Monal Website
You can find our latest privacy policy for our website here: Website Privacy Policy

Monal App
Our privacy policy may differ between app versions. Before reading our privacy policy for our App you first need to find out the Monal version that you are using.

How to find out your Monal version

1. Open Monal
2. Open up the settings menu in the upper left corner (gearwheel)
3. Scroll down to the last entry “version”

Monal App Privacy Policies

Releases	Privacy Policy
6.0 and newer	Privacy Policy Rev 003
5.2.0 up to 5.4.x	Privacy Policy Rev 002
before 5.2.0	Privacy Policy Rev 001

Privacy Monal App 5.2.0 - 5.4.x

App Resources are very limited on iOS and macOS. Monal for example can only run a limited time in the background after a user either locked the screen or switched the app. Hence, apps can not simply keep a connection to your xmpp server open 24/7 to inform you about new messages. To overcome these limitations your XMPP-Server can can request our push server to send push messages to Apple. With these push messages we can request Apple to wake up the app on your phone. Once it is woken up it has about 30 seconds to connect to your XMPP server, fetch all new messages and show a push notification for these new messages.

How push works

Every time that Monal logins at your XMPP servers, it requests your server to inform us once your received an XMPP message while Monal was closed. We therefore requests a Monal specific push token from Apple. Using this Monal specific push token our push server can send push messages via Apples push system to wake up the app on your device.

Once push messages are enabled for your Monal instance on your XMPP servers, your XMPP servers will open a encrypted server to server (s2s) connection to one of our push servers. Using this s2s connection your XMPP servers will then request our push servers to wake up Monal every time that new messages should be processed. To wake up your instance your XMPP servers send us:

• your unique Monal specific push token that was generated by Apple
• the domain of the XMPP server that you are using.

Push

• We never see your messages.
• We do not know who you are chatting with.
• We could only ever track what XMPP domains a push token is/was using.
• We can not identify a user.

Push-Servers

We provide two independent push server regions at the moment: Europe and US. By default, each device will choose our Europe based push region unless the device local is set to the US.

How to change the push region

1. Open Monal
2. Open up the settings menu in the upper left corner (gearwheel)
3. Open the Notifications menu
4. Scroll down
5. Select a region

Push server regions

If you are an XMPP server administrator, and you restricted s2s connections, please allow s2s to all our regions.

Push server locations

Crash reports and app usage

Monal does track crashes and usage data anonymously using the tools provided by Apple. This is opt-in only and controlled by iOS and macOS global settings. If a user decides not to send any data to developers, no crash logs are sent to Monal developers.

Logs

Your local device will contain a log file with all sent and received raw XMPP messages as well as debug logs. It does contain sensitive personal data! This file will never be transferred to us, except if you explicitly (manually) send it to us (e.g. via mail).

GDPR Subject Access Requests (SAR)

European GDPR allows users to request a copy of all data retained about them. Starting with Monal 5.2.0 we no longer see your JIDs (username@domain.tld) in our push servers. We therefore are not able to send you retained data related to your JID. We furthermore are unable to provide your retained data related to your unique push token because we have no way to verify that Apple issued you a provided token. If you have questions regarding GDPR, please send us a mail to info@monal-im.org.