Privacy Policy

In General

If any user data is collected, the data is ONLY used to provide the services.
No data is ever shared with a third-party. No personal data is recorded and processed.

Cookies

In general, there are no tracking-cookies in place. Neither do I want to be tracked, nor do I want to track you. Services provided on this domain won’t utilize ANY site-analytics, usage-analytics (like Plausible, Google Adsense, Matomo, etc.).

• blog.rtrace.io (Blog, Hexo) does NOT utilize cookies
• live.rtrace.io (Owncast) does NOT utilize cookies
• speedtest.rtrace.io (Librespeed) does NOT utilize cookies
• reddit.rtrace.io (Libreddit) does NOT utilize cookies, except (optional) user-configuration
• lws.rtrace.io (LiberaWebStore) does NOT utilize cookies
• static.rtrace.io (Static File Server) does NOT utilize cookies
• searx.rtrace.io (Searx metasearch enging) does NOT utilize cookies, except (optional) user-configuration
• send.rtrace.io (Send, Filesharing Service) does NOT utilize cookies
• bibliogram.rtrace.io (privacy friendly Instagram frontend) does NOT utilize cookies
• vikunja.rtrace.io (a F(L)OSS task manager/organizer) does utilize Cookies for Session Management
• status.rtrace.io (Status Monitor) does NOT utilize cookies

Logs

Each site-request (targeting *.rtrace.io and rtrace.io) is logged. The following information will be stored for a max. of 4 weeks, then will be deleted permanently.

• Time of request: a simple UNIX timestamp representing the time of request
• User-Agent: taken from the Requests HTTP-Header
• IP-Address: the remote IP address of the client that is connecting
• Requested Site: the site on *.rtrace.io or rtrace.io that has been requested

These logs exclusively serve to protect from attacks (like DoS) against servers and infrastructure of rtrace.io. None of this information will be processed nor used for any analytic purposes. Logs will be retained for a max. period of 4 weeks on the servers serving *.rtrace.io and rtrace.io. No third-party does and will ever have access to these logs.

Site Embeds

Blog posts, articles and pages on blog.rtrace.io might embed so called iframe to other services and websites. In general, I try to only link to privacy friendly services.

Invidious

Invidious is a privacy-friendly alternative frontend for YouTube. To prevent you being tracked by Google when visiting *.rtrace.io, all Video-embeds are served through Invidious. The following instance(s) are randomly utilized for embedding.

• yt.mstdn.social - read the Privacy Policy here
• invidious.namazso.eu - read the Privacy Policy here
• yt.artemislena.eu - read the Privacy Policy here

Owncast

Owncast is a privacy-friendly live-streaming site as alternative to Twitch.

Soundcloud

Soundcloud is an audio-streaming service (just like Spotify). blog.rtrace.io uses Soundcloud embeds on certain pages. Embeds will store cookies. Please follow Soundclouds Privacy Policy for more details. (Please note, that I’m working on replacing Soundcloud with a self-hosted more privacy-friendly solution).

Further transparency

Hosting

All services provided on rtrace.io and *.rtrace.io are hosted on Virtual Private Servers (VPS) at Netcup (subsidiary company of Anexia GmbH). Servers are in Frankfurt, Germany. Servers are running the latest version of Fedora Server and are patched ~2 times a week (on average). Disks are LUKS encrypted and require LUKS password on boot. All services provided are served through nginx acting as reverse-proxy/load-balancer that also terminates TLS (HTTPS). Servers behind the reverse-proxy are interconnected through Wireguard for secure communication - so none of your traffic (even if previously TLS-terminated) will ever be transferred over the network in plain-text. TLS Certificates are provided by Let’s Encrypt. TLS configuration explicitly only allows TLSv1.3 with the strongest available cipher-suites. HTTP Security Headers are applied where possible and useful.

Read the Netcup Privacy Policy (German)

Personal Commitment

I personally hate it to be tracked online, and that’s why I won’t track you either (and try my best to prevent third parties from tracking you as well). It’s that easy and that’s my promise. I want all services provided at rtrace.io and all of its subdomains to be as privacy friendly as possible. If you have any additions, constructive feedback, hints to improve or wishes - feel free to contact me at any time. As it is with security - at the end of the day everything boils down to trust. It’s very hard to trust service-providers and that effectively boils down to the fact that you can’t and shouldn’t trust me - zero-trust is the best trust after all).

Nonetheless, if you want to verify that the things I’ve written here are true, please get in touch with me. We can arrange a Jitsi call, and I’ll happily show you how things are hosted and configured here at rtrace.io - come on, let’s go for a SSH safari.