We are not interested in tracking user data or metadata for profit or for building personally identifiable "profiles".
This room server, by design, does not replicate any SSB feeds whatsoever. If we do not host user content, we cannot track that kind of data at all.
We also do not persistently store IP addresses of members or visitors.
There is only minimal amount of information that this server knows of its members and visitors, which are:
We use the external service of haveibeenpwned.com (HIBP) to check if a member's login password is contained in a known data leak, making them susceptible to a credential stuffing attack. Since we only send a subset of the hashed password to HIBP, the actual password is not sent to HIBP, nor is any other member information. The technique is explained in more detail in this blog article. We list this here in the interests of transparency, since an error message indicating the use of the HIBP service will be displayed if there is an attempt to use a leaked password. The HIBP service is not used for any member who solely uses Sign-In with SSB and not the password-based login.