Last updated December 3, 2023

This privacy policy describes how Moth.social and the Mammoth app ("Moth.social", “Mammoth”, "we", "us") collect, protect and use the personally identifiable information you may provide through the Moth.social website or its API or through the Mammoth app. The policy also describes the choices available to you regarding our use of your personal information and how you can access and update this information. This policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

What information do we collect?

• Basic account information: If you register on the Moth.social server, you may be asked to enter a username, an e-mail address and a password. You may also enter additional profile information such as a display name and biography, and upload a profile picture and header image. The username, display name, biography, profile picture and header image are always listed publicly.
• Posts, following and other public information: If you’re a Moth.social user, the list of people you follow is listed publicly, the same is true for your followers. When you submit a message, the date and time is stored as well as the application you submitted the message from. Messages may contain media attachments, such as pictures and videos. Public and unlisted posts are available publicly. When you feature a post on your profile, that is also publicly available information. Your posts are delivered to your followers, in some cases it means they are delivered to different servers and copies are stored there. When you delete posts, this is likewise delivered to your followers. The action of reblogging or favouriting another post is always public.
• Direct and followers-only posts: All posts by Moth.social users are stored and processed on the server. Followers-only posts are delivered to your followers and users who are mentioned in them, and direct posts are delivered only to users mentioned in them. In some cases it means they are delivered to different servers and copies are stored there. We make a good faith effort to limit the access to those posts only to authorized persons, but other servers may fail to do so. Therefore it's important to review servers your followers belong to. You may toggle an option to approve and reject new followers manually in the settings. Please keep in mind that the operators of the server and any receiving server may view such messages, and that recipients may screenshot, copy or otherwise re-share them. Do not share any sensitive information over Mastodon.
• IPs and other metadata: When you log in to Moth.social, we record the IP address you log in from, as well as the name of your browser application. All the logged in sessions are available for your review and revocation in the settings. The latest IP address used is stored for up to 12 months. We also may retain server logs which include the IP address of every request to our server.
• Mammoth personalization: When you subscribe to Smart Lists in Mammoth and/or customize the For You feed, we will store your user ID along with a list of the Smart Lists you subscribe to and your For You configuration settings. In addition, each time you launch the Mammoth app, we will record your user ID and the time. We only store the time of your most recent Mammoth session. If you choose to Personalize your For You feed with “Trending Among Follows” or “Friends of Friends” content. This includes a current list of follows, a generated fedigraph of users by public username, and a timestamp of your request to be included on the waitlist for Personalization.

What do we use your information for?

Any of the information we collect from you may be used in the following ways:

• To provide the core functionality of Mastodon, Moth.social and Mammoth. You can only interact with other people's content and post your own content when you are logged in. For example, you may follow other people to view their combined posts in your own personalized home timeline.
• To aid moderation of the community, for example comparing your IP address with other known ones to determine ban evasion or other violations.
• The email address you provide may be used to send you information, notifications about other people interacting with your content or sending you messages, and to respond to inquiries, and/or other requests or questions.
• To personalize your Mammoth user experience.

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. Among other things, your browser session, as well as the traffic between your applications and the API, are secured with SSL, and your password is hashed using a strong one-way algorithm. You may enable two-factor authentication to further secure access to your account.

What is our data retention policy?

We will make a good faith effort to: