Terms of Service Matrix | The Gràdhfur Pack

Terms of Service & Privacy Policy

On this page you will find the Terms of Service as well as the Privacy Policy for the in-house Matrix/Element communications server of the Gràdhfur Pack, "gradhfur-comms.org".

You should take note of and consider reading these documents before creating your account.

The reasons and needs for having our own self-managed architecture and communication channels can be found here.

⬇️ Terms of Service

⬇️ Privacy Policy

Effective date of these Terms of Service (ToS): 1st June 2026

Date of last edit: 31st May 2026

These ToS apply to any Matrix Account which has been created on our self-hosted Matrix homeserver gradhfur-comms.org since the effective date listed above as well as all currently existing user accounts at the time of the aforementioned effective date. In case of changes to these ToS by the Gràdhfur pack leadership, affected users will be notified beforehand.

These ToS govern your use and access of the communication Service (as defined below). Please read this document carefully before accessing or using the Service. By accessing or using the Service in any way, whether you have created a Matrix account on the gradhfur-comms.org homeserver, or whether you are accessing content federated from the gradhfur-comms.org homeserver to another Matrix homeserver, you agree to and are bound by these ToS.

If you do not agree to all of the terms and conditions contained in this document, you are barred from using our services and you will refrain from accessing content federated from this homeserver.

For any questions or issues please contact us per Email at:
GradhfurPack_Therians@proton.me 👈

1. Introduction

1.1 Definition of terms

Where you read the terms "Gràdhfur Pack" or "Gràdhfur-Rudel" (both terms are used synonymously), it refers to the German therian-group "Gràdhfur Pack" based in the area around Leipzig, Saxony, Germany. As outlined in the imprint of its official website, the Gràdhfur Pack is not a corporation nor business entity nor a registered association, but rather a privately managed open friend group with an online presence.

The management and responsibility of the Architecture and Service outlined in this document lies with the leadership of the Gràdhfur Pack and the internal moderation personnel designated by it, which are henceforth referred to as such or by terms such as "we", "us", or "Gradhfur-comms.org".

Where you read terms such as "you" or "user", it refers to any person which has created (or is intending to create) an account for the usage of our Service and is thus bound by this ToS and Privacy Policy.

Where you read the term "Architecture", it refers to the relevant hardware directly under our control which is used to provide this communication Service. This also serves as an umbrella term which includes any basic software needed to run the machine, for example its operating system, as well as any external hardware specifically included into our Service for the sole purpose of transmitting data (e.g. Cloudflare servers). Furthermore, systems for moderation and security also count towards this term. The main hardware is owned, managed, and maintained by the Gràdhfur Pack leadership as well as their designated internal personnel.

Where you read the term "Service", it refers to the access and use of the semi-public gradhfur-comms.org homeserver and the services made available at gradhfur-comms.org by the Gràdhfur Pack which store your account and personal conversation history, providing services such as bots and bridges, and communicating via the open Matrix decentralised communication protocol with the public Matrix Network. The gradhfur-comms.org homeserver and the Service it provides operate predominantly within Germany, are owned privately by a natural person, and are intended as a non-profit and non-commercial means of communication between a select group of friends, with an overall low user count somewhere in the double digits. Access is strictly controlled by the manual processing of member applications sent in from the public.

The Matrix protocol is licensed by The Matrix.org Foundation which makes it available to third parties who set up their own homeserver, such as the Gràdhfur Pack leadership. These ToS do not apply to such Matrix servers run by anyone else - Matrix is an open network like the Web and this agreement only applies to the server (gradhfur-comms.org) provided by the Gràdhfur Pack leadership as well as any content on said server or user accounts created on and managed by said server.

1.2 Changes to the ToS

If necessary, these ToS will be updated with new or updated information. Your access and use of the homeserver is always subject to the most current version of the ToS. You can check the version of this document by either consulting section 10.1 or by the effective data as well as date of last edit displayed at the top of this document. You can always access the most recent version of these ToS at the Gràdhfur Pack's official website.

You are prohibited from changing these ToS through any means on either the device you use to display them or through any means (specifically intrusion or data manipulation) regarding our website provider, and you have no rights or claims towards us resulting from such unsanctioned changes.

The Gràdhfur Pack leadership will notify all current users in case of ToS changes, and thus give them the opportunity to react to changes in a timely manner. Should a user decide to no longer agree with the current version of the ToS, they are barred from using our Service and they are to refrain from accessing content federated from this homeserver. In such a case, the relevant user can request the deletion of their user account by Email via GradhfurPack_Therians@proton.me or do it themselves (as described in section 2.5).

By continuing to use the Service, you will implicitly accept the changes we make.

1.3 Breach of terms

If you breach any of these ToS, your authorisation to access or use the Service may be automatically terminated. In the event of such a breach, we may also block, restrict, disable, suspend, or terminate your access to all or part of the Service at any time at our sole discretion, without prior notice or liability to you.

Should the relevant violations be of an exceptionally grave nature, we may disclose the situation to the competent legitimate authorities (see section 2.5.1 of our Privacy Policy) for the purpose of criminal prosecution.

You may appeal these actions by emailing GradhfurPack_Therians@proton.me. However, we do not guarantee that your use of the Service will be reinstated.

1.4 Revoking consent

If you have previously agreed to the latest version of these ToS, you may revoke your consent at any point in time at your own discretion. However, should you choose to revoke your consent, you are immediately barred from using our Service and you are to refrain from accessing content federated from this homeserver. Deleting your user account (as described in section 2.5) will be treated as the act of revoking consent. Any (personal) data stored or user behaviour recorded up until the time of you revoking consent remain subject to these ToS and the Privacy Policy.

1.5 Multilingual document

These ToS are available in multiple languages. Translations conducted by us to the best of our abilities are purely provided for the goal of convenience and ease of understanding of the reader. However, despite our best efforts, we cannot declare to be able to conclusively guarantee the legal uniformity of all linguistic variations of these ToS. In case of any difference between such variations of the ToS, the English version always takes precedence.

In that sense, should you become aware of differences across different linguistic variations of these ToS, please consider letting us know at GradhfurPack_Therians@proton.me so we can react accordingly and make necessary edits.

1.6 English, not legalese

Most ToS documents are unreadable. They are written by lawyers and for lawyers, and in our opinion are not very effective. Outlining rules, responsibilities, and rights is important, and we want you to understand the issues involved. For that reason, we decided to use plain English instead as much as possible, to make our terms as clear as possible.

Should you still struggle with understanding specific points of our ToS, please contact us at GradhfurPack_Therians@proton.me so we can hopefully clear up any confusion or questions in a more direct conversation.

2. Use of the service

2.1 Account creation

In order to be allowed to create a Matrix account for our Service, you must fulfil certain criteria. You must:

be at least thirteen (13) years of age
be fluent in either the English or German language
only create one (1) user account for your own personal use to represent yourself on the homeserver
not be in possession or control of a previously created user account on our homeserver
not be attempting to dodge consequences previously applied by us to a previous user account you own / have owned or control / have controlled
be intending to primarily use the Service for communication within Matrix spaces and rooms directly created and moderated by the Gràdhfur pack leadership and its designated internal personnel
be intending to utilise the account for personal use only and to not share access to or control of the account with any other individuals beside yourself

By accepting these ToS and creating your account, you declare that you have read all these criteria and that you claim to fulfil them. If any deception on your part is discovered at any point in time, consequences as described in section 1.3 will be applied.

On the gradhfur-comms.org homeserver, Matrix accounts can only be created by using a third-party reference in the form of an Email address. The specific choice of this reference lies with the user and we are not liable for any problems or damages that arise due to the usage of a specific third-party reference for this purpose (details in section 5).

2.2 Account security

You are responsible for maintaining the confidentiality of your account information, including usernames and passwords, and for any and all activities that occur under your account. If you become aware of any unauthorised use of your account or any other breach of security, please reach out to GradhfurPack_Therians@proton.me where we will do our best to support you with this issue. Please be aware that our ability to help in these situations is limited - this is for your own protection. In most cases, we do not reset passwords or reactivate accounts and would only ever do so under in-person verification of identity, for example via video call or presenting a photo ID.

2.3 Account restrictions

The Gràdhfur Pack homeserver does not impose time-frame specific limits on the volume of data transmitted by users. We provide our Service completely free of charge and we do not gain monetary profit from the Service. However, we ask all our users to stick to normal usage levels on a "play nice" basis and to refrain from excessive upload behaviour (explained in more detail in section 6.2).

Due to the specific base use case of our Service, we will restrict user accounts in a manner of ways. These restrictions for unverified user accounts (see section 2.4) include:

disabling of initiating direct messaging (DM-ing) with other users
prohibiting the creation of Matrix spaces and rooms through the user

These restrictions are in place to ensure security and to prevent abuse of either other users, our Service, or our Architecture. Trying to circumvent these restrictions is strictly prohibited.

The creation of user-controlled Matrix spaces and rooms is allowed for verified users (see section 2.4), however it is considered common curtsey to ask the Gràdhfur Pack leadership or its designated internal personnel for authorisation before the creation of a space or room (see section 2.6 for more information).

2.4 Account verification

This label has nothing to do with the act of verifying an Email address on account creation or as a later addition, this section deals with something entirely different.
The primary intended use of this Service is communication via Matrix spaces and rooms directly created and moderated by the Gràdhfur Pack leadership and its designated internal personnel. As such, new user accounts do not count as verified unless the user has followed the application process of the Gràdhfur Pack and has been accepted.

If a user decides to no longer participate in said Matrix spaces and rooms by either prolonged inactivity on the Service or by actively quitting said communication channels, we reserve the right to reverse the verification of the relevant user account and to re-impose any previously lifted restrictions as stated under section 2.3 of this document at our sole discretion, without prior notice or liability to the user. These actions can be appealed by emailing GradhfurPack_Therians@proton.me.

2.5 Account deletion

The user is able to manually delete their Matrix account on our homeserver at any point. However, messages of previous conversations may remain stored unless manually deleted by the user beforehand or manually configured to delete during the process of account deletion.

We reserve the right to close and delete the account of a user without prior notice or liability to the user at our sole discretion in including but not limited to the following cases:

breach of ToS as described in section 1.3
prolonged Service-wide inactivity of the user (> two (2) months)
initial Service-wide inactivity of the user (five (5) days after account creation)
reasonable suspicion of account being compromised by third parties
rejection of user-submitted application for Gràdhfur Pack membership
unjustified usage of our Service (no active DMs with other users, no longer participating in Matrix spaces and rooms directly created and moderated by the Gràdhfur pack leadership and its designated internal personnel)
impersonation of a prior or current user, bot, or person
reasonable suspicion of multiple accounts belonging to / being under the control of the same user ("alternative accounts")

These actions can be appealed by emailing GradhfurPack_Therians@proton.me.

2.6 User-created Matrix spaces and rooms

As described in section 2.3, the creation of Matrix spaces and rooms by users is prohibited for unverified users. As such, verified users do not have this restriction. However, it is still considered common curtsey to ask the Gràdhfur Pack leadership or its designated internal personnel for authorisation before the creation of a space or room.

We reserve the following rights in regards to user-created communication channels created on our service:

moderation in a mostly observational role
vetoing local rules
dictating local rules
forcing ownership change without prior notice or liability to the current owner(s) or the users of the relevant space and rooms at our sole discretion
closing and deletion without prior notice or liability to the owner(s) or the users of the relevant space and rooms at our sole discretion

2.7 Audio/Video Calls

We provide our users the option of audio/video calls for interacting with other users, however we only recommend calls with up to 6-8 participants. Due to technical constraints of our Architecture, we cannot support a cloud-based approach using LiveKit (like e.g. on matrix.org) that would provide conference-like quality with a large number of participants. Instead we are bound to use a mesh WebRTC topology utilising TURN, which sadly starts to degrade when more than the aforementioned number of participants are present within a single call.

2.8 User Reporting

If you notice behaviour of another user that goes directly against the ToS or is otherwise abominable, you may use the built-in report feature of the Element client. You can find this feature my hovering over / long-pressing the relevant message, selecting the 3 dots from the menu that pops up, and pressing the "Report" button.
The moderation team of the gradhfur-comms.org homeserver has ensured that it will catch new reports quickly and promises to process them as fast as possible to resolve the situation.

2.9 Modification of the Service

We may change or modify the Service from time to time. We shall only be required to provide you with reasonable notice of a change or modification to the Service in advance if the change or modification may substantially adversely affect your use of the Service. This may include circumstances such as maintenance, security, legal compliance, technical limitations, and the protection of the stability and integrity of the Service.

2.10 Regular data erasure

Due to digital storage constraints of our Architecture, we will exercise periodic deletion of a selection of oldest messages as well as any purposeless oldest data. Such deletions will happen without prior notice or liability to the users of the Service and at our sole discretion. Should a user request us to retain specific messages or data scheduled for erasure, we are not obligated to oblige.

For media files specifically, we automatically clear out locally stored media (e.g. images and videos sent directly via chat) every 6 months, and cached remote media (e.g. GIF links) every 3 months.

2.11 Support

Support for the gradhfur-comms.org homeserver is provided on a reasonable efforts basis. Furthermore, due to the small size of our moderation team we cannot provide 24/7 support. Queries sent to GradhfurPack_Therians@proton.me will be addressed on a reasonable efforts basis by the team. Phone support is not provided.

2.12 Official Channels / Official Homeserver Bot

The gradhfur-comms.org homeserver has implemented a custom bot that is pivotal to the interactions between users and our administration. This official bot is defined as and can be recognised as follows:

Displayname (may change): ᘛ Skogvættir ᘚ [GRÀDHFUR-BOT]
Username (CANNOT change): @bot.maubot:gradhfur-comms.org

The usage of this bot to communicate with our users includes but is not limited to the following situations:

send an automatic welcome message upon user account creation
informing users of news and announcements regarding the homeserver and the Service it provides
informing users of their account verification status (see section 2.4)
used as an initial messenger during the application process for membership in the Gràdhfur Pack
inquire more information from a user after they filed a user report via Element's built-in mechanics
convey warnings and notices to users that have violated or are about to violate our ToS or our Privacy Policy

The bot will automatically invite a new user account to a private messaging chat where such messages will be sent to. All our users are expected to accept this invite so they can react to any new information from the homeserver administration in a timely manner. Furthermore, the bot and our administrators cannot react to user replies sent through the same channel used by the bot ("no-reply"-constraint). We are not liable for any damages or issues that arise from any user ignoring this bot, its messages, or the "no-reply"-constraint of the bot.

3. Intellectual Property Rights

3.1 Who owns the IPR of messages and files

We do not claim intellectual property rights over rooms, message content or files uploaded to the Service. You acknowledge and agree that we have no liability of any kind should anyone you grant access to your messages or files modify, destroy, corrupt, copy or distribute them, or violate the ToS or other limitations that you may impose on the use of your shared content.

By posting or uploading your messages or files, you represent and warrant that you own or otherwise control all of the intellectual property rights and other rights to your user materials as described in these ToS, including all the rights necessary for you to post or upload said messages or files. You hereby grant us the right to use such user materials for the purpose of providing the Service to you.

You are solely and entirely responsible for all of your messages and files that you post or otherwise submit via the Service. You shall assume all risks associated with the use of said content, including any reliance on its accuracy, completeness, or usefulness. We do not guarantee the accuracy, integrity, or quality of your messages or files.

3.2 User Content

We do not accept liability for any user-uploaded content. When we become aware of any immoral content (see section 6.3), we remove or disable access to it, and apply sanctions such as suspension or deactivation.
To appeal action taken against your account by these measures, email us at GradhfurPack_Therians@proton.me.

4. Reliability

4.1 Service accessibility

Due to technical constraints of our Architecture (e.g. see section 4.2) as well as the general unreliability of the Internet, we cannot guarantee that the Service will be accessible at all times. We do not offer contracted SLA for availability of the Service and your data.

We shall use reasonable skill and care to provide the Service substantially free of material defects. Your sole and exclusive remedy (and our sole and exclusive obligation) in the event of such a material defect arising will be for us to rectify the defect within a reasonable period of time.

We reserve the rights to (in last resort situations) cancel the Service indefinitely without replacement and to completely destroy any hardware or data related to the Service without prior notice or liability to the users at our sole discretion, as described in section 2.5 of our Privacy Policy.

Subject to the paragraphs above, you acknowledge and agree that we shall not be liable for any failure to store your materials on the gradhfur-comms.org homeserver at any time.

4.2 Scheduled restarts

Please take note of the fact that around 5am CET/CEST each day, our Architecture will automatically restart itself in order to renew credentials, update configurations, make data backups, etc. This process is expected to not last longer than a few minutes. Naturally, the Service will always be unavailable to users during this time.

Please refrain from active participation over the Service (e.g. writing messages, changing account settings, etc) from at least 5 (five) minutes both before and after the specified restart time to prevent possible data loss.

4.3 Maintenance

We will conduct maintenance on the Service and our Architecture from time to time, which will make the Service inaccessible during these times. Usually we make sure to announce these maintenance periods at least 48 (fourty-eight) hours beforehand, however we reserve the right to engage in emergency maintenance at any point without prior notice or liability to the user at our sole discretion.

4.4 Report outages

Should you notice that the Service is inaccessible to you at unusual times ("usual" would be e.g. section 4.2), then please first check the status of our homeserver on the official website of the Gràdhfur-Pack. Should it display an outage or similar severe problems, let us know at GradhfurPack_Therians@proton.me so we can take a look at the problem and resolve any issues as fast as possible.

5. Indemnity and Liability

5.1 Indemnity

You agree to indemnify and hold us, our personnel, and other partners harmless from and against any claim or demand, including reasonable attorneys' fees, made by any third party due to or arising out of:

your user materials and any other content (e.g. computer viruses) that you may submit, post to or transmit through the Service, including (without limitation) a third party's use of such user materials or content (including without limitation relating to their reliance on the accuracy, completeness or usefulness of your user materials);
your access to or use of the Service (including any use by your employees, contractors or agents and all uses of your usernames and passwords, whether or not actually or expressly authorised by you, in connection with the Service);
your connection to the Service;
your violation of these ToS;
your infringement of any third party's intellectual property rights when using any of the software made available on the Service;
your violation of any rights of any third party;
your access to or use of linked sites and your connections thereto; or
any dealings between you and any third parties advertising or promoting via the Service.

5.2 Limitation of liability

In no event shall we, our personnel, and other partners be liable to you or any third party for (and in any case on any theory of liability, including breach of contract or warranty, negligence or other tortious action):

any special, punitive, incidental, indirect or consequential damages or losses of any kind (whether or not we have been advised of the possibility of such damages or losses), or
any damages or losses whatsoever resulting from loss of use, data or profits (whether direct or indirect), or
the statements or actions of any third party on or via the Service; or
any dealings with vendors or other third parties via the Service; or
any web site referenced or linked to from the Service; or
your access to or use of or inability to access or use any linked site.

Subject to the warranty set out in section 4.1, in no event shall we, our personnel, and other partners be liable to you or any third party for any other claim arising out of or in connection with (and in any case on any theory of liability, including breach of contract or warranty, negligence or other tortious action):

any unauthorised access to or alteration of your transmissions, user materials or other data;
any information that is sent or received or not sent or received;
any failure to store or loss of data, files, materials or other content; or
any services available that are delayed or interrupted.

Some jurisdictions prohibit the exclusion or limitation of liability for consequential or incidental damages. Accordingly, the limitations and exclusions set forth above may not apply to you. Notwithstanding the foregoing, our total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of these ToS shall be null, as we provide our Service free of charge and at no monetary revenue to ourselves from any source related to the Service in any way.

5.3 Third-party software

Materials and services provided by third parties are governed by separate agreements accompanying such materials and services. We offer no guarantees and assume no responsibility or liability of any type with respect to the third-party services, including any liability resulting from incompatibility between a third-party service, the gradhfur-comms.org Service, or another third-party service. You agree that you will not hold us responsible or liable with respect to the third-party services.

6. Code of conduct

6.1 Use of the Service

You agree that you shall not:

Use or attempt to gain unauthorised access to or use another's account, password, data, or computer systems or networks connected to the gradhfur-comms.org homeserver, whether through malicious attacks, password mining or any other means.
Access or attempt to access any material that you are not authorised to access.
Submit or transmit any material that violates or infringes the rights of others including, without limitation, patent, trademark, trade secret, copyright, publicity, or other proprietary rights.
Disrupt or interfere with the security of, or otherwise cause harm to, the
gradhfur-comms.org homeserver, systems resources, accounts, passwords, servers or networks connected to or accessible through the Service or any affiliated or linked sites.
Use the Service to transmit unsolicited or bulk communications to anyone at all, be they users of the Service, federated Matrix homeservers, or connected on a bridged network.
Post or otherwise submit any software, programs or files in a manner that is intended to cause harm to or disruption of another's equipment, software or other property, including any corrupted files, time bombs, Trojan horses, viruses and worms.
Disrupt, interfere with or inhibit any other user from using and enjoying the Service.
Access or use the Service in any manner that could damage, disable, overburden or impair any server we run or the network(s) connected to the Service.
Violate any applicable laws or regulations related to the access to or use of the Service, or engage in any activity prohibited by the ToS.
Violate the rights of the Gràdhfur Pack, Element (i.e., New Vector Limited and any affiliated company), or any third party (including rights of privacy and publicity).

6.2 Data upload by user

Due to technical constraints of our Architecture, the size limit on user uploads per single message is capped at 50 MB.

As mentioned in section 2.3, we do not impose time-frame specific limits on the total volume of data transmitted by the users of the Service. However, where your usage of our Service exceeds reasonable upload limits, we will reserve the right to restrict, block or otherwise fail further uploads until usage returns within the aforementioned reasonable limits.

Where your usage contravenes or otherwise conflicts with the intended use of the Service as described in these Terms, we may suspend or terminate access in accordance with section 1.3 of this document. You are responsible for monitoring your use of the Service against reasonable limits. We may audit usage from time to time to ensure the continued availability and stability of the Service for all users.

A few examples for unreasonable uploads are:

excessive text or GIF spam
".zip-bombs"
unusually or needlessly large files (e.g. videos longer than five (5) minutes, ultra high resolution images, repositories, project files, etc)

6.3 Immoral content

We regularly monitor and screen (wherever possible) the Service for immoral content (and support thereof), including but not limited to the following categories:

child sexual exploitation and abuse (CSEA)
image-based child sexual abuse material
child sexual abuse material URLs
grooming
intimate image abuse
extreme pornography offences
sexual exploitation of adults
animal cruelty
zoophilia
sexism
misogyny
misandry
homophobia, transphobia, and any other anti-LGBT content
anti-Therianthropy content
political right-wing ideologies and viewpoints
religious ideologies
wilful misinformation
unauthorised promotion of groups, therian packs, enterprises, companies, organisations, political parties, and religions
deliberate provocation of needless arguments

Any forms of such immoral content are strictly prohibited in the Service. Distribution of immoral content will result in immediate account sanctions (including immediate suspension or termination). If you encounter this type of content, please share the details in an email to GradhfurPack_Therians@proton.me.

6.4 Moral obligations

We expect and require the users of our Service to behave in a moral and objectively good manner, including but not limited to the following guidelines:

being respectful to other users
communicating in an honest and logical way
keeping communications and data within the Service in secrecy to anything and anyone outside the Service
individual desires and needs of each intractable user in reference to topics such as pronouns, trigger warnings, the usage of "tone tags", harsh language and general social contact are to be regarded and respected
Freedom of opinion and speech exists on a basis of well reasoned and understandable logic (see section 6.3)
confining heavy topics such as suicidal thoughts, depression, trauma, NSFW, and similar points to their appropriate designated chat areas
reporting violations against these ToS perpetrated by other users, especially of content as listed in section 6.3

Should you become aware of any violations against any such guidelines or the list of immoral content in section 6.3, please contact Service moderation at GradhfurPack_Therians@proton.me. Be aware that going against these guidelines is grounds for account sanctions, in extreme cases including immediate suspension or termination.

7. Warranties and Disclaimers

7.1 Warranties and Disclaimers

The gradhfur-comms.org Service is provided by the Gràdhfur Pack leadership under these ToS "as is" without warranty of any kind, either express, implied, statutory or otherwise, including, but not limited to, the implied warranties of title, non-infringement, merchantability, or fitness for a particular purpose. Without limiting the foregoing, the Gràdhfur Pack leadership makes no warranty that:

the Service will meet your requirements;
the Service will be uninterrupted, timely, secure, or error-free;
the quality of the Service will meet your expectations; and
any errors or defects in the Service will be corrected.

You acknowledge and agree that:

the Gràdhfur pack leadership does not control, endorse, or accept responsibility for any materials or services offered by third parties (except where stated otherwise), including third-party vendors and third parties accessible through linked sites;
the Gràdhfur pack leadership makes no representations or warranties whatsoever about any such third parties, their materials or services;
any dealings you may have with such third parties are at your own risk; and
the Gràdhfur pack leadership shall not be liable or responsible for any materials or services offered by third parties.

The Gràdhfur Pack leadership does not control or endorse the materials or message content found in any rooms or communities that have not been directly created by the Gràdhfur Pack leadership and its designated internal personnel. To the maximum extent permitted by law, the Gràdhfur Pack leadership will have no liability related to user materials arising under intellectual property rights, libel, privacy, publicity, obscenity or other laws. The Gràdhfur Pack leadership also disclaims all liability with respect to the misuse, loss, modification or unavailability of any user messages or files, except to the extent such issues arise directly from our failure to exercise reasonable skill and care in providing the Service.

Subject to the warranty set out in section 4.1, the use of the Service is at your own discretion and risk and with your agreement that you will be solely responsible for any damage to your computer system, loss of data or other harm that results from such activities. The Gràdhfur Pack leadership assumes no liability for any computer virus or other similar software code that is downloaded to your computer from the site or in connection with any services or materials. No advice or information, whether oral or written, obtained by you from the Gràdhfur Pack leadership or via the Service or materials shall be subject to any warranty not expressly stated in these ToS. The Gràdhfur Pack leadership will not be liable for any loss that you may incur as a result of someone else using your password or account with respect to the Service or materials, either with or without your knowledge.

Some states or jurisdictions do not allow the exclusion of implied warranties or limitations on how long an implied warranty may last, so the above limitations may not apply to you. To the extent permissible, any implied warranties are limited to ninety days. We make no representations or warranties that the availability of the Service (or any part thereof) is available for use in all jurisdictions.

7.2 Emergency service calls

The Service does not and is not intended to support or carry emergency calls to any emergency services (e.g. 110 or 112 numbers). We are not liable for any claims, damages or loss which arise from this limitation.

7.3 Governing law and Jurisdiction

These ToS and any dispute (including non-contractual disputes) arising out of them or their subject matter shall only ever be governed by the laws and be under the jurisdiction of a legitimate competent court as described in section 2.5.1 of our Privacy Policy. These ToS shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods.

7.4 Legal disputes

The gradhfur-comms.org homeserver and the Service it provides operate predominantly within Germany, are owned privately by a natural person, and are intended as a non-profit and non-commercial means of communication between a select group of friends, with an overall low user count somewhere in the double digits.

With this context, these ToS and any dispute (including non-contractual disputes) arising out of them or their subject matter shall be settled out of court due to the aforementioned small and casual nature of the Gràdhfur Pack and this Service. Be informed that if you do bring any such dispute to a court of law, we will only consider and accept the laws and decisions of legitimate authorities as described in section 2.5.1 of our Privacy Policy.
Unless contrary to the law where you reside, these ToS and all disputes (including non-contractual disputes) arising out of them or their subject matter are to be settled out of court or shall only ever be governed by the laws and authority of a competent court as described in section 2.5.1 of our Privacy Policy, and you expressly consent to and confine yourself to this approach in connection with any such dispute by using this Service.

To settle such matters, please urgently contact GradhfurPack_Therians@proton.me and we are sure we can find a solution everyone agrees with. Should you still disagree with actions or policies we have taken or written in line with our ToS or Privacy Policy, then you are barred from using our Service and you are to refrain from accessing content federated from this homeserver.

7.5 Finding legal vulnerabilities or errors within the document

If you have discovered a legal concern or error within this document, please immediately and urgently email us at GradhfurPack_Therians@proton.me while prefacing your subject line with the term "LEGAL ERROR/VULNERABILITY". We'll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. We consider such correspondence sent to us our highest priority, and work to address any issues that arise as quickly as possible.

Knowledgable law enthusiasts and experts who act in good faith are always appreciated.

8. General

8.1 License

The Service is licensed, not sold, to you by the Gràdhfur Pack leadership for use strictly in accordance with these ToS. Ownership of the Service and Architecture shall at all times remain with the Gràdhfur Pack leadership. Access to the Service is provided to you only to allow you to exercise your rights under these ToS.

8.2 Grant of License

Subject to your acceptance of, and compliance with, these ToS, the Gràdhfur Pack leadership hereby grants you a limited, non-exclusive, non-transferable, revocable, non-sublicensable licence, in and under our intellectual property rights, to access and use the Service, solely in accordance with these ToS. Unless explicitly stated otherwise, any new features provided by us that augment or enhance the current Service shall also constitute "Service" and shall be subject to these ToS. All rights not expressly granted under these ToS are retained by the Gràdhfur Pack leadership.

You may also be subject to additional terms and conditions that may apply when you use other Matrix services, third party content or third party software. If for any reason a legitimate court of competent jurisdiction (see disqualifying factors in section 2.5.1 of our Privacy Policy) finds any provision of the ToS, or any portion thereof, to be unenforceable, that provision shall be enforced to the maximum extent permissible so as to effect the intent of the parties as reflected by that provision, and the remainder of the ToS shall continue in full force and effect. Any failure by the Gràdhfur Pack leadership to enforce or exercise any provision of the ToS or related right shall not constitute a waiver of that right or provision. The section titles used in the ToS are purely for convenience and carry with them no legal or contractual effect.

9. Attribution & Acknowledgements

9.1 Attribution & Acknowledgements

These ToS are based on the Matrix.org Homeserver Terms and Matrix.org Foundation Privacy Policy by the Matrix.org Foundation, but with modifications in regards to our ethics, morals, use cases, formatting, wording, organisation of the Service and our Architecture, safety and security measures regarding our users, our partners, and ourselves, and our abilities and perceived responsibilities as a small non-profit privately owned network with very tight and controlled individual access through member applications from the public.

10. Document History

10.1 Document History

1.0.0 - first version of document - June 2026

--> return to Tutorial <--

🔝to Beginning

Effective date of this Privacy Policy: 1st June 2026

Date of last edit: 24th May 2026

This Privacy Policy applies to any Matrix Account which has been created on our self-hosted Matrix server since the effective date listed above as well as all currently existing user accounts at the time of the aforementioned effective date. In case of changes to this Privacy Policy by the Gràdhfur pack leadership, affected users will be notified beforehand.

Please read this document carefully before accessing or using the Service. By accessing or using the Service in any way, whether you have created a Matrix account on the gradhfur-comms.org homeserver, or whether you are accessing content federated from the gradhfur-comms.org homeserver to another Matrix homeserver, you agree to this Privacy Policy.

If you do not agree to the Privacy Policy described in this document, you are barred from using our services and you will refrain from accessing content federated from this homeserver.

For any questions or issues please contact us per Email at:
GradhfurPack_Therians@proton.me 👈

1. Introduction

1.1 Definition of terms

The management and responsibility of the Architecture and Service as outlined in the Terms of Service lies with the leadership of the Gràdhfur Pack and the internal moderation personnel designated by it, which are henceforth referred to as such or by terms such as "we", "us", or "Gradhfur-comms.org".

Where you read terms such as "you" or "user", it refers to any person which has created (or is intending to create) an account for the usage of our Service and is thus bound by this Privacy Policy and our Terms of Service.

Where you read the term "Architecture", it refers to the relevant hardware directly under our control which is used to provide this communication Service. This also serves as an umbrella term which includes any basic software needed to run the machine, for example its operating system, as well as any external hardware specifically included into our Service for the sole purpose of transmitting data (e.g. Cloudflare servers). Furthermore, systems for moderation and security also count towards this term. The main hardware is owned, managed, and maintained by the Gràdhfur Pack leadership as well as their designated internal personnel.

Where you read the term "Service", it refers to the access and use of the semi-public gradhfur-comms.org homeserver and the services made available at gradhfur-comms.org by the Gràdhfur Pack which store your account and personal conversation history, providing services such as bots and bridges, and communicating via the open Matrix decentralised communication protocol with the public Matrix Network. The gradhfur-comms.org homeserver and the Service it provides operate predominantly within Germany, are owned privately by a natural person, and are intended as a non-profit and non-commercial means of communication between a select group of friends, with an overall low user count somewhere in the double digits. Access is strictly controlled by the manual processing of member applications sent in from the public.

The Matrix protocol is licensed by The Matrix.org Foundation which makes it available to third parties who set up their own homeserver, such as the Gràdhfur Pack leadership. This Privacy Policy does not apply to such Matrix servers run by anyone else - Matrix is an open network like the Web and this agreement only applies to the server (gradhfur-comms.org) provided by the Gràdhfur Pack leadership.

The domain gradhfur-comms.org and its Architecture are the Data Controller for the Service and serve as the processor for data processing, hosting and management purposes.

1.2 Changes to the Privacy Policy

If necessary, this Privacy Policy will be updated with new or updated information. Your access and use of the homeserver is always subject to the most current version of the Privacy Policy. You can check the version of this document by either consulting section 7.1 or by the effective date as well as date of last edit displayed at the top of this document. You can always access the most recent version of this Privacy Policy at the Gràdhfur Pack's official website.

You are prohibited from changing this Privacy Policy through any means on either the device you use to display it or through any means (specifically intrusion or data manipulation) regarding our website provider, and you have no rights or claims towards us resulting from such unsanctioned changes.

The Gràdhfur Pack leadership will notify all current users in case of Privacy Policy changes, and thus give them the opportunity to react to changes in a timely manner. Should a user decide to no longer agree with the current version of the Privacy Policy, they are barred from using our services and they are to refrain from accessing content federated from this homeserver. In such a case, the relevant user can request the deletion of their data by Email via GradhfurPack_Therians@proton.me.

By continuing to use the Service, you will implicitly accept the changes we make.

1.3 Revoking consent

If you have previously agreed to the latest version of this Privacy Policy, you may revoke your consent at any point in time at your own discretion. However, should you choose to revoke your consent, you are immediately barred from using our Service and you are to refrain from accessing content federated from this homeserver. Deleting your user account (as described in section 2.5 of the Terms of Service) will be treated as the act of revoking consent. Any (personal) data stored or user behaviour recorded up until the time of you revoking consent remain subject to the Terms of Service and this Privacy Policy.

1.4 Multilingual document

This Privacy Policy is available in multiple languages. Translations conducted by us to the best of our abilities are purely provided for the goal of convenience and ease of understanding of the reader. However, despite our best efforts, we cannot declare to be able to conclusively guarantee the legal uniformity of all linguistic variations of this Privacy Policy. In case of any difference between such variations of the Privacy Policy, the English version always takes precedence.

In that sense, should you become aware of differences across different linguistic variations of this Privacy Policy, please consider letting us know at GradhfurPack_Therians@proton.me so we can react accordingly and make necessary edits.

1.5 English, not legalese

Most Privacy Policy documents are unreadable. They are written by lawyers and for lawyers, and in our opinion are not very effective. Data protection and privacy are especially important to us due to the nature and identity of our users, and we want you to understand the issues involved. For that reason, we decided to use plain English instead as much as possible, to make our terms as clear as possible.

Should you still struggle with understanding specific points of our Privacy Policy, please contact us at GradhfurPack_Therians@proton.me so we can hopefully clear up any confusion or questions in a more direct conversation.

2. Access to your data

2.1 Legal basis for processing user data and rights under DSGVO

2.1.1 Legal basis for processing

Gradhfur-comms.org processes your data under a performance of contract basis of processing, to provide our Service to you in an efficient and secure manner and to ensure the legal compliance and proper administration of our group. Essentially, this means that we process your data only as necessary to deliver the Service and for internal administration purposes, and in a manner that you understand and expect. We also carry out processing that is necessary to provide our Service to you under our Terms of Service and processing that is necessary to comply with our legal obligations. Where consent is required by law in relation to certain processing, we will ask for your consent.

We process your information for the purposes of providing our decentralised and end-to-end encrypted communication Service, getting in touch with you, responding to your requests, working with our suppliers to deliver the Service and enabling its features, ensuring the security of our Service, developing, fixing and improving our Service, administering our group and complying with the law (details in section 2.5.1).

The nature of the Service and its implementation results in some caveats concerning this processing, particularly in terms of DSGVO Article 17 Right to Erasure (Right to be Forgotten). We believe these caveats (discussed in the section below in detail) are in line with the broader societal interests served by providing the Service. In situations where the interests of the individual appear to be in conflict with the broader societal interests, we will seek to reconcile those differences guided by our policy.

2.1.2 Your rights as data subject

You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. Some of these rights are explored in more detail elsewhere in this document. For completeness, your rights under DSGVO are:

The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.

We may ask for proof of identity before responding to your request, e.g. a voice call, in-person meeting, or presenting a photo ID. For more details about these rights, please see the text of the DSGVO itself as well as any guidance provided by the BfDI. If you have any questions or are unsure how to exercise your rights, please contact us at GradhfurPack_Therians@proton.me.

2.1.3 Right to erasure

You can request that we forget your copy of messages and files by instructing us to deactivate your account (using a Matrix client such as the Element chat app) and selecting the option instructing us to forget your messages. What happens next depends on who else had access to the messages and files you had shared.

Any messages or files that were only accessible by your account will be deleted from our servers within 30 days.

Where you have shared messages or files with another registered Matrix user, that user will still have access to their copy of those messages or files. Apart from state events (see section 2.1.3.1 below), these messages and files will not be shared with any unregistered or new users who view the room after we have processed your request to be forgotten.

State events ("permanent room configuration data in relation to the Matrix protocol") are processed differently to non-state events ("transient content events in relation to the Matrix protocol"). State events are used by the Service to record, amongst other things, your membership in a room, the configuration of room settings, your changing of another user's power level and your banning a user from a room. Were we to erase these state events from a room entirely, it would be very damaging to other users' experience of the room, causing banned users to become unbanned, revoking legitimate administrator privileges, etc. We therefore share state events sent by your account with all non-essential data removed ('redacted'), even after we have processed your request to be forgotten. This means that your username will continue to be publicly associated with rooms in which you have participated, even after we have processed your request to be forgotten. If this is not acceptable to you, please do not use the Service.

Because an account deactivation causes the removal of any data which could be used to validate the ownership of an account, it is our policy to not reactivate deactivated accounts. This measure is in place to protect the privacy and integrity of all accounts.

2.1.3.1 Exceptional erasure

As described above, erasing a state event may result in our needing to erase the entire conversation at the same time. Deciding whether to take this drastic step will require a balancing exercise to be carried out at the time of the request, and will depend on:

the nature of the Personal Data that the user is requesting to be erased;
how many other users would have their fundamental rights and freedoms put at risk if the Right to Erasure were to be exercised
to what degree these other users would have their fundamental rights and freedoms put at risk if the Right to Erasure were to be exercised

The Personal Data contained in a state event is usually limited to the username, the timestamp and the conversation in which the state event was issued. State events only represent that a user participated in a given conversation at a given time. It is rare that this data is sensitive enough to warrant its erasure given the drastic impact this will have on other users.

Each case will be decided based on the factors listed above. In most situations we will not erase state events. In extreme situations, where not erasing state events will place people at material risk of harm, we may choose to erase state events or remove the entire conversation.

2.1.4 Data portability

Under DSGVO you have a right to request a copy of your data in a commonly-accepted format. If you would like a copy of your data, please send a request over Email to GradhfurPack_Therians@proton.me. Should you choose to exercise this right, we may ask for identity verification beforehand, e.g. through voice calls, in-person meetings, or presenting a photo ID.

2.2 Collected information

The information we collect is purely for the purpose of providing your communication service via Matrix. We do not profile users or their data on the Service.

Be aware that while we do not profile users on the Service, Matrix clients may gather usage data.

2.2.1 Information you provide to us

We collect information about you when you input it into the Service or otherwise provide it directly to us.

2.2.1.1 Account and profile information

We collect information about you when you register for an account. This information is kept to a minimum on purpose, and is restricted to:

Username
Password hash
Display Name (if you choose to provide one)
Your email address
Your verified telephone number (if you choose to provide it)
Your username and password is used to authenticate your access to the Service and to uniquely identify you within the Service.
Your password hash is stored until your account is deactivated (see 2.8 for details on how passwords are handled securely). Your username is stored indefinitely to avoid account recycling.
When you've registered your account and what SSO links you might have (i.e. 'Facebook ID', 'Google ID', etc.)
Type of account (i.e. restricted or unrestricted)

Additionally, we collect data associated with each of your sessions, specifically:

When it was created
When it finished (so we retain 'finished' sessions)
When it was last active
The last seen IP for it
The user agent we saw when it got created
Which client you used

Your email address and/or telephone number are used so that other users can look up your Matrix ID from these identifiers via the gradhfur-comms.org Identity Server. We will also use your email address to let you reset your password if you forget it, and to send you notifications about missed messages from users trying to contact you on Matrix if you enable the option. We may also send you infrequent urgent messages about platform and Service updates.

2.2.1.2 Content you provide through using the Service

We store and distribute the messages and files you share using the Service (and across the wider Matrix ecosystem via federation) as described by the Matrix protocol and according to the access rules configured within the system. Storing and sharing this content is the reason the Service exists.

This content includes any information about yourself that you choose to share.

2.2.2 Information we collect automatically as you use the Service

Device and Connection Information

Each device you use to access the Service is allocated a (user-configurable) identifier. When you access the Service, we record the device identifier, the IP address it used to connect, user agent, and the time at which it last connected to the service.

This information is gathered to help you to manage your devices - you can view and manage the list of devices by connecting to the Service with a Matrix client such as the Element app.

Currently, we log the IP addresses of everyone who accesses the Service. This data is used in order to mitigate abuse, debug operational issues, and monitor traffic patterns. Our logs are kept for not longer than 180 days.

Analytics information

In order to remain as technologically independent and secure as possible, we currently do not use either our own or any third-party software to gather any analytics information about the Service or its users that isn't already provided by the base functionality of Matrix and the homeserver (e.g. timestamp of last active moment of an account). Should this change in the future, you will be notified and asked for consent as explained in section 1.2 of this document.

2.3 Sharing with third parties

2.3.1 Sharing data with connected services

We may share your information when working with our suppliers in order to provide the Service.

In addition, the gradhfur-comms.org homeserver is a decentralised and open service. This means that, to support communication between users on different homeservers or different messaging platforms, your username, display name and messages and files are sometimes shared with other services that are connected with the gradhfur-comms.org homeserver.

2.3.1.1 Federation

Federation with other homeservers is currently disabled for the gradhfur-comms.org homeserver due to technical constraints of our Architecture as well as reasonable security concerns, so this section is provided purely for completeness. Should we decide to open up the homeserver to federation in the future, we declare that our users will be notified beforehand as described in section 1.2 of this document.

Matrix homeservers share user data with the wider ecosystem over federation.

When you send messages or files in a room, a copy of the data is sent to all participants in the room, including (depending on room settings) participants who join the room in the future. If these participants are on remote homeservers, your username, display name, messages and files may be replicated across each participating homeserver.

We will forget your copy of your data upon your request. We will also forward your request to be forgotten onto federated homeservers. However - these homeservers are outside our span of control, so we cannot guarantee they will forget your data.

Federated homeservers can be located anywhere in the world, and may be subject to local laws and regulations.

Access control settings are shared between homeservers, as well as any requests to remove messages by "redactions", or remove personal data under DSGVO Article 17 Right to Erasure (Right to be Forgotten). Federated homeservers and Matrix clients which respect the Matrix protocol are expected to honour these controls and redaction/erasure requests, but other federated homeservers are outside of the span of our control, and we cannot guarantee how this data will be processed. Federated homeservers can also be located in any territory, and will most likely be subject to the local regulations of that territory.

2.3.1.2 Bridging

Some Matrix rooms are bridged to third-party services, such as IRC networks, Twitter (X) or email. When a room has been bridged, your username, display name, messages and file transfers may be duplicated on the bridged service where supported.

It may not be technically possible to support your management of your data once it has been copied onto a bridged service. Bridged services can be located anywhere in the world, and are subject to local laws and regulations.

Access control settings, requests to remove messages by "redactions" or remove personal data under DSGVO Article 17 Right to Erasure (Right to be Forgotten) are shared to bridging services, which are expected to honour them to the best of their ability. Be aware that not all bridged networks or bridges support the necessary technical capabilities to limit, remove or erase messages. If this is not acceptable to you, please do not use bridged rooms.

2.3.1.3 Integration services (bots and widgets)

The gradhfur-comms.org homeserver provides a range of integrations in the form of Bots (automated participants in rooms) and in the future perhaps integrations in the form of Widgets (miniature web applications accessed as part of a Matrix Client).
Bots and Widgets currently have access to all the messages and files in any room in which they participate.

2.4 Transfer of your data

If you use our Service, your data will possibly be transferred outside of the EU to other homeservers and services connected with gradhfur-comms.org as this is necessary to provide the Service to you. By the very nature of our Service, such transfers will occur regularly and we have no control over the safeguards adopted by third party recipients.

Where we engage suppliers to process your data outside the EU we will ensure that appropriate safeguards such as the Standard Contractual Clauses are in place.

2.5 Sharing data in compliance with enforcement requests and applicable laws

In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to:

comply with any applicable law, regulation, legal process or governmental request accompanied by excessive force on the Gràdhfur Pack leadership,
protect the security or integrity of our products and services (e.g. for a security audit),
protect ourselves, the Service, and the Service's users from harm or immoral activities, or
respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the serious bodily harm of any person.

Details on how we share data with Law Enforcement agencies can be found in the sections following below.

2.5.1 Legitimate, valid, and eligible authorities

It is no secret that governments can be corrupted or high-jacked, and that the text of the law can be abused, misused, ignored, or changed to allow oppression and baseless persecution on the whims of a certain group currently in power. This section is to be understood as a safeguard for and reassurance to the users of our Service that we will protect their data and (digital) identities to the best of our abilities from immoral access and abuse through governmental forces.

As a baseline, we only consider and take note of legal correspondence issued by a German authority, and our ToS and Privacy Policy shall only ever be governed by the laws of such an authority. However, following is a list of disqualifying factors that could potentially render any such authority illegitimate and invalid in our eyes.

The privacy, freedoms, safety, and security of our users, our partners, and ourselves are of our highest priority.

In that sense, should we believe that any ruling or requested information could potentially be used against the interests or wellbeing of any of our users, our partners, or ourselves on immoral grounds or intentions, we will choose to be non-compliant. This stance will apply in the following list of scenarios, which includes but is not limited to the following:

suspected corruption of the requesting party or their partners as per our judgement
suspicion as per our judgement of open, hidden, or implied fascist, religious, conservative, or otherwise political right-wing intentions with the requested data or pronounced ruling such as e.g. discrimination, propaganda, persecution based on identity and self-understanding, biological or psychological traits, political stance, or personal belief
suspicion as per our judgement that the requesting party or their partners are likely to be compromised in the future and could potentially abuse the data or the ruling as described above
request or ruling is not following protocol as described or seems otherwise counterfeit or invalid

As a last resort, the safekeeping of data in case of immoral requests or rulings as described above will be enforced through drastic actions which are almost certain to impact and destroy data unrelated to the request, and we cannot be held liable should we have to resort to these actions in order to ensure the privacy, freedoms, safety, and security of our users, our partners, and ourselves. Likewise, we cannot be held liable if any relevant data should survive these drastic last resort actions.

Furthermore, we want to mention that in addition to the baseline drawn above, we may consider certain institutions or groups as legitimate authorities in the context of our disqualifying factors at our own judgement and sole discretion and without prior notice or liability to our users, despite the possibility that those institutions or groups are not generally being labelled, perceived, or treated as such.

2.5.2 Law Enforcement Requests

To make a request, you will need a court order issued by a valid (see section 2.5.1) German authority in compliance with the § 113 TKG, G10, and StPO. We respond to requests from Germany only, and only if the relevant authority is valid as explained under section 2.5.1 of this document.

These requests must be sent to GradhfurPack_Therians@proton.me and must be clearly marked as such via the subject line to summarise the request as well as to convey any existing urgency or deadlines. Such requests must include the following:

details on the competent court as per § 100e(1) StPO and § 100e(2) StPO
details on the purpose of the request as per § 100e(3) StPO and § 100e(4) StPO contextualised via § 100a(2) StPO

We will only transfer information using end-to-end encryption.

2.5.3 Emergency Requests from Government Agencies/Law Enforcement/Legitimate Authorities

We may disclose user information to government, law enforcement agencies, or legitimate authorities – without a court order – if we have a good faith belief that an emergency involving imminent danger of death or serious physical injury requires disclosure of information related to the emergency without delay to the best of our abilities.

Send your emergency request to GradhfurPack_Therians@proton.me and include “GOV/LAW/AUTH EMERGENCY” in the subject line. Furthermore, we must ask you to adhere to these guidelines:

Indicate why you think this is an emergency situation
Include all information you have about the situation so that we may evaluate the urgency of your request, making sure that you indicate if the request is confidential.
Include the details of your agency, and your contact details.
If you make no mention of confidentiality, we will notify the user(s) affected.

We reserve the right to briefly fact-check any information provided to us within the request in order to confirm its authenticity, urgency, and emergency character before surrendering any requested data. On the grounds described in section 2.5.1, we may choose to be non-compliant with the request.

2.5.4 Held Information

The data available on gradhfur-comms.org users is limited to that which is described in our Privacy Policy. As per the Matrix protocol, homeserver administrators are unable to view data which is end-to-end encrypted, making this type of data out of scope for these requests.

We do not voluntarily provide governments with access to data about users for any reason, including for the purposes of law enforcement, intelligence gathering, or other surveillance. As noted above, we only provide information to third parties after receiving a valid court order and judging the requesting party as described in section 2.5.1 of this document.

2.5.5 Notification to gradhfur-comms.org Users

We aim for total transparency with our users when legal requests for information or complaints affect their account. It is our policy to notify users and provide them with a copy of any legal requests regarding their account or site, unless we are prohibited from doing so by a valid court order from a legitimate party as described under section 2.5.1 of this document. When the prohibition from notifying users expires, we will notify users and provide them with a copy of the legal request at that time.

2.5.6 Preservation Requests by Government and Law Enforcement Agencies

It is our policy to notify users and provide them with a copy of any legal requests regarding their account, unless we are prohibited from doing so by a valid court order from a legitimate party as described in section 2.5.1 of this document, as described in the sections below. Our policy of notifying users about requests to preserve their information is meant to protect user privacy and promote transparency, while also avoiding interference with legitimate investigations (see section 2.5.1) of criminal activity.

Preservation requests may only be submitted by government and law enforcement agencies conducting a valid criminal investigation (see section 2.5.1) in which the information sought is relevant. We will preserve records for 90 days in response to a valid request, which the government or law enforcement agency can extend upon request in accordance with section 2.5.1 of this document.

Send your preservation requests to GradhfurPack_Therians@proton.me and mark them as such via the subject line. We are not liable for damages and issues arising from improperly made requests or exercising our policies as described in section 2.5.1 of this document.

2.6 Reporting violations of Terms of Service or Privacy Policy

If you believe that a user, space, or room is violating our Terms of Service or Privacy Policy, please report this information via GradhfurPack_Therians@proton.me while providing as much information as possible, and we will take action as appropriate. Please make sure to mark any reports by including “REPORT” in the subject line. Alternatively, you can also use the built-in user report feature of the Element Matrix client where applicable.

We do not remove content based on disagreements, allegations or breaches of rules related to specific communities. Removal of content will only occur when it breaches our Terms of Service or Privacy Policy. We may refer information about accounts sharing immoral content to the competent authorities (see section 2.5.1 of this document).

2.7 Requests for Takedown of Copyrighted Content

Gradhfur-comms.org complies with properly formatted notices sent in accordance with the Digital Millennium Copyright Act. We take claims of copyright infringement seriously. This section deals with what to do if you believe that any user contributions violate your copyright. It is our policy to terminate the user accounts of repeat infringers.

We will respond to notices of alleged copyright infringement that comply with applicable law. If you believe any materials accessible via the Service infringe your copyright, you may request removal of those materials (or access to them) from the Service by submitting written notification to GradhfurPack_Therians@proton.me while marking your request as such via the subject line. In accordance with the Online Copyright Infringement Liability Limitation Act of the Digital Millennium Copyright Act (17 U.S.C. § 512) ("DMCA"), the written notice (the "DMCA Notice") must include substantially the following:

Your physical or electronic signature.
Identification of the copyrighted work you believe to have been infringed or, if the claim involves multiple works in connection with the Services, a representative list of such works.
Identification of the material you believe to be infringing in a sufficiently precise manner to allow us to locate that material.
Adequate information by which we can contact you (including your name, postal address, telephone number and, if available, email address).
A statement that you have a good faith belief that use of the copyrighted material is not authorised by the copyright owner, its agent or the law.
A statement that the information in the written notice is accurate.
A statement, under penalty of perjury, that you are authorized to act on behalf of the copyright owner.

If you fail to comply with all of the requirements of Section 512(c)(3) of the DMCA, your DMCA Notice may not be effective. Please be aware that if you knowingly materially misrepresent that material or activity on the Website or in connection with the Services is infringing your copyright, you may be held liable for damages (including costs and attorneys' fees) under Section 512(f) of the DMCA.

2.7.1 Counter-notification procedures

If you believe that material you posted on the Website or using the Services was removed or access to it was disabled by mistake or misidentification, you may file a counter-notification with us (a "Counter-Notice") by submitting written notification to GradhfurPack_Therians@proton.me while marking your request as such via the subject line. Pursuant to the DMCA, the Counter-Notice must include substantially the following:

Your physical or electronic signature.
An identification of the material that has been removed or to which access has been disabled and the location at which the material appeared before it was removed or access disabled.
Adequate information by which we can contact you (including your name, postal address, telephone number and, if available, email address).
A statement under penalty of perjury by you that you have a good faith belief that the material identified above was removed or disabled as a result of a mistake or misidentification of the material to be removed or disabled.
A statement that you will consent to the jurisdiction of the Federal District Court for the main judicial district in which the Services may be found) and that you will accept service from the person (or an agent of that person) who provided the Services with the complaint at issue.

The DMCA allows us to restore the removed content if the party filing the original DMCA Notice does not file a court action against you within ten business days of receiving the copy of your Counter-Notice.

Please be aware that if you knowingly materially misrepresent that material or activity on the Website or provided in connection with the Services was removed or disabled by mistake or misidentification, you may be held liable for damages (including costs and attorneys' fees) under Section 512(f) of the DMCA.

2.8 Password handling

We never store password data in plain text; instead they are stored hashed (with at least 4096 rounds of bcrypt, including both a salt and a server-side pepper secret). Passwords sent to the server are encrypted using SSL/TLS.

It is your sole responsibility to keep your user name, password and other sensitive information confidential. Actions taken using your credentials shall be deemed to be actions taken by you, with all consequences including service termination, civil and criminal penalties.

If you become aware of any unauthorised use of your account or any other breach of security, you must notify us immediately by sending an email to GradhfurPack_Therians@proton.me. Suspicious devices can be deleted using the User Settings management tools in a Matrix client, and users should manage good password hygiene (e.g. using a password manager) and change their password if they believe their account is compromised.

If you forget your password (and you have registered an email address) you can use the password reset facility to reset it. It is our policy to not change passwords on your behalf. This is ultimately to protect your privacy and the integrity of your account.

You can manage your account by using a Matrix client such as Element (which the Service is intended for), FluffyChat, Commet, and many others. Click here for a comprehensive list of Matrix clients.

2.9 Accessing or correcting user information

You can access all the information we collect about you by using any compatible Matrix client and managing your User Settings. You can request a download of a copy of all your data as per section 2.1.3. of this document.

2.10 Who can see user messages and files

In unencrypted and encrypted rooms, users connecting to the gradhfur-comms.org homeserver (directly or over federation) will be able to see messages and files according to the access permissions configuration of the relevant room. This data is stored in the format it was received on our servers, and can be viewed by the Gràdhfur Pack leadership and their designated internal personnel under the conditions outlined below.

Rooms have different visibility settings which are determined by the room administrators. The history visibility possibilities are the following, by increasing order of openness (least open first):

JOINED: people need to join the room to see the history, and will only see the messages sent after they joined.
INVITED: people can only see messages sent after they were joined, no history is visible before that point.
SHARED: people need to join the room to see the history, but will then see the history up to when this visibility setting was set (the change is not retroactive).
WORLD_READABLE: everyone can see the room history without even joining the room.

If you share information in a room set to WORLD_READABLE, this might be available to people outside the Matrix ecosystem and indexed by search engines. Please ensure that you double check the settings of each room before you participate and always avoid sharing personal and sensitive data in unencrypted rooms.

In encrypted rooms, the data is stored in our databases within our Architecture, but the encryption keys are stored only on your devices or by yourself. Users can optionally backup an encrypted copy of their keys on the Service to aid recovery if they lose all their keys and devices. This key backup is encrypted by a recovery key that only the user has access to. The Gràdhfur Pack leadership and their designated internal personnel are unable to read your message content in our database. If you lose access to your encryption keys, you lose access to your messages forever.

We use Cloudflare tunnels to transfer all data. End-to-end encrypted messaging data is stored encrypted using AES-256, using message keys generated using the Olm and Megolm cryptographic ratchets. This approach of data transmitting may result in the logging of certain meta data at Cloudflare, but we do not have control over those logs. Cloudflare, as far as we are aware, should be unable to decrypt any end-to-end encrypted messaging data and only has a function for transmitting said data between our Architecture and any user devices.

2.11 Our guidelines when accessing user data

The Gràdhfur Pack leadership manages the hosting and data management of the homeserver on our own Architecture. Thus, it is highly restricted who can access user data. Access is only given to authorised personnel when they require access in order to maintain the health of the Service.

We have technical procedures in place to prevent unauthorised access to user data.

We never share what we see with other users or the general public.

2.12 Who else has access to user data

The Service is intended to be used through the Element Matrix client. As such, any user messages or other data will be handled by said software both in terms of encryption and decryption. Furthermore, the Element Matrix client may hold and process certain account data (e.g. staying logged in between sessions). For details, see Element's Privacy Policy.

Should you opt to use a different Matrix client, please look at their respective Privacy Policy instead in order to understand how the respective client processes and stores your data.

We use Cloudflare to transfer encrypted data, provide real-time information about the user-relevant status of the Service, mask the physical location of our Architecture and personnel, as well as to mitigate the risk of DDoS attacks. For details, see Cloudflare's Privacy Policy.

We utilise Google's reCAPTCHA tool on user account registration in order to safeguard the Service against bots and similar automated attacks. For its function, reCAPTCHA gathers and transmits certain information (IP address, user agent, timezone, behavioural interactions, limited browser history/cookies, hardware specifications, etc) to Google servers for risk assessment.

We use SMTP2GO to provide emailing functionality for our homeserver, for example email verification and password reset request emails. As such, certain information like identifying user account hashes and unique action links will be transmitted through their service. For details, see SMTP2GO's Privacy Policy.

Physical access to our locations use typical physical access restrictions.

We use secure private keys when accessing our Architecture via SSH, and protect our AWS console passwords locally.

We log application data (username, user IP, and user agent). We keep logs for no longer than 180 days.

2.14 Selling of Service or leadership change

There are no plans to sell gradhfur-comms.com or the Service as described in our Terms of Service and our Privacy Policy. In the event that old hardware should be replaced and sold on as second hand or otherwise repurposed, we will pay close attention to scrub any and all data from said hardware beforehand.

Should the leadership of the Gràdhfur Pack change through official means sanctioned by the previous leadership, then any and all data, assets, rights, and responsibilities regarding the Architecture and the Service will be transferred to the new leadership.

2.15 Protection of user data from other users

All of our users' data for the Service currently resides in the same database cluster which is due to the nature of our Service. We use software best practices to guarantee that only people who you designate as viewers of your data can access it. In other words, we segment our user data via software. We do our best and are very confident we're doing a good job at it, but, like every other service that hosts their user data on the same database, we cannot guarantee that it is immune to a sophisticated attack.

2.16 Regular data erasure

As already explained in section 2.10 of our Terms of Service, we will exercise periodic deletion of a selection of oldest messages as well as any purposeless oldest data. The reason for this are digital storage constraints of our Architecture. Such deletions will happen automatically without prior notice or liability to the users of the Service and at our sole discretion. Should a user request us to retain specific messages or data scheduled for erasure, we are not obligated to oblige.

For media files specifically, we automatically clear out locally stored media (e.g. images and videos sent directly via chat) every 6 months, and cached remote media (e.g. GIF links) every 3 months.

2.17 Finding security vulnerabilities in the Service

If you have discovered a security concern, please immediately and urgently email us at GradhfurPack_Therians@proton.me while prefacing your subject line with the term "SECURITY VULNERABILITY". We'll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. We consider such correspondence sent to us our highest priority, and work to address any issues that arise as quickly as possible.

Please act in good faith towards our users' privacy and data during your disclosure. White hat security researchers are always appreciated.

3. Making a complaint

3.1 Making a complaint

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention at GradhfurPack_Therians@proton.me if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

4. Our stances

4.1 Liability for content hosted on gradhfur-comms.org

We do not control or endorse the materials or message content found in any rooms or communities. To the maximum extent permitted by law, gradhfur-comms.org will have no liability related to user materials arising under intellectual property rights, libel, privacy, publicity, obscenity or other laws. Gradhfur-comms.org also disclaims all liability with respect to the misuse, loss, modification or unavailability of any user messages or files. For more details, please refer to sections 5 and 7 of our Terms of Service.

4.2 On back doors and encryption

We are strong advocates for encryption as a tool to support everyone’s right to privacy. Gradhfur-comms.org will never support encryption backdoors and will only share information which is requested following the above guidelines.

However, please note that we cannot guarantee complete safety from criminal and/or immoral decryption of transmitted or saved data by third parties, as detailed in section 5 of our Terms of Service.

5. Warranties and Disclaimers

5.1 Governing law and Jurisdiction

This Privacy Policy and any dispute (including non-contractual disputes) arising out of them or their subject matter shall only ever be governed by the laws and be under the jurisdiction of a competent court as described in section 2.5.1 of this document. This Privacy Policy shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods.

5.2 Legal disputes

The gradhfur-comms.org homeserver and the Service it provides operate predominantly within Germany, are owned privately by a natural person, and are intended as a non-profit and non-commercial means of communication between a select group of friends, with an overall low user count somewhere in the double digits.

With this context and adding to the warranties and disclaimers described in section 7 of our Terms of Service, this Privacy Policy and any dispute (including non-contractual disputes) arising out of them or their subject matter shall be settled out of court due to the aforementioned small and casual nature of the Gràdhfur Pack and this Service. Be informed that if you do bring any such dispute to a court of law, we will only consider and accept the laws and decisions of legitimate authorities as described in section 2.5.1 of this document.
Unless contrary to the law where you reside, this Privacy Policy and all disputes (including non-contractual disputes) arising out of them or their subject matter are to be settled out of court or shall only ever be governed by the laws and authority of a competent court as described in section 2.5.1 of this document, and you expressly consent to and confine yourself to this approach in connection with any such dispute by using this Service.

To settle such matters, please urgently contact GradhfurPack_Therians@proton.me and we are sure we can find a solution everyone agrees with. Should you still disagree with certain aspects of this Privacy Policy, then you are barred from using our Service and you are to refrain from accessing content federated from this homeserver.

You may also be subject to additional privacy policies that may apply when you use other Matrix services, third party content or third party software. If for any reason a legitimate court of competent jurisdiction (see disqualifying factors in section 2.5.1) finds any provision of the Privacy Policy, or any portion thereof, to be unenforceable or insufficient, that provision shall be enforced to the maximum extent permissible so as to effect the intent of the parties as reflected by that provision, and the remainder of the Privacy Policy shall continue in full force and effect. Any failure by the Gràdhfur Pack leadership to enforce or exercise any provision of the Privacy Policy or related right shall not constitute a waiver of that right or provision. The section titles used in the Privacy Policy are purely for convenience and carry with them no legal or contractual effect.

5.3 Finding legal vulnerabilities or errors within the document

Knowledgable law enthusiasts and experts who act in good faith are always appreciated.

6. Attribution & Acknowledgements

6.1 Attribution & Acknowledgements

This Privacy Policy is based on the Matrix.org Foundation Privacy Policy, the Law Enforcement Guidelines, the Matrix.org Homeserver Terms, and the Matrix.org Copyright Notice by the Matrix.org Foundation, but with modifications in regards to our ethics, morals, use cases, formatting, wording, organisation of the Service and our Architecture, safety and security measures regarding our users, our partners, and ourselves, and our abilities and perceived responsibilities as a small non-profit privately owned network with very tight and controlled individual access through member applications from the public.

7. Document History

7.1 Document History

1.0.0 - first version of document - June 2026

--> return to Tutorial <--

🔝to Beginning

⤖ The Gràdhfur Pack ⬻

Terms of Service & Privacy Policy

⤖ Our contacts ⬻

Interact with us! :3