Privacy Policy

Last updated: April 4, 2026. This policy describes how Freedom Messenger handles data across its software, website, and hosting services.

Important: Freedom Messenger is software, not a centralized service. How your data is handled depends entirely on who operates the server you connect to. Read this policy carefully to understand the distinction between self-hosted, managed hosting, and subscription deployments.

Who We Are

Freedom Messenger is operated by a natural person (an individual, not a company or legal entity) residing in the Netherlands ("we", "us", "our"). We create and distribute self-hosted communication software designed for private team and family messaging. We do not operate a centralized messaging platform. There is no corporate entity, no board of directors, and no shareholders — this is a personal project by an individual developer.

Data Architecture

Understanding who controls your data requires understanding how Freedom Messenger is deployed. There are three distinct scenarios:

Self-Hosted Customers

If you or your organization run Freedom Messenger on your own server, the server owner is the sole data controller under GDPR. We have:

For personal and family use: GDPR explicitly exempts "purely personal or household activity" from its obligations (Article 2(2)(c)). If you run a server for your family or close friends, the formal "data controller" obligations are minimal in practice. This designation matters primarily for businesses and organizations.

No access to your server, database, messages, files, or user data
No ability to read, modify, or delete any data on self-hosted servers
No visibility into what happens on self-hosted instances
No technical means to connect to your server remotely

We are not a party to any communication that occurs on self-hosted servers. The server owner is solely responsible for data handling, retention, and compliance with applicable laws.

Managed Hosting Customers

If you subscribe to our managed hosting service, we operate the server infrastructure on your behalf. In this arrangement:

You (the server admin / customer) are the data controller
We act as a data processor, handling data solely on your instructions and for the purpose of providing the service
We access the server only for maintenance, updates, security patches, and support
We do not read message content, access uploaded files, or monitor communications
We do not analyze, mine, or profile user behavior on your server

Self-Hosted with Updates Subscription (SSH Access)

If you subscribe to the updates plan and grant us SSH access for automatic deployments, we have access solely for deploying binary updates. Specifically:

The SSH key has restricted permissions and can only restart the Freedom Messenger service and deploy new binary releases
We do not access the database, read messages, browse files, or interact with user data
We do not use SSH access for any purpose other than deploying updates
You can revoke SSH access at any time by removing our public key from your server

Website Data Collection

This section describes data collection on the Freedom Messenger marketing website (fm.ardw.net), which is separate from the messenger software itself.

Contact Forms (Web3Forms)

When you submit a contact form on our website, your name, email address, and message are sent to Web3Forms, a third-party form processing service. The submission is then forwarded to our email. We do not store form submissions on the website itself. The Web3Forms privacy policy applies to their processing of your data.

Cloudflare Pages

The website is served via Cloudflare Pages. Cloudflare may collect standard web analytics data (page views, visitor country, browser type) as part of their infrastructure. We do not use:

Google Analytics or any third-party analytics scripts
Facebook Pixel or any advertising trackers
Tracking pixels, fingerprinting scripts, or behavioral analytics
Any cookies set by us

Cloudflare may set functional cookies as part of their CDN and security services. These are governed by the Cloudflare privacy policy.

Local Storage

The website stores two preferences in your browser's localStorage:

Theme preference (light/dark mode)
Language preference (English/Russian)

These values never leave your browser and are never sent to any server.

Messenger Data

This section describes what the Freedom Messenger software itself collects when running on a server. This data is stored on the server where the software is installed and is controlled by the server owner.

Messages

Messages are stored in a SQLite database on the server
Messages are encrypted at rest using AES-256-GCM with a server-specific master key
Messages are not end-to-end encrypted — the server decrypts messages to deliver them to recipients. This means the server operator can technically access message content
End-to-end encryption using the Signal Protocol is planned for a future release (v2.0)

Files

Uploaded files are stored on the server's filesystem
EXIF metadata is automatically stripped from images to prevent inadvertent location leakage
Files are accessible only to members of the chat where they were shared

User Accounts

The following data is stored per user account:

Username — chosen by the user, required
Display name — chosen by the user, optional
Email address — optional, provided at the user's discretion
Phone number — optional, provided at the user's discretion
Password hash — derived using Argon2id (the password itself is never stored)
TOTP secret — encrypted, used for two-factor authentication

No real name, government ID, or identity verification is required to create an account.

Metadata

Message timestamps
Sender and recipient identifiers
Chat membership records
IP addresses in the rate limiter (held temporarily in memory, not permanently stored)
Login timestamps

Voice Calls

Call signaling is handled via WebSocket through the server
Audio streams are peer-to-peer (WebRTC) and do not pass through the server, except when a TURN relay is required for NAT traversal
Call metadata (who called whom, call duration) is stored as system messages in the chat

What is NOT Collected

No location data (EXIF is stripped from images)
No device fingerprinting
No usage analytics or telemetry sent to us
No contact list or address book access
No background data collection

Data Retention

Self-Hosted Servers

Data retention is determined entirely by the server owner. We have no control over, visibility into, or influence on retention policies of self-hosted servers.

Managed Hosting

Data is retained for the duration of the customer's active subscription
Upon subscription cancellation, all data on our infrastructure is deleted within 30 days unless the customer requests a backup export before cancellation
We reserve the right to delete all data at any time for any reason (see Terms of Service)

Third Parties

We use the following third-party services:

Hetzner — VPS infrastructure provider for managed hosting. Their privacy policy applies to infrastructure-level data.
Cloudflare — CDN for the marketing website. Their privacy policy applies.
Web3Forms — contact form processing. Their privacy policy applies.

We do not sell, share, rent, or transfer any data to advertisers, data brokers, marketing platforms, or any third party not listed above.

Law Enforcement

Read carefully: Our ability to respond to law enforcement requests depends entirely on the deployment model. In most cases, we simply do not have the data.

Self-Hosted Servers

We have no data to provide. We cannot access self-hosted servers. We have no database backups, no message logs, no user lists, and no encryption keys for self-hosted instances. If we receive a law enforcement request concerning a self-hosted server, we will inform the requesting authority that the data controller is the server owner and redirect the inquiry accordingly.

Managed Hosting

We may be compelled to provide server access if required by valid legal process in the jurisdiction where we operate. In such cases, we will:

Verify the legal validity and jurisdictional authority of any request
Narrow the scope of our response to the minimum required by law
Notify the customer (server admin) if we are legally permitted to do so
Provide only the specific data required by the legal instrument, not blanket access

VPS Provider Access (Important for Russian-Hosted Servers)

If your server is hosted in Russia (e.g., on Yandex Cloud, Selectel, or any Russian VPS provider): while we will not respond to Russian authorities, your VPS provider may be legally obligated to comply with Russian law enforcement requests. This means the provider could potentially access or image the server's disk, which contains the encrypted database. Messages are encrypted at rest (AES-256-GCM), so the database contents are not readable without the encryption key stored in config.toml. However, a VPS provider with physical disk access may also be able to access the config file. This risk is inherent to hosting in any jurisdiction — the hosting provider has physical access to the hardware. End-to-end encryption (planned) will eliminate this risk because even with full server access, messages will be unreadable without recipients' private keys.

For maximum protection, we recommend hosting on a VPS provider outside Russia (e.g., Hetzner in Germany/Finland) and using the Cloudflare or Stealth transport mode to ensure connectivity from Russia.

Technical Limitations

Messages stored in the database are encrypted at rest using AES-256-GCM. Providing a database dump without the corresponding encryption key does not expose message content in plaintext.

Jurisdiction

The operator of Freedom Messenger is a resident of the Netherlands. This means:

We are subject to Dutch and EU law, including GDPR. We respond only to valid legal requests from Dutch authorities or requests routed through proper EU mutual legal assistance channels.
We do not respond to direct requests from Russian authorities. Russia has no jurisdiction over us or our infrastructure. Russian court orders, SORM requests, or ORI registration demands are not legally binding on a Dutch resident.
Requests from other countries must go through the appropriate Dutch legal channels (e.g., MLAT treaties, European Investigation Orders).
The Netherlands does not mandate data retention for messaging services, does not require backdoor access to encryption, and has strong judicial oversight for surveillance requests.

Warrant Canary

As of the date of this policy's last update, we have not received any secret court orders, national security letters, gag orders, or any other classified request for user data. We have not been compelled to create any backdoors or surveillance capabilities in our software.

User Rights

You can request deletion of your account from your server administrator
You can export your data via the messenger's built-in features (when the data export feature is available)
For managed hosting customers: contact us to request data export or complete account deletion
You can delete your own messages within the messenger interface

As a Netherlands resident, we are subject to the GDPR. We follow its core principles: data minimization, purpose limitation, transparency, and the right to deletion.

Children

Our website and services (managed hosting, software distribution) are not intended for use by anyone under the age of 16. We do not knowingly collect personal data from minors through our website contact forms.

Regarding end users of the messenger software: we do not collect, store, or have access to end user data (see deployment model sections above). The server administrator is solely responsible for managing their users, including any age-related requirements under their local laws. We do not verify the age or identity of end users on any server.

Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the "last updated" date at the top of this page. For managed hosting customers, we will make reasonable efforts to notify you of material changes via email or an in-app notice. Continued use of the software or services after changes are posted constitutes acceptance of the revised policy.