Privacy Policy

I don’t want my room to be listed here!

Please refer to the documentation for owners.

Data Processing collects and stores information about chat rooms and domains in the Jabber/XMPP network. In this document, we will refer to these rooms as MUCs (short for "Multi-User Chats"). Only data of persistent MUCs is stored.

Data associated with Chat Rooms

The following data is collected and stored about a MUC:

  • Its identifying address (Jabber ID, JID).
  • The number of users last seen online in the MUC, as well as a moving average over this number.
  • Whether the MUC can be joined into by everybody (muc_open flag and not muc_passwordprotected flag).
  • Whether the MUC shall be publicly listed (muc_public flag)
  • The timestamp of the last time successfully made contact with the MUC
  • Whether the MUC exposes the addresses of users (muc_semianonymous and muc_nonanonymous flags).

In addition, for publicly listed MUCs, the following data is stored:

  • The room description (if available).
  • The room name (if available).
  • The current room subject (if available).
  • The room language (if available).
  • The URL to an anonymous web chat (if available).
  • The URL to web logs of the room (if available).
  • A (potentially downscaled) version of the avatar (if available and allowlisted).

If a room was delisted at our discretion, as described in the documentation for owners, or due to other reason, we store its address in a blocklist (legitimate interest under Art 6.1f).

Data associated with domains

For domains / services, collects and stores:

  • The domain name
  • The timestamp of last successful contact
  • The XEP-0030 identities advertised by the domain
  • The XEP-0092 software version information advertised by the domain

If a domain was delisted on our discretion, as described in the documentation for operators, or due to any other reason, we store it in a blocklist (legitimate interest under Art 6.1f).

Data obtained on the website

To ensure the correct operation of our services, we log requests made to the web service. This information is stored for up to 7 days. This is in line with Art. 6.1f with Recital 49 of the EU General Data Protection Regulation (EU-GDPR). The information we collect under these terms is:

  • Time of request
  • Which resource was requested (e.g. listing, search (including search terms), API request)
  • Full IP address of requester
  • Browser and OS version as reported by the browser
  • Size of the response
  • Status code (indication of success, failure and special conditions)
  • The amount of time it took to process the request

We delete this data after at most 7 days. We generally do not process this data further unless we have an additional legitimate reason (such as suspicion of an attack on our services).

Search terms sent to the search API are not stored.

Data Sharing allows anyone to query all information it has stored about publicly listed MUCs. This is the information seen on this website.

This is merely a convenience service, since Jabber services already expose publicly listed MUCs in directories central to their domain.

Your rights

Under the EU-GDPR, you have the right to request whether we process data of you, and which data we process (Art. 15). If you are concerned about whether your room is contained in our database, please first try to use the search function of the web service, to save us both some time. If your room is not found via the search function it is still possible that it is included as "non public" in our database (to observe it in case it should change that status in the future). You can request that information about that at the contacts below. If you want to obtain the information stored about you in our web server logs, you would have to provide us with information to identify your information in our logs and then contact us.

You have the right to rectification (Art. 16). You can rectify all data we store about your rooms yourself by using your Jabber client. There is no rectifiable personal data in our web server logs.

You have the right to erasure (Art. 17). The documentation for owners provides information about which rooms are listed and how to get a room de-listed. You cannot have your data erased from our web server logs, since we keep those under Art. 6.1f (legitimate interest via Recital 49) and thus they do not qualify for Art. 17, and in case of attacks we might need to keep the data under Art. 17.3.

You have the right to data portability (Art. 20). The room data is publicly available in machine readable format (see documentation for developers). The web server logs are not under Art. 6.1(a) or 9.2(a) or 6.1(b), so we are not obliged to provide portability for those (we are not allowed to share them anyways because they may contain PII of other users).

You have the right to object to processing (Art. 21). You can have your rooms de-listed as described in documentation for owners (if you are the owner of a room) or documentation for operators (if you are the operator of a domain which you want to have delisted). For further objections please refer to the contacts below.


Please see the legal contact information.