Masto.host is a service single-handedly provided by Hugo Gameiro. This is a personal project that aims to help make running a Mastodon instance easily accessible.
I only request and save information that is absolutely essential for me to offer the services provided in Masto.host.
The only information I request and/or store is:
- the email addresses of instance owners, that they provide when requesting the subscription of a plan
- the PayPal email address that I receive whenever I receive a payment
- the domain/subdomain used for the instance
- the email communications between me and the owners of the instances
That information is only processed by me and stored on both a spreadsheet on my computer and the firstname.lastname@example.org email account.
I use that information to keep track of Masto.host active and cancelled instances and at any time you may request that I delete/anonymise that information from my records.
This information is private and never shared with anyone and it will never be used to any other purpose than to provide you the service you subscribed to. There is no newsletter and you will only be contacted by me if something important and specific needs to be communicated related to your service. I don’t do email marketing, period.
As GDPR requires that a DPO (Data Protection Officer) be named, obviously the DPO for Masto.host is me (Hugo Gameiro).
To illustrate the data flow of Masto.host, I will explain how I have things setup:
When you fill in the form to subscribe to a plan and press save, the server creates and saves a new file with the information submitted + your IP address + a random order ID. That file will be used after I receive an email from PayPal confirming a payment to know who made the payment are and what domain you want to use for the Mastodon installation.
All information is pretty much stored in the email account and a couple of spreadsheets where I copy paste your email address, PayPal email address, domain used for the instance, date of registration/cancellation and some other server details (redis-server number, internal usernames, etc) that are just technical to keep track of how each instance is running. Also, the spreadsheet keeps a record of all payments received and done related to Masto.host.
The email account for Masto.host where all communication is saved is a GSuite email account and secured behind a large unique password and two step authentication.
My computers and devices are all encrypted, with passwords required to access, two step authentication, remote deletes enabled and always up to date, without a single software that isn’t fully licensed and that receives continuous updates.
Masto.host website doesn’t use tracking cookies and the server that runs it is kept up to date using cPanel, CloudLinux and maintained by me.
This is really all the personal information I store and use to run Masto.host.
Privacy of the Hosting Service
When it comes to the hosting service in itself, I am a Data Processor. Meaning, I process the data that the owners of instance (that are the Data Controllers) request of me and that I assume have permission to do so.
As a data processor, I employ the best security that I know of to keep the data private, namely keeping the servers and software up to date and servers can only be remotely accessed using my private key that only I have access to.
Also, you can be sure that I don’t go through the data stored in instances databases, logs or any form of media (images/videos). I will only do so when explicitly asked by the owner, when necessary due to a technical issue, if I suspect some illegal activity or some abuse of the system is happening.
Although it never happened, you should also know that I will obviously give access to an instance data to authorities if a legal warrant is presented to me that requires that I provide access to that data. Again, this never happened and I will disclose if a case like that ever happens.
MailGun handles all notification emails for the instances hosted on Masto.host, unless requested otherwise by the owner of the instance.
CloudFlare provides CDN (Content Delivery Network) for media files. The usage of a CDN is intended to improve load times on media files, especially for users not in Europe. If you don't need or want a CDN (or to use CloudFlare) just request it and I will serve media files directly from OVH/France or you can use your own CDN.
ClouDNS provides DNS hosting for the Masto.host domain.
OVH is the provider of server rental and data center infrastructure.
Instances and the data associated with them are stored in OVH data centers. The shared hosting infrastructure is stored in France and unless requested otherwise by the owner of a dedicated instance, the same applies to dedicated servers.
As a Data Controller (owner of the instance) and/or user of an instance hosted on Masto.host, you should know that Mastodon was not build to communicate private information and that data stored by Mastodon is currently not encrypted (with the exception of the users passwords). You should not store private information on any Mastodon instance. Remember that if a data breach occurs you should expect all stored information to be fully accessible.
In the event of a data breach I will report it without “undue delay” to all owners of instances involved.
All instances hosted by Masto.host use Mastodon software that provides each user access to their personal information, where they can download an archive of it or change/delete it.
After information is deleted from a user in a Mastodon instance hosted in Masto.host the data is immediately removed from the servers.
The only data that is stored in Masto.host servers, not generated by the Mastodon software, and that could contain a form of personal identifiable information (IP addresses) is an access log containing the IP address of the requests made to the servers. These logs are auto deleted in less than 90 days.
At any time, any instance owner can request a backup to move the instance to another service and/or request for the instance and all information to be deleted.
Each instance owner is responsible to inform and ask for consent from the users to store and process their information.
Rights of the data subject
Although you use my services as a Data Controller, by hiring me to provide this service, you also have rights as a data subject. As such, you are entitled to require the exercise of the following rights:
This right allows you to know if your data is being processed or not. When they are being processed, you can inquire about the purpose of the processing, categories of the data being processed, who is accessing your data and what is the conservation deadline.
Right to rectification (article 16 GDPR)
By exercising this right, you can ask that your data is rectified/corrected when the personal data is inaccurate.
Right to erasure (‘right to be forgotten’) (article 17 GDPR)
You can ask to be forgotten in the following conditions:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you want to withdraw consent on which the processing is based on, and there is no other legal ground for the processing;
- you object to the processing pursuant exercising your right to object and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
Right to restriction of processing (article 18 GDPR)
You can ask that I restrain the processing of your data if:
- you contest the accuracy of your personal data, and you can ask for the restriction of processing while I verify the accuracy of the personal data;
- the processing is unlawful, and you oppose to the erasure of the personal data and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims;
- you objected to the processing (article 21(1)), and verification is pending the in whether our legitimate grounds override those of the data subject.
Right to data portability (article 20 GDPR)
This right allows you to ask me that your data can be transferred to you or to a service of your choosing.
You can only exercise this right when the data is processed with a legal basis on your consent or a contract and when the processing carried out by automated means. I will provide the data in a structured, commonly used and machine-readable format.
Right to object (article 21 GDPR)
You can object to the processing of data I do when it is based on my legitimate interests.
Right to retrieve your consent
At any given time, you also have the right to retrieve your consent, when this is my legal basis to process your personal data.