Last Updated: December 18, 2023
Privacy is important, and we want you to understand the issues involved. We've chosen to use plain English as much as possible to make our terms clear. Some sections still have room for improvement - we plan to tackle these over time.
Where you read 'Daz' it refers to all services made available at https://dazsuper.com for:
Where you read 'homeserver', 'homeservers' or 'the Homeserver', it refers to the services configured within Daz which store the user account and personal conversation history, provide additional functionality such as bots and bridges, and (where enabled by the Customer) communicate via the open Pareza Limited decentralized communication protocol with the public Pareza Limited Network.
When you read 'the Service' in this document, it refers to the Daz chat app instances exposed on https://dazsuper.com (or subdomains) by Pareza Limited.
Where you read 'Daz' or 'we' or 'us' below, it refers to Daz, a trading name of Pareza Limited.
Daz is the Data Controller for your data. We can be contacted as per the details below:
Email: info@daz.im
Postal address:
Daz Pay
7 Bell Yard, London, England, WC2A 2JR
Should you have other questions or concerns about this document, please send us an email at info@daz.im
This document explains how we process personal data, as it relates to:
This document is designed to explain Data Protection issues relating to Daz Customers and Users. Put simply, you're a Customer if you're paying (or otherwise compensating) Daz to provide a dedicated hosted messaging service. If you have an account registered on a homeserver that you use to send and receive messages, or use the Daz chat app to connect any server within the SCPT Protocol, you are a User.
It is possible to be both a Customer and a User, but we encourage you to consider these roles separately when thinking about Data Protection concerns.
Over time, we may make changes to this document. If we make a material change, we will provide the Customer with reasonable notice prior to the change. We will set forth the date upon which the changes will become effective; any use of Daz by the Customer, or any use of a hosted homeserver from SCPT by a User will constitute the Customer's acceptance of these changes.
Your access and use of Daz are always subject to the most current version of this document.
Daz has different legal basis for processing, based on which product you are using:
The Customer can use Daz to provision and manage hosted homeservers. The Customer owns and controls all messages and files submitted to their homeserver by User accounts registered natively on their homeserver. This ownership does not extend to messages and files submitted over federation or bridging.
This means that, in addition to the usual data access controls defined by the SCPT, all unencrypted messages and files can be accessed by the Customer, and that access is retained even if no User account within the system retains access to the data.
You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. Some of these rights are explored in more detail elsewhere in this document. For completeness, your rights under GDPR are:
For more information about these rights, please see the guidance provided by the ICO. If you have any questions or are unsure how to exercise your rights, please contact us at info@daz.im
The information we collect is for the purpose of supporting your management of hosted homeservers through Daz Services, or to support operational maintenance of the Daz client. We do not profile homeserver Users or their data, but we might profile metadata pertaining to the configuration and management of hosted homeservers so that we can improve our products and services.
We collect information about you when you input it to the Daz or SCPT Services apps or otherwise provide it directly to us.
We collect information when you register for an account. This information is kept to a minimum on purpose, and is restricted to:
Your authentication identifier is used to authenticate your access to Daz at https://dazsuper.com and to uniquely identify you.
You will be given the choice to set up 2-Factor Authentication to secure your account. For 2FA over SMS, we will require your phone number. This information will be shared with a SMS service provider.
When setting up an Daz Home account via the setup wizard, we will temporarily access your account data, in order to migrate your existing Daz account to your new Daz Home account. This includes:
The setup wizard will also request your OpenID and access token, in order to retrieve your name and verified phone number and/or email address. This information will be temporarily sent to our backend, but will not be retained following your setup completion.
We log the IP addresses of everyone who accesses Daz. This data is used in order to mitigate abuse, debug operational issues, and monitor traffic patterns. Our logs are kept for:
We track usage data for Daz hosting services. When you are signed in to your account we may track your usage of the site and associate that information with your account details. This data helps us understand how our users are using the application so that we can make improvements to the Service.
If you are using the Daz chat app, you will be asked to opt-in to this anonymised data collection. Your use of the Service does not rely on your opt-in to this. When using any of the Daz chat clients after opt-in, your visit to the service will be logged, alongside your device ID and agent. This allows us to understand usage patterns based on each platform. The mapping of this data is logged for 28 days - from this point on only aggregated data is kept, for operational and statistical purposes. For further details on our collection and usage of analytics data, please see our Cookie Policy.
When reporting errors we might collect some information to help us find a solution. This may include your IP address, hostname, full name and email address. This information is collected in the application monitoring platform Sentry and is subject to strict retention policies.
We may collect location data on you, if you choose to use the static or live location sharing features within the Daz app. This includes your longitude, altitude and latitude data in order to accurately calculate your precise location.
Location data is held within the group in which it is shared, so it will be encrypted in encrypted rooms and not encrypted in rooms where encryption is switched off. You will be shown a disclaimer during your first time using this feature, but please apply caution and consideration when sharing your personal data within the app.
The Daz clients use the third-party service MapTiler to provide the images used to display maps.
In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to:
We never store password data in plain text; instead they are stored hashed (with at least 12 rounds of bcrypt, including both a salt and a server-side pepper secret). Passwords sent to the server are encrypted using SSL.
It is your sole responsibility to keep your user name, password and other sensitive information confidential. Actions taken using your credentials shall be deemed to be actions taken by you, with all consequences including service termination, civil and criminal penalties.
If you become aware of any unauthorised use of your account or any other breach of security, you must notify Daz immediately by sending an email to info@daz.im. Users should manage good password hygiene (e.g. using a password manager) and change their password if they believe their account is compromised.
If you forget your password (and you have registered an email address) you can use the password reset facility to reset it.
We never knowingly collect or maintain information in Daz, through any of the Services provided, from those we know are under 16, and no part of Daz is structured to attract anyone under 16. If you are under 16, please do not use the Service.
If you are a user of the Daz chat app you can request a copy of your data by emailing info@daz.im. We are working on a solution which will allow you to download the data automatically.
We host the Daz Services on Amazon Web Services (AWS), specifically:
Amazon employees may have access to some of this data. Here's Amazon's privacy policy. Amazon controls physical access to their locations.
All of the Daz user data resides within the same dedicated cluster. We use software best practices to guarantee that only the Customer can access it. In other words, we segment User data via software. We do our best and are very confident we're doing a good job at it, but, like every other service that hosts User data on the same database, we cannot guarantee that it is immune to a sophisticated attack.
If you have discovered a security concern, please email us at security@dazsuper.com. We'll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. Information security is our highest priority, and we work to address any issues that arise as quickly as possible.
Please act in good faith towards our users' privacy and data during your disclosure. White hat security researchers are always appreciated.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention at info@daz.im if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you want to make a complaint about the way we have processed your personal information to the supervisory authority, you can contact the ICO (the statutory body which oversees data protection law) at https://www.ico.org.uk/concerns.