Monal Website
You can find our latest privacy policy for our website here: Website Privacy PolicyMonal App
Our privacy policy may differ between app versions. Before reading our privacy policy for our App you first need to find out the Monal version that you are using.How to find out your Monal version
- Open Monal
- Open up the settings menu in the upper left corner (gearwheel)
- Scroll down to the last entry “version”
Monal App Privacy Policies
Releases Privacy Policy 6.0 and newer Privacy Policy Rev 003 5.2.0 up to 5.4.x Privacy Policy Rev 002 before 5.2.0 Privacy Policy Rev 001
Privacy Monal App ≥ 6.0.0
TLDR
- We never see your messages.
- We do not know who you are chatting with.
- We can not identify a user.
- We can see your XMPP domain and a Monal specific unique device id every time you receive a push message
- We see your IP addresses if you are on a call and your XMPP server does not provide a STUN or TURN server.
- We may see your contact’s IP address if you are using our TURN server.
Structure
The App Monal may interact with Monal servers to support Push messages or if you are establishing a call with a contact but your XMPP Server does neither provide a STUN nor a TURN server.
Our privacy details are structured as follows. First, we would like to give you a short introduction how Monal is handling push messages to ensure a pleasant user experience. We will then briefly explain VoIP calls and its privacy implications. Afterwards we like to inform you how we are using crash and usage reports, logs and GDPR Subject Access Requests (SAR).
Push
App Resources are very limited on iOS and macOS. Monal for example can only run a limited time in the background after a user either locked the screen or switched the app. Hence, apps on iOS and macOS can not simply keep a connection to your XMPP server open 24/7 to inform you about new messages. To overcome these limitations your XMPP server can request our push server to send push messages to your device through Apple. With these push messages we can request Apple to wake up Monal on your device. Once it is woken up it has about 30 seconds to connect to your XMPP server, fetch all new messages and show a push notification for these new messages, if needed.
How push works
Every time that Monal loggs in at your XMPP servers, it asks your server to inform our push server once you receive an XMPP message while Monal is closed/disconnected. To do this, we request a Monal specific push token from Apple and provide this token to your XMPP server. Using this Monal specific push token your XMPP server can instruct our push server to send push messages via Apples push system to wake up the app on your device.
Once push messages are enabled for your Monal instance on all your XMPP servers, your XMPP servers will open a encrypted server to server (s2s) connection to one of our push servers. Using this s2s connection your XMPP servers will then be able to talk to our push servers. To wake up your Monal instance your XMPP servers send us:
- Your unique Monal specific push token that was generated by Apple
- The domain of the XMPP server that you are using
Push
- We never see your messages.
- We do not know who you are chatting with.
- We could only ever track what XMPP domains a push token is/was using.
- We can not identify a user.
Push-Servers
We currently provide the following independent push server regions:
- Europe
- Alpha (based in Europe, only used for debugging with higher log levels, not for production use)
Note: Our previously used US push region was unfortunately shutdown due to fosshost ceasing operation.
How to change the push region
- Open Monal
- Open up the settings menu in the upper left corner (gearwheel)
- Open the Notifications menu
- Scroll down
- Select a region
Push server regions
If you are an XMPP server administrator, and you restricted s2s connections, please allow s2s to all our regions.
Region | Hostname | Notice |
---|---|---|
Europe | eu.prod.push.monal-im.org |
Push server locations
Name | Region | Hoster | Location | Notice |
---|---|---|---|---|
s1.eu.prod.push.monal-im.org | Europe | Hetzner | Finland | |
s2.eu.prod.push.monal-im.org | Europe | PHP-Friends | Germany |
VoIP (STUN / TURN)
With Monal 6.0 we introduced VoIP support. To establish the connection between you and the remote party (the remote contact) Monal utilizes STUN and TURN. In general STUN (Session Traversal Utilities for NAT) is used to allow a VoIP call even when you are behind firewalls.
Calls established using only STUN will directly exchange packets (P2P) between you and your contact. Hence, your contact may see your IP address. If you do not want your contact to see your IP Address while being on a call, disable P2P connection in Monal’s privacy settings. Once disabled Monal tries to establish the call using a TURN (Traversal Using Relays around NAT) server.
Note: Not all XMPP servers currently provide STUN and TURN servers. If your XMPP server does not provide STUN and TURN servers, Monal may use our fallback servers. These fallback servers provide both STUN and TURN. You can disable Monal to use these fallback turn servers. Please note, that we may disable our fallback STUN and TURN servers at any time, if too many users are using them.
If you use our fallback servers we will see:
- Your IP Addresses
- The IPs of your contact or the IPs of their TURN-Server
- The duration of the call
We will not see the contents of that call, because these are E2E encrypted.
Crash reports and app usage
Monal does track crashes and usage data anonymously using the tools provided by Apple. This is opt-in only and controlled by iOS and macOS global settings. If a user decides not to send any data to developers, no crash logs are sent to Monal developers.
Logs
Your local device will contain a log file with all sent and received raw XMPP messages as well as debug logs. It does contain sensitive personal data! This file will never be transferred to us, except if you explicitly (manually) send it to us (e.g., via mail).
GDPR Subject Access Requests (SAR)
European GDPR allows users to request a copy of all data retained about them. Starting with Monal 5.2.0 we no longer see your JIDs (username@domain.tld) in our push servers. We therefore are not able to send you retained data related to your JID. We furthermore are unable to provide your retained data related to your unique push token because we have no way to verify that Apple issued you a provided token. If you have questions regarding GDPR, please send us a mail to info@monal-im.org.