted).
- Media files (images, video) are permanently removed from storage buckets.
- Encryption key backups are permanently removed.
- We do not retain shadow copies, hidden archives, or behavioral profiles.
When you leave, you leave.
## 6. Anti-Extraction Commitment
MPLS LLC will never:
- Use your content to train artificial intelligence or machine learning models.
- Sell, license, or share your content with data brokers or advertisers.
- Build advertising or behavioral profiles from your activity.
- Provide "data partnerships" or "audience insights" products derived from your content.
## 7. Right to Livelihood
If MPLS LLC ever wishes to feature your content in promotional materials outside of the Sojorn app interface, we must contact you directly, offer financial compensation, and receive your explicit written consent. See Section 4.5 of our [Terms of Service](https://sojorn.net/terms) for full details.
## 8. Anti-Scraping
We actively defend against unauthorized commercial harvesting of user content through rate limiting, authentication requirements, and automated abuse detection. Unauthorized scraping of Sojorn content is a violation of these Terms and may be pursued under the Computer Fraud and Abuse Act (CFAA).
## 9. Law Enforcement
We will comply with valid legal process (court orders, subpoenas) as required by law. However:
- We will notify affected users unless legally prohibited from doing so.
- We cannot produce end-to-end encrypted content (we do not have the keys).
- We will challenge overbroad or legally deficient requests.
- We will publish a transparency report annually documenting any government data requests received.
## 10. Children's Privacy
Sojorn is not intended for users under 16. We do not knowingly collect data from children. If we discover that a user is under 16, we will delete their account and all associated data.
## 11. International Users
Sojorn is operated by MPLS LLC from the United States. If you are accessing the Service from the European Union, your data is processed in the United States. We apply the same privacy protections to all users regardless of jurisdiction.
## 12. Changes to This Policy
We will notify registered users via email and in-app notification of any material changes to this Privacy Policy at least 30 days before they take effect.
## 13. Contact
For privacy concerns: [privacy@sojorn.net](mailto:privacy@sojorn.net)
For legal inquiries: [legal@mp.ls](mailto:legal@mp.ls)
---
## Why We Chose This Model
### Right Livelihood for Creators
Our source code is published under the [GNU Affero General Public License v3.0](./LICENSE). We share our code so that users, security researchers, and the public can verify that we honor every commitment in this document. We chose this license because it ensures that all modifications — including those running on network servers — remain open and available to the community.
We call this **Right Livelihood for Creators** — we share our work for your safety, and we protect user freedom so we can remain independent and never need to monetize your attention or your data.
### Privacy as a Sanctuary
Every technical decision we make is measured against a simple question: *Does this protect or erode the sanctuary?*
- We chose E2EE for private messages — because a sanctuary has walls.
- We chose hard deletes — because a sanctuary does not hoard what you discard.
- We chose AI moderation with human review — because a sanctuary has guardians, not surveillance cameras.
- We chose no advertising SDK — because a sanctuary is not a billboard.
**MPLS LLC — Groundskeepers, not owners.**
Reference in a new issue View git blame Copy permalink