Monal-im.org (Website)

A user’s IP address will be logged in the HTTP server logs. All server logs are purged every two weeks and there isn’t any way for us to associate this information with any particular individual.

Monal (App)

With Monal 5.2.0 we introduce an even more privacy-friendly push system. Please check your Monal version before continuing reading.

How to find out your Monal version

  1. Open Monal
  2. Open up the settings menu in the upper left corner (gearwheel)
  3. Scroll down to the last entry “version”

Monal (App ≥ 5.2.0)

App Resources are very limited on iOS and macOS. Monal for example can only run a limited time in the background after a user either locked the screen or switched the app. Hence, apps can not simply keep a connection to your xmpp server open 24/7 to inform you about new messages. To overcome these limitations your XMPP-Server can can request our push server to send push messages to Apple. With these push messages we can request Apple to wake up the app on your phone. Once it is woken up it has about 30 seconds to connect to your XMPP server, fetch all new messages and show a push notification for these new messages.

How push works

Every time that Monal logins at your XMPP servers, it requests your server to inform us once your received an XMPP message while Monal was closed. We therefore requests a Monal specific push token from Apple. Using this Monal specific push token our push server can send push messages via Apples push system to wake up the app on your device.

Once push messages are enabled for your Monal instance on your XMPP servers, your XMPP servers will open a encrypted server to server (s2s) connection to one of our push servers. Using this s2s connection your XMPP servers will then request our push servers to wake up Monal every time that new messages should be processed. To wake up your instance your XMPP servers send us:

  • your unique Monal specific push token that was generated by Apple
  • the domain of the XMPP server that you are using.

Push

  • We never see your messages.
  • We do not know who you are chatting with.
  • We could only ever track what XMPP domains a push token is/was using.
  • We can not identify a user.

Push-Servers

We provide two independent push server regions at the moment: Europe and US. By default, each device will choose our Europe based push region unless the device local is set to the US.

How to change the push region

  1. Open Monal
  2. Open up the settings menu in the upper left corner (gearwheel)
  3. Open the Notifications menu
  4. Scroll down
  5. Select a region

Push server regions

If you are an XMPP server administrator, and you restricted s2s connections, please allow s2s to all our regions.

RegionHostnameNotice
Europeeu.prod.push.monal-im.org
USus.prod.push.monal-im.org

Push server locations

NameRegionHosterLocationNotice
s1.eu.prod.push.monal-im.orgEuropeHetznerFinland
s2.eu.prod.push.monal-im.orgEuropePHP-FriendsGermany
s1.us.prod.push.monal-im.orgUSFosshostUSIPv4 only
s2.us.prod.push.monal-im.orgUSFosshostUS

Crash reports and app usage

Monal does track crashes and usage data anonymously using the tools provided by Apple. This is opt-in only and controlled by iOS and macOS global settings. If a user decides not to send any data to developers, no crash logs are sent to Monal developers.

Logs

Your local device will contain a log file with all sent and received raw XMPP messages as well as debug logs. It does contain sensitive personal data! This file will never be transferred to us, except if you explicitly (manually) send it to us (e.g. via mail).

GDPR Subject Access Requests (SAR)

European GDPR allows users to request a copy of all data retained about them. Starting with Monal 5.2.0 we no longer see your JIDs (username@domain.tld) in our push servers. We therefore are not able to send you retained data related to your JID. We furthermore are unable to provide your retained data related to your unique push token because we have no way to verify that Apple issued you a provided device ID. If you have questions regarding GDPR, please send us a mail to info@monal-im.org.

Monal (App < 5.2.0)

Monal for iOS and macOS will register for APNS push notifications via a server to server (s2s) connection from your XMPP server to our push server. Your XMPP JID alongside with a push identifier and secret token from Apple, that is only valid for this app, will be saved and logged in the push-server logs. We do not intend to track you. All server logs are purged every two weeks. Our logs allow us to see the following details:

  • Your JID (including your server’s hostname)
  • Time when you register for push notifications
  • Your apple push node and push token that was generated for Monal by Apple
  • Time when your XMPP server triggered a push notification to your Monal device

To fulfill its duty, our push server has to hold some information associated with an Apple push token, until Apple marks the token a deleted, which usually means you have uninstalled the app (Info: Apple confirms if a token is still valid on every push). In detail these information consists of:

  • The Apple push token
  • The timestamp of the last push error
  • The timestamp of the last successful push
  • The timestamp of the registration of your device with Monal’s push-server
  • The timestamp when the registration was renewed
  • A random UUID identifying your device
  • A random secret used by your XMPP server to authenticate a push

Push server locations

NameHosterLocationNotice
ios13push.monal.imAWSUSProvided by Anurodh Pokharel
IPv4 only
push.monal.imAWSUSProvided by Anurodh Pokharel
IPv4 only
iOS 12 only

Crash reports and app usage

Monal does track crashes and usage data anonymously using the tools provided by Apple. This is opt-in only and controlled by iOS and macOS global settings. If a user decides not to send any data to developers, no crash logs are sent to Monal developers.

Logs

Your local device will contain a log file with all sent and received raw XMPP messages as well as debug logs. It does contain sensitive personal data! This file will never be transferred to us, except if you explicitly (manually) send it to us (e.g. via mail).

GDPR Subject Access Requests (SAR)

European GDPR allows users to request a copy of all data retained about them. Please send GDPR requests to info@monal-im.org. As by GDPR we need to validate your JID before answering to your inquiry. Therefore, we will provide you a JID you must send a confirmation to, before we can answer your request and send you all retained data related to your JID.