Data Protection Notice and Terms of Service

Last updated: 5 July 2022

1. Who we are

eupolicy.social (hereafter “we”, “us” or “the service”) is a non-profit donation-based service that provides Mastodon social media accounts to the EU policy bubble (“you”). For the purpose of connecting and interacting with other Mastodon or Fediverse accounts, eupolicy.social processes personal data from its users and users of other instances with whom they interact. This data protection notice describes what kind of personal data we process and on what legal basis, how long we keep it and why, as well as your rights with respect to your data.

Please do not hesitate to contact us via email to for any question you might have with regard to this document or the processing of your personal data.

2. Data protection summary

We dedicate our Mastodon instance eupolicy.social to the EU policy bubble. Our small team in Brussels provides the non-profit donation-based service on a voluntary basis to offer privacy-friendly micro-blogging accounts that our users typically employ for networking, socialising and discussing ideas mainly linked to EU policy.

For the purpose of ensuring a secure interaction, the website of eupolicy.social stores the cookie ‘_mastodon_session’ with an identifier in the browser of registered and unregistered website visitors until they close their browser. For registered website visitors, the cookie ‘_session_id’ stores their login status until logout. Based on user consent, the website stores as well push notification settings in the browser. For security and debugging purposes, our server logs and stores visitor IP addresses for a maximum of 14 days. After that time, all IP addresses are removed.

eupolicy.social processes profile data in the form of posts (toots), subscriptions (following), subscribers (follower), content appreciations (likes) and promotions (boosts) for publication in the context of profile and post pages. For registered users we process your profile data to deliver the service. For users of other instances, we store and display public profile data and rely here on our legitimate interest until they object and in any case when they delete their post or other data (unsubscribe, unlike, unboost).

If you contact eupolicy.social via email or a (private) post, we use any personal data that your message may contain (such as your email address or name) only to respond to your message. We archive your message for at most 12 months. You are of course free to use a nickname and a pseudonymous email address. We process messages from our registered users to deliver the service and rely for users of other instances on their consent. We may also process messages to comply with our legal obligations.

The following information is provided according to Articles 12, 13 and 14 of the GDPR.

3. Data protection notice

For the purposes of this notice:

“User” means the natural person who interacts with eupolicy.social directly via the website or indirectly via third-party applications compatible with ActivityPub.

“Registered user” means the users with a Mastodon/ActivityPub profile.

“Profile data” means their posts (toots), subscriptions (following), subscribers (follower) content appreciations (likes) and promotions (boosts), bookmarks and profile settings.

“Subscribers” mean the accounts who follow a registered user.

“Subscriptions” mean the accounts followed by a registered user.

Scope and purpose of the processing This data protection notice applies to the processing of personal data for the provision of the microblogging service eupolicy.social. It offers information on what personal data is processed and how it is processed, and on your data subject rights.

Responsible for the processing The data controller is eupolicy.social in its capacity as the provider of the service.

Processing of personal data

Personal data processed by eupolicy.social is accessible to its administration team and, where necessary, to moderators on a need-to-know basis to ensure a secure operation. User content is published or delivered according to the user settings. For the provision of the service, eupolicy.social employs the data processors listed below that process personal data linked to the service solely on the written instruction from eupolicy.social:

(a) Website Visitors

The eupolicy.social website and APIs process the IP addresses and other metadata (as specified below) of its visitors. When accessing the service, an encrypted connection to its web server is established. To display the content correctly on the visitor’s computer or other terminal devices, the following data is processed in accordance with the HTTP and TCP/IP protocol:

  • IP address of the visitor’s internet connection
  • Operating system and operating system version of the visitor’s terminal
  • Web browser and browser version
  • Date of access to the website
  • HTTP cookie ‘_mastodon_session’ (for the duration of the website visit)

This is required for the request, processing, and display of profile data and other content on the service. After each page visit, some of the data are stored in the account profile (if logged in) and server logs. These logs serve the purpose of maintenance and security of the server and personal data herein is deleted after 14 days. Furthermore, the website employs the cookie ‘_session_id’ to store the login status of registered users until logout or until a year after the last website visit. The website also stores the notifications settings in the browser. This processing is based on Article 6 (1) (b) of the GDPR (‘processing is necessary for the performance of a contract’). This includes processing carried out in order to comply with the necessary technical and organisational protection measures.

(b) Contributors from third-party services

eupolicy.social processes personal data when users of third-party services with ActivityPub support interact with its accounts. To enrich public profile pages with profile data, the following data is processed in accordance with the requirements of the ActivityPub protocol:

  • IP address of the third-party service
  • Name of the user’s terminal software
  • Display name, account name, and profile picture
  • Current date and time
  • Profile data

Private messages are not end-to-end encrypted and are therefore in principle accessible to the eupolicy.social administrators.

This processing is necessary to provide a federated Mastodon instance and therefore based on Article 6 (1) (f) GDPR (‘processing is in our legitimate interest’) with the exception of personal data that is not required such as the display name and profile picture, the processing of which is based on Article 6 (1) (a) GDPR (‘consent’). eupolicy.social stores profile data from subscriptions from compatible third-party services until it receives via that service or directly from the user a request for deletion or objection (unsubscribe, unlike, unboost).

(c) Registered users

eupolicy.social limits registrations to users it assumes to be part of the EU policy bubble. eupolicy.social reserves the right to refuse the provision of the service to any given user for any reason. To set up accounts and manage them subsequently, the following data from registered users is processed:

  • Display name, account name, profile picture and header image
  • Login credentials consisting of an email address
  • Account description/biography
  • Content (toots), promoted, and appreciated content
  • Private messages (sent and received)
  • Subscriptions and their recent content
  • Logged-in sessions (terminal software, time and date, IP address)

If registered users post profile data, the previous section applies accordingly. Note that updating subscribers and posting profile data (including profile mentions) requires disclosure of personal data to the service of the recipients. Depending on their Mastodon server’s geographic location, the disclosure can possibly involve international data transfers that are outside of eupolicy.social’s control.

The registered user’s name and display name, profile picture and header, description, subscriptions, the own and promoted content, the content of their subscriptions, as well as their given feedback is published on their profile page.

This processing is based on Article 6 (1) (b) of the GDPR (‘processing is necessary for the performance of a contract’) with the exception of personal data that is not required such as the display name and profile picture, the processing of which is based on Article 6 (1) (a) GDPR (‘consent’). Profile data is retained until the account is deleted.

Registered users are responsible for the use of their accounts and their own compliance with the GDPR as separate controllers when they post personal data of other people.

(d) Donations via Liberapay

Users can make donations for the operation of eupolicy.social via Liberapay, which processes personal data according to their own data protection notice.

(e) Contacting us by email

If you contact eupolicy.social via email or a Mastodon private message, any personal data that your message may contain (such as your email address or name) will only be used to respond to your message and may be stored as part of an email archive. You are of course free to use a nickname and a pseudonymous email address. Such personal data will be deleted after 12 months.

Exercise your rights

You have the right to request from us access to and rectification or erasure of your personal data or restriction of processing concerning you or, where applicable, the right to object to processing or the right to data portability. Where applicable, you also have the right to withdraw your consent at any time. Please note that withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.

Please find more information on your rights on the website of the European Data Protection Supervisor.

You have, in any case, the right to lodge a complaint with the Belgian data protection authority as a supervisory authority.

4. Terms of service and moderation rules

eupolicy.social is a Mastodon instance for the EU policy bubble. Its aim is to provide a friendly and respectful discussion space for people working in the field of EU policy and to contribute to the health, diversity and growth of the Fediverse.

It is our intention that you use this service for friendly and respectful interaction with others. To that end, we hope to foster a welcoming and inclusive environment for all users.

eupolicy.social is privately owned and open to users voluntarily, it is not a public space. It is subject to a set of rules governing user behaviour. These rules are designed to enable a friendly and open atmosphere for all users. Users wishing to join eupolicy.social are expected to act without malice and in good faith. Doing otherwise may lead to removal from the service, independent of whether a user violates any rules outlined below.

  • Sexually explicit or violent media must be marked as sensitive
  • No racism, sexism, homophobia, transphobia, xenophobia, or casteism
  • No incitement of violence or promotion of violent ideologies
  • No harassment, dogpiling or doxxing of other users
  • No content that is illegal under German law
  • Do not post, favour or boost intentionally false or misleading information

Moderators on eupolicy.social may remove accounts who spam the server or are suspected of camping just to reserve an account name.

Content on eupolicy.social must not be used for the purposes of machine learning or other research purposes without the explicit consent of the users concerned.

Content on eupolicy.social beyond this page must not be archived or indexed wholesale by automated means by any user or service except for what is necessary for the normal functioning of other ActivityPub-powered instances that eupolicy.social federates with. Active users may export their following lists and posts through the export provided on their settings page or the API.

Funding

This server is funded through voluntary donations. Donations can be made via Liberapay. Thank you for your support!

Moderated servers

Mastodon generally allows you to view content from and interact with users from any other server in the Fediverse. These are the exceptions that have been made on this particular server:

Limited servers

Posts from these servers will be hidden in public timelines and conversations, and no notifications will be generated from their users interactions, unless you are following them:

Server

Reason

bgzashtita.es

Misinformation

brighteon.social

Conspiracy theories

fr13nd5.com

Misinformation

freeatlantis.com

Misinformation

mstdn.foxfam.club

Third-party bots

noagendasocial.com

Harassment

shitposter.club

Harassment

sinblr.com

Spam

bsd.moe

Harassment

freezepeach.xyz

Harassment

pawoo.net

Inappropriate content

toot.love

Harassment

Suspended servers

No data from these servers will be processed, stored or exchanged, making any interaction or communication with users from these servers impossible:

Server

Reason

10minutepleroma.com

Spam

bae.st

Inappropriate content

beefyboys.win

Hate speech

beta.birdsite.live

Third-party bots

bird.evilcyberhacker.net

Third-party bots

bird.froth.zone

Third-party bots

birdsite.b93.dece.space

Third-party bots

birdsite.cloutier.co

Third-party bots

birdsite.darkesttimeline.social

Third-party bots

birdsite.frog.fashion

Third-party bots

birdsite.gabeappleton.me

Third-party bots

birdsite.gred.al

Third-party bots

birdsite.monster

Third-party bots

birdsite.mastodon.me.uk

Third-party bots

birdsitelive.treffler.cloud

Third-party bots

birdsite.nytpu.com

Third-party bots

birdsitelive.loca.lt

Third-party bots

birdsitelive.moistgarbage.info

Third-party bots

birdsitelive.bubbletea.dev

Third-party bots

birdsite.link

Third-party bots

birdsite.jemverse.xyz

Third-party bots

birdsite.oliviaappleton.com

Third-party bots

birdsite.skye.cx

Third-party bots

bridge.birb.space

Third-party bots

birdsite.wilde.cloud

Third-party bots

birdsite.vrparty.social

Third-party bots

birdsite.toot.si

Third-party bots

birdsite.thorlaksson.com

Third-party bots

birdsite.spectreos.de

Third-party bots

birdsite.slashdev.space

Third-party bots

catgirl.life

Harassment

cnet.site

Harassment

coom.club

Harassment

cum.desupost.soy

Hate speech

cum.salon

Hate speech

daffodil-11.org

Spam

detroitriotcity.com

Hate speech

dlf.social

Inappropriate content

eientei.org

Hate speech

eveningzoo.club

Hate speech

fedi.app

Harassment

freespeechextremist.com

Hate speech

freecumextremist.com

Hate speech

gab.ai

Harassment

gab.com

Harassment

gameliberty.club

Bot that announces blocks

glindr.org

Transphobia

getgle.org

Hate speech

gitmo.life

Hate speech

glowers.club

Hate speech

leafposter.club

Hate speech

nicecrew.digital

Hate speech

ns.auction

Hate speech

paypig.org

Hate speech

iddqd.social

Harassment

kiwifarms.cc

Harassment

jaeger.website

Harassment

kiwifarms.is

Harassment

kiwifarms.net

Harassment

mouse.services

Harassment

pieville.net

Harassment

raplst.town

Harassment

twtr.wappie.land

Third-party bots

wagesofsinisdeath.com

Harassment

waifuappreciation.club

Harassment

waifu.social

Harassment

weedis.life

Spam

workers.dev

Botnet

yggdrasil.social

Hate speech

twtr.vrij.social

Third-party bots

twtr.plus

Third-party bots

twtr.carnivore.social

Third-party bots

twitter.activitypub.actor

Third-party bots

twitter.1d4.us

Third-party bots

spinster.xyz

Transphobia

solagg.com

Spam

shitpisscum.mooo.com

Hate speech

shortstackran.ch

Hate speech

ryona.agency

Hate speech

rdrama.cc

Hate speech

rakket.app

Hate speech

poa.st

Hate speech

pleroma.kitsunemimi.club

Hate speech

Attribution

Parts of these terms of service have been taken and remixed from chaos.social. This text is free to be adapted and remixed under the terms of the CC-BY (Attribution 4.0 International) license.

EUpolicy.social - A Mastodon server for the EU bubble

eupolicy.social is a Mastodon instance for the EU policy bubble. Its aim is to provide a friendly and respectful discussion space for people working in the field of EU policy and to contribute to the health, diversity and growth of the fediverse.