Privacy Policy (2024-01-01)

History of this privacy policy can be viewed: Codeberg, GitHub, GitLab

What data we (Divested Computing Group) collect

  • Website
    • What is received: Cookies (none currently), Page Visited, Referring Page, User Agent, and IP Address
    • How often: On every page visit
    • Why it is received: Used to serve the web pages to users
    • When it will be deleted: Web server logs are kept for no longer than two weeks
    • What else will it be used for: Nothing else
    • How to anonymize: Visit the site using the Tor Browser
    • Example: [IP Address] - - [Timestamp] "GET /pages/privacy_policy HTTP/2.0" 200 3441 "-" "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
  • Operating System
    • The operating system does not contain any analytics and any requests are used only for supporting it
  • OS: Connectivity Checks
    • What is received: Static User Agent, IP Address
    • How often: On every Wi-Fi and cell connection
    • Why it is received: Used to determine if there is a working connection and if there is a captive portal
    • When it will be deleted: All requests to generate_204 are never logged
    • What else will it be used for: Nothing else
    • How to disable: Toggle in settings app (noted below) or $ adb shell settings put global captive_portal_mode 0;
    • Settings can be accessed via:
      • 14.1/15.1: Settings > Network > Data usage > Disable Captive Portal
      • 16.0/17.1: Settings > Network & Internet > Advanced > Captive portal mode
      • 18.1/19.1/20.0: Settings > Network & Internet > Advanced > Internet connectivity check
  • OS: Updater
    • What is received: Device Model, Incremental Build ID, Default User Agent, IP Address
    • How often: On every boot and also once per week (note: 14.1 only is daily)
    • Why it is received: Used to serve system updates
    • When it will be deleted: Web server logs are kept for no longer than two weeks
    • What else will it be used for: Will be occasionally used to determine how many users we have and what percent are up-to-date or not
    • How to anonymize: Install Orbot and enable 'Perform requests over Tor'
    • How to disable: Disable 'Auto updates check'
    • Settings can be accessed via:
      • 9+: Settings > System > Advanced > DivestOS updates > 3dot > Preferences
      • <9: Settings > About > DivestOS updates > 3dot > Preferences
    • Example: [IP Address] - - [Timestamp] "GET /updater.php?base=LineageOS&device=mata&inc=engemy20210814031730 HTTP/1.1" 200 276 "-" "Dalvik/2.1.0 (Linux; U; Android 11; PH-1 Build/RQ3A.210805.001.A1)"
  • OS: DivestOS F-Droid Repos
    • What is received: Repo Index Requests/App APK Requests/App Icon Requests, F-Droid Version, IP Address
    • How often: Once per day
    • Why it is received: Used to serve apps and their updates
    • When it will be deleted: Web server logs are kept for no longer than two weeks
    • What else will it be used for: Nothing else
    • How to anonymize: Install Orbot and enable 'Use Tor' in F-Droid > Settings
    • How to reduce: Decrease the 'Automatic update interval' in F-Droid > Settings
    • How to disable: Disable the 'DivestOS' repos in F-Droid > Settings > Repositories
    • Example: [IP Address] - - [Timestamp] "HEAD /fdroid/official/index-v1.jar HTTP/1.1" 200 - "-" "F-Droid 1.13.1"
  • App: Hypatia
    • What is received: Signature Database Requests, IP Address
    • How often: Manually
    • Why it is received: Used to serve signature databases
    • When it will be deleted: Web server logs are kept for no longer than two weeks
    • What else will it be used for: Nothing else
    • How to anonymize: Install Orbot and enable 'Download over Tor'
    • Example: [IP Address] - - [Timestamp] "GET /MalwareScannerSignatures/hypatia-sha1-bloom.bin HTTP/1.1" 304 - "-" "Hypatia"
  • Chat rooms (MUC) available on xmpp:konvers.me
    • What is received: JID, nickname, avatar, messages you send, your server IP address, your client IP address only if fetching an HTTP uploaded image
    • How often: When you join and are connected to a room
    • Why it is received: Used to provide the chat service to you
    • When it will be deleted: Messages are not deleted per default MAM policy, but are pruned after backups. Access logs are deleted weekly. IP addresses are not stored in the access logs.
    • What else will it be used for: Nothing else
    • How to anonymize: Use a throwaway JID and nickname. Route your XMPP client over Tor.

What data third parties collect

Third parties are used to support basic functions along with features and apps.

  • Website Payments
    • Who: Stripe
    • What they receive: Name, Bank Card, E-Mail Address, User Agent, Browser Fingerprint, IP Address, Location from Geo-IP
    • What we receive: Name, Bank Name, E-Mail Address, User Agent, Location from Geo-IP
    • How often: When you donate
    • Why they receive: Used to process the payment
    • What else will we use it for: Nothing else
    • How to anonymize: Use a fake name, debit gift card, disposable e-mail address, and connect via a computer at your local library
    • How to disable: Requests to Stripe's servers will not occur until you attempt to donate
    • Privacy Policy: Stripe Privacy Policy
  • OS: Connectivity Checks
    • Who: Google
    • Description: Used to determine if there is a working connection and if there is a captive portal
    • What they receive: Static User Agent, IP Address
    • How often: On every Wi-Fi and cell connection
    • How to disable: Toggle in settings app (noted below) or $ adb shell settings put global captive_portal_mode 0;
    • Settings can be accessed via:
      • 14.1/15.1: Settings > Network > Data usage > Disable Captive Portal
      • 16.0/17.1: Settings > Network & Internet > Advanced > Captive portal mode
      • 18.1/19.1/20.0: Settings > Network & Internet > Advanced > Internet connectivity check
    • Privacy Policy: Google Privacy Policy
  • OS: Network Time Protocol
    • Who: pool.ntp.org volunteers
    • Description: Used to set an accurate (clock) time
    • What they receive: IP Address
    • How often: On every boot
    • Privacy Policy: unavailable
  • OS: Fallback Domain Name System Lookups
    • Who: Quad9
    • Description: Used to translate domain names into IP addresses to establish network connections, only when no other DNS was advertised by the network
    • What they receive: DNS requests, IP Address
    • How often: Every network request to a non-cached and non-expired domain
    • Privacy Policy: Quad9 Privacy Policy
  • OS: F-Droid Official Repo
    • Who: F-Droid
    • What they receive: Repo Index Requests/App APK Requests/App Icon Requests, F-Droid Version, IP Address
    • How often: Once per day
    • Why they receive: Used to serve apps and their updates
    • How to anonymize: Install Orbot and enable 'Use Tor' in F-Droid > Settings
    • How to reduce: Decrease the 'Automatic update interval' in F-Droid > Settings
    • How to disable: Disable the 'F-Droid' repos in F-Droid > Settings > Repositories
    • Privacy Policy: F-Droid Security Information
2024 Fundraiser
Donate Now