Privacy Policy

Last Updated: July 19, 2025

Your privacy is important to us. This Privacy Policy describes the types of data we collect, how it is used, and your rights regarding your personal information.

1. Data We Collect

When using the official Project Mesa server or client, we may process:

  • IP addresses and connection metadata;
  • Timestamps and protocol headers;
  • No message contents (due to end-to-end encryption).

2. End-to-End Encryption

Messages are encrypted client-side. Neither we nor any federated servers can access the plaintext contents of your communications.

3. Use of Data

We use limited metadata to:

  • Operate and maintain service infrastructure;
  • Prevent abuse or malicious behavior;
  • Ensure performance and security.

We do not sell or share personal data with third parties for marketing purposes.

4. Infrastructure & Hosting

We use Cloudflare for DDoS protection, HTTPS termination, and edge caching of our infrastructure. As part of this, Cloudflare may temporarily process your IP address and request metadata to ensure network security and availability.

Our web services and federation endpoints are hosted behind Cloudflare.

5. Analytics

We use Cloudflare Insights to gather basic, privacy-respecting usage statistics about our website. This includes:

  • Page views and aggregated visit data;
  • Browser type and device category;
  • Approximate location (region-level only).

Cloudflare Insights is GDPR-compliant and does not use cookies or track you across other websites.

6. Self-Hosted Servers

Federated servers are independently operated. If you connect to a third-party server, this policy does not apply to their data practices. Server operators are responsible for their own privacy disclosures.

7. Data Retention

Connection logs are stored temporarily for abuse prevention and debugging. We retain data only as long as necessary for operational purposes.

8. Your Rights

You may contact us to:

  • Request deletion of metadata associated with your account;
  • Ask questions about how your data is handled.

9. GDPR and CCPA Compliance

We respect the privacy rights of all users, including those under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

If you are a resident of the EU/EEA or California, you have the right to:

  • Access the personal data we process about you;
  • Request correction or deletion of your personal data;
  • Request information about how your data is used;
  • Object to or restrict certain types of processing;
  • Request portability of your data (EU/EEA only).

We do not sell personal data. We also do not offer financial incentives for data collection.

To exercise your rights, please contact us at admin@projectmesa.qzz.io. We will respond within the timeframes required by law.

10. Policy Updates

We may revise this Privacy Policy periodically. Material changes will be posted with a revised effective date.

11. Contact

For data inquiries or privacy concerns, contact us at: admin@projectmesa.qzz.io