01 Introduction
This Privacy Policy explains what personal data ArcaneNeko collects, why we collect it, and how we use it. We've written this in plain English, no dense legal walls of text. If something isn't clear, please get in touch.
We are based in the United Kingdom and our services are available globally. We operate in compliance with the UK GDPR and, where applicable, the EU GDPR. Both laws give you strong rights over your personal data, which are explained in the Your Rights section.
Our approach
We believe in collecting as little data as possible and being transparent about what we do collect. We don't sell your data, we don't run ads, and we never will.
At a glance
We keep collection minimal
We collect only what we need to run the service, secure it, and support your account.
We do not sell data
No ads, no data selling, and no marketing trackers across the services described here.
Different services collect different things
The main site logs basic server data, while accounts and hosted content only exist on the services that need them.
DMs are different
Neovoxis direct messages are end-to-end encrypted, so ArcaneNeko cannot read their content.
You have rights
You can ask for access, correction, deletion, or restriction depending on the law that applies to you.
Questions are easy to route
Use the contact options near the end of the page for privacy, support, abuse, or security concerns.
What each service collects
Main website & Arcane Status
Basic server logs like IP address, browser details, pages visited, timestamps, and referrers. No accounts. No analytics scripts.
Git hosting
Account details, repository content, SSH/GPG keys if you add them, and security logs needed to run the service.
Neovoxis
Account details, server content, media, and security logs. Direct messages are end-to-end encrypted and not readable by ArcaneNeko.
02 Who We Are
The data controller for all ArcaneNeko services is ArcaneNeko, a software team based in the United Kingdom.
If you have any privacy-related questions or requests, contact us at: legal@arcaneneko.com
Services covered by this policy
- arcaneneko.com - our main website
- git.arcaneneko.com - our Gitea-powered git hosting service
- Arcane Status - our open source status page software and hosted instance
- neovoxis.com - our chat and community platform
03 Main Website & Arcane Status
When you visit arcaneneko.com or the Arcane Status instance at status.arcaneneko.com, we collect only the data that any web server automatically logs. There are no user accounts, no marketing tracking, and no third-party analytics scripts.
What we collect
| Data | Why | Legal basis |
|---|---|---|
| IP address | Security, abuse prevention, diagnosing server errors | Legitimate interests |
| Browser type & version | Ensuring the site works correctly across browsers | Legitimate interests |
| Operating system | Compatibility testing and debugging | Legitimate interests |
| Pages visited & timestamps | Understanding usage, debugging errors | Legitimate interests |
| Referring URL | Understanding where visitors come from | Legitimate interests |
This data is held in standard server access logs and is not linked to any personal account. It is typically retained for up to 30 days and then deleted.
Note on Arcane Status software
Arcane Status is open source software distributed under the MIT License. When you self-host it, you become the data controller for your own instance. This policy only applies to our hosted instance at status.arcaneneko.com.
04 Git Hosting (git.arcaneneko.com)
Our git hosting service is powered by Gitea and allows anyone to create a free account to host repositories, file issues, and collaborate on code.
What we collect
| Data | Why | Legal basis |
|---|---|---|
| Username | Identifies your account and is shown publicly | Contractual necessity |
| Email address | Account login, password resets, git commit attribution | Contractual necessity |
| Display name | Shown on your profile and contributions | Contractual necessity |
| Password (hashed) | Account authentication. We never store your plain password, only a secure one-way hash (bcrypt). | Contractual necessity |
| SSH / GPG keys | Secure access to repositories (only if you add them) | Contractual necessity |
| Repository content | Storing and serving your code, issues, and comments | Contractual necessity |
| IP address & server logs | Security, abuse prevention, debugging | Legitimate interests |
Public vs private repositories
Content in public repositories (code, commits, issues, comments) is visible to anyone. If you want your code to remain private, use a private repository. Please be mindful about what information you include in commits, as commit history is permanent and public once pushed to a public repo.
Account deletion
You can delete your account at any time through your account settings. Your account data is deleted within 30 days. Note that commits attributed to your email in other users' repositories may remain, as removing them would alter repository history.
05 Neovoxis (neovoxis.com)
Neovoxis is our chat and community platform, currently in early preview. We've designed it with privacy in mind, particularly for private conversations.
What we collect
| Data | Why | Legal basis |
|---|---|---|
| Username | Identifies you on the platform | Contractual necessity |
| Email address | Account creation, login, and password resets | Contractual necessity |
| Password (hashed) | Account authentication. Stored as a secure hash only. | Contractual necessity |
| Server messages & content | Delivering messages to other users; stored encrypted at rest | Contractual necessity |
| Direct messages (DMs) | Private conversations between users. End-to-end encrypted, we cannot read these. | Contractual necessity |
| Media & file uploads | Serving uploaded files to recipients; stored encrypted at rest | Contractual necessity |
| IP address | Security, abuse prevention, rate limiting | Legitimate interests |
| Device & browser information | Understanding what platforms our users are on, so we can prioritise compatibility and development | Legitimate interests |
End-to-end encrypted direct messages
Direct Messages (DMs) on Neovoxis are end-to-end encrypted. This means only you and the person you're messaging can read them. ArcaneNeko cannot access the content of your DMs, not now, not ever. Even if we were compelled by law, we would be technically unable to hand over DM content.
Server messages & media
Messages sent in servers (channels) and all uploaded media are encrypted at rest on our servers. Unlike DMs, these are not end-to-end encrypted, we hold the encryption keys, which are needed to deliver messages to all members. This is consistent with how similar platforms work.
Future data collection
Neovoxis is actively being developed. We may collect additional data in the future as new features are added. We will always update this Privacy Policy and notify users before doing so. Our commitment is to collect only what is genuinely necessary for the service.
Account deletion
You can request account deletion at any time. Your account, profile data, and server messages will be deleted within 30 days. Due to the nature of E2EE, your DM cryptographic keys are deleted, rendering encrypted DM content permanently inaccessible.
06 Encryption & Security
We take the security of your data seriously. Here's a summary of our encryption approach:
| Service | Encryption |
|---|---|
| All services | HTTPS (TLS) in transit for all web traffic |
| Passwords | Never stored in plain text, hashed using bcrypt |
| Neovoxis DMs | End-to-end encrypted. We cannot read them. |
| Neovoxis server messages | Encrypted at rest on our servers |
| Media & file uploads | Encrypted at rest on our servers |
Despite our best efforts, no system is 100% secure. If you discover a security vulnerability, please contact us responsibly at security@arcaneneko.com before disclosing it publicly.
07 Data Sharing
We do not sell, rent, or trade your personal data. We do not share it with third parties for advertising or marketing purposes.
When we may share data
- Legal obligations: If we receive a lawful request from UK or EU law enforcement authorities (e.g. a court order or warrant), we may be required to disclose certain data. We will challenge any requests we believe to be unlawful or disproportionate. Note that for DMs, we cannot comply even if compelled, as we don't hold the keys.
- Service providers: We may use third-party services to help run our infrastructure (e.g. hosting providers). These providers act as data processors under contract and are only permitted to use your data to provide the service to us.
- Your own actions: Content you post publicly (e.g. in public git repositories or public Neovoxis servers) is visible to anyone by design.
08 Data Retention
We keep your data only for as long as it's needed:
| Data type | How long we keep it |
|---|---|
| Server access logs | Up to 30 days |
| Git account data | Until you delete your account, then within 30 days |
| Neovoxis account data | Until you delete your account, then within 30 days |
| Neovoxis messages & media | Until deleted by you or upon account deletion (within 30 days) |
| Backup copies | May persist in encrypted backups for up to 90 days after deletion |
09 Cookies
We use cookies and similar browser storage (localStorage) only where strictly necessary:
- Session cookies: Used by our git and Neovoxis services to keep you logged in. These expire when you log out or close your browser.
- Theme preference: We store your chosen colour theme (crimson/dark/light) in your browser's
localStorage. This never leaves your device.
We do not use advertising cookies, third-party tracking cookies, or analytics cookies. No cookie consent banner is needed for strictly necessary cookies under UK/EU law.
10 Your Rights
Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data. To exercise any of them, email us at legal@arcaneneko.com. We will respond within 30 days.
| Right | What it means |
|---|---|
| Right of access | You can request a copy of the personal data we hold about you. |
| Right to rectification | You can ask us to correct inaccurate data. You can also update most data directly in your account settings. |
| Right to erasure | Also known as the "right to be forgotten." You can ask us to delete your personal data. Some data may need to be retained for legal or security reasons. |
| Right to restrict processing | You can ask us to pause processing your data in certain circumstances. |
| Right to data portability | You can request your data in a structured, machine-readable format. |
| Right to object | You can object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds. |
| Rights re: automated decisions | We do not make any automated decisions about you that have legal or significant effects. |
11 International Data Transfers
ArcaneNeko is based in the United Kingdom. If you access our services from outside the UK, your data may be transferred to and processed in the UK.
The European Commission has recognised the UK as providing an adequate level of data protection under GDPR. This means transfers from the EU/EEA to the UK are permitted without additional safeguards.
We do not routinely transfer data outside the UK or EU/EEA. If this changes, we will update this policy and ensure appropriate safeguards are in place.
12 Contact & Complaints
Access, correction, deletion, or privacy questions.
Security reportsecurity@arcaneneko.comResponsible disclosure or account compromise issues.
Account supportsupport@arcaneneko.comHelp with using the service or deleting your account.
For any privacy-related questions, requests, or concerns, please contact us:
- Email: legal@arcaneneko.com
Right to lodge a complaint
If you're based in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
If you're based in the EU/EEA, you can also contact your local national data protection authority. A list of authorities is available at edpb.europa.eu.
We'd always prefer to resolve any issue directly with you first, please reach out before filing a formal complaint.
13 Changes to this Policy
We may update this Privacy Policy from time to time, for example when we add new features to our services. When we make significant changes, we will:
- Post the updated policy on this page with a new "last updated" date
- Notify registered users of Neovoxis and our git service via email or an in-app notice
Continuing to use our services after changes take effect means you accept the updated policy. If you disagree with changes, you can delete your account before they take effect.