A shameful attempt at ass-covering
Brutaldon tries to collect as little information about you as possible. The information that it collects in order to log you in to your instance and to implement client features is stored as transiently as possible.
Information that is stored until a database wipe
If you use the old login form (instance, email, password), which is only recommended if you running your own copy of brutaldon behind a firewall, the email you use to sign in will be stored along with an access token and the name of the instance you connected to. Your password will never be stored. We will never share your email with anyone for any reason, unless legally forced to do so. We will never send you email except in the case of an unforseen emergency requiring us to.
If you use the normal login form, your email will not be stored, only your instance name and access token.
Both methods of login will store your username and instance name. All of your brutaldon settings (theme, timezone, etc) are stored and associated with your username.
You can always revoke an access token through the web interface of your instance.
Information that is stored only during your session
Data stored in your session is deleted when you log out, or periodically by the server.
Data stored in the session includes:
- A reference to your information in the database.
- All of your public Mastodon profile information. This is needed for some client functionality.