Privacy Policy

How do we protect your information?

  • While the administrator (I, Ashley Hull) have the ability to access the database and read your personal/private data (Direct Messages) — I never will and will act to secure your data to the best of the my ability! Consider not using this service for anything risky.
  • We implement a variety of security measures to maintain the safety of your personal information. Services will be maintained/updated as frequently as possible. Encryption is used on all traffic between yourself and the Server/API. Your password is hashed using a strong one-way algorithm, and you may enable two-factor authentication to further secure access to your account.
  • Migration: You can request and download an archive of your content, including your posts, media attachments, profile picture, and header image.
  • Deletion: You may irreversibly delete your account at any time.
  • Warrant canary: Coming soon?

What do we use your information for?

  • To provide the core functionality of Mastodon. You can only interact with other people's content and post your own content when you are logged in. For example, you may follow other people to view their combined posts in your own personalized home timeline.
  • To aid moderation of the community, for example comparing your IP address with other known ones to determine ban evasion or other violations.
  • The email address you provide may be used to send you information, notifications about other people interacting with your content or sending you messages, and to respond to inquiries, and/or other requests or questions.

What information do we collect?

  • Basic account information: If you register on this server, you will be asked to enter a username, an e-mail address and a password. You may also enter additional profile information such as a display name and biography, and upload a profile picture and header image.
  • Posts, following, and other public information: The list of people you follow is listed publicly, the same is true for your followers. When you submit a message, the date and time is stored as well as the application you submitted the message from. Your posts are delivered to your followers, in some cases it means they are delivered to different servers and copies are stored there.
  • Direct and followers-only posts: All posts are stored and processed on the server. Followers-only posts are delivered to your followers and users who are mentioned in them, and direct posts are delivered only to users mentioned in them. We make a good faith effort to limit the access to those posts only to authorized persons, but other servers may fail to do so. Do not share any dangerous information over Mastodon.
  • IPs and other metadata: When you log in, we record the IP address you log in from, as well as the name of your browser application. All the logged in sessions are available for your review and revocation in the settings. The latest IP address used is stored for up to 12 months.
  • Backups: We take regular backups of the system to safeguard against accidental data loss, which necessarily requires keeping copies of whatever was in the system at the time. Backups are retained on encrypted storage. We try to limit the data that makes it onto the backups to only that data required to successfully restore the service.
  • Cookies: We use them. These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account. We use cookies to understand and save your preferences for future visits.

What is our data retention policy?

  • We will make a good faith effort to secure and limit the data retained on this server. We generally don't keep logs and any logs retained on this server (which are not required to operate the service) will not be held for longer than 30 days.
  • The Mastodon services and database stores information for functionality and authentication out of my control.

Do we disclose any information to outside parties?

  • We do not sell, trade, or otherwise transfer anything to outside parties outside of the scope of Mastodon core functionality, the ActivityPub protocol, and other obvious features of this service. As such, your public content may be downloaded by other servers in the network. Your public, followers-only, and direct messages may be directed at recipients registered on another instance and as such, these messages will be delivered to servers outside of my control.


  • The internet is a wild place. I'll try not to get hacked. Please no hacky.

Welcome to thundertoot! A Mastodon Instance for 'straya