Privacy Policy

Last Updated On 21-June-2024

1. Introduction
This Privacy Policy describes the policies of EVERCASH DOO BEOGRAD (a company registered in Republic of Serbia, Business Registration Number 113521284, with registered office at ul. Kralja Petra br. 18/27, 11000 Beograd, hello@chums.chat) on the collection, use and disclosure of your information that we collect when you use Chums. chat software (the "application") to connect to any server that implements the Matrix Protocol. By accessing or using the application, you are consenting to the collection, use and disclosure of your information in accordance with this Privacy Policy. If you do not consent to the same, please do not access or use the application.

2. Changes to This Document
Over time we may make changes to this document. If we make a material change we will provide users with reasonable notice prior to the change. We will set forth the date upon which the changes will become effective; any use of application by the user will constitute the user’s acceptance of these changes.
Your access and use of application is always subject to the most current version of this document.

3. Information We Collect
We collect information when you register for an account, and we are the manager of your homeserver. This information is kept to a minimum on purpose, and is restricted to:
  • Server (homeserver).
  • Username.
  • Password.
  • Name.
  • Photo (avatar).
We log the IP addresses of everyone who accesses the homeserver under our management. This data is used to prevent abuse, debug operational issues, and monitor traffic. Our logs are kept for 180 days.
When an error occurs in the application, we may collect some information to help us find a solution. This may include your IP address, hostname (homeserver), and anonymous identification information. This information is collected on the application monitoring platform Sentry and is subject to strict data retention policies.

4. How do you handle passwords?
We never store password data in plain text; instead they are stored hashed (with at least 12 rounds of bcrypt, including both a salt and a server-side pepper secret). Passwords sent to the server are encrypted using SSL.
It is your sole responsibility to keep your user name, password and other sensitive information confidential. Actions taken using your credentials shall be deemed to be actions taken by you, with all consequences including service termination, civil and criminal penalties.

5. Our commitment to Children’s Privacy
We never knowingly collect or maintain information in application from those we know are under 16, and no part of application is structured to attract anyone under 16. If you are under 16, please do not use the application.

6. How can I access or correct my information?
If you are a user of the application and we are the manager of your homeserver, you can request a copy of your data by emailing dpo@chums.chat. We are working on a solution which will allow you to download the data automatically.

7. What should I do if I find a security vulnerability in the application?
If you have discovered a security concern, please email us at support@chums.chat. We’ll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. Information security is our highest priority, and we work to address any issues that arise as quickly as possible.
Please act in good faith towards our users' privacy and data during your disclosure. White hat security researchers are always appreciated.

8. Data Protection Officer
If you have any queries or concerns about the processing of your information that is available with us, you may email our Data Protection Officer at dpo@chums.chat. We will address your concerns in accordance with applicable law.