asterisk is operated by auth1ery, an individual based in Calgary, Alberta, Canada. when this policy says "we" or "us", that's who it means.
this policy covers the instance at asterisk.authsrng.xyz only. if you run your own instance, this policy does not apply to your users — you are independently responsible for their data.
to exercise any rights or ask questions, contact us via github.com/auth1ery ↗.
we do not sell, share for profit, or monetize your data. there are no ads.
asterisk is intended for users 14 years of age or older. by creating an account you confirm you meet this requirement. if you are under the age of majority in your region, a parent or guardian should review this policy with you.
if we discover a user is under 14, we will delete the account and associated data promptly.
| data | details |
|---|---|
| username | chosen at registration. visible to other users. 2–20 characters. |
| password | stored as a bcrypt hash only. plaintext is never stored or transmitted. |
| color | randomly assigned HSL display color. used to distinguish your messages. |
| bio | optional, up to 160 characters. set by you. visible to other users. |
| status | optional presence indicator (online, away, busy, invisible). visible to other users while connected. |
| auth token | a signed JWT stored in your browser's localStorage. contains your username and color only — no passwords or highly sensitive data — but should be treated as a credential. |
| data | details |
|---|---|
| channel messages | messages in #global, #debate, #gaming, and #music. up to 30,000 per channel; oldest are removed automatically as new ones arrive. |
| direct messages | DMs between friends. up to 5,000 per conversation. |
| node messages | messages in private group chats (nodes), stored per-channel. |
| reactions | emoji reactions and the usernames of who added them, stored alongside messages. |
| file uploads | images, videos, and text files. accepted: JPEG, PNG, GIF, WebP, MP4, WebM, Ogg, plain text. max 8 MB each. |
| data | details |
|---|---|
| friend list | accepted friendships, pending outgoing requests, and incoming requests. |
| nodes | node name, owner, member list, invite codes, and ban list for each node you own or belong to. |
| data | details |
|---|---|
| settings | appearance and notification preferences stored in your browser's localStorage. never sent to the server. |
| gif favourites | favourited GIFs stored in localStorage only. not synced to the server. |
| seen releases | the tag of the last dismissed release banner, stored in localStorage. |
all server-side data is stored on a personal server in Calgary, Alberta, Canada, exposed to the internet via Cloudflare Tunnel.
all connections are encrypted in transit via HTTPS/WSS through Cloudflare. passwords are bcrypt-hashed (cost factor 10). authentication uses signed JWTs.
please don't share sensitive personal information in messages.
we do not store IP addresses in application-level logs. however, IP addresses are processed transiently by Cloudflare as part of routing and DDoS protection — this is outside our control. see Cloudflare's privacy policy ↗ for how they handle this.
we do not collect or store the following at the application level:
✓ no email ✓ no real name ✓ no phone number ✓ no payment data ✓ no app-level IP logs ✓ no behavioural analytics ✓ no ads or tracking pixels
we do not use cookies. we use localStorage in your browser for auth tokens and preferences. we do not sell or voluntarily share personal data with third parties, except as described below.
the frontend is hosted on Cloudflare Pages and the backend is tunnelled via Cloudflare Tunnel. all traffic passes through Cloudflare's network, where IP addresses and request metadata may be processed. see Cloudflare's privacy policy ↗.
the GIF picker proxies requests through our backend to the GIPHY API. your search query is forwarded to GIPHY. your username and other identifying info are not. see GIPHY's privacy policy ↗.
on login, the app fetches the latest release tag from api.github.com directly from your browser to show a release banner. no personal data is sent. see GitHub's privacy policy ↗.
JetBrains Mono is loaded from Google Fonts, which sends a request from your browser to Google's servers. see Google's privacy policy ↗. self-hosters may serve the font locally to avoid this entirely.
data is used solely to operate the chat service: authenticating accounts, delivering messages, displaying usernames and profiles, and enforcing rate limits. nothing else.
under Canadian privacy law (PIPEDA), you have the right to:
| right | what it means |
|---|---|
| access | request a copy of the personal data we hold about you. |
| correction | request that inaccurate data be corrected. bio and status can be updated directly in the app. |
| deletion | request that your account and associated data be deleted. contact us and we'll remove your account, DMs, and friend data as soon as practicable. |
contact us via github.com/auth1ery ↗ to exercise any of these rights.
messages are pruned automatically at the limits above. uploaded files are stored until the account is deleted or removed by an administrator.
when an account is deleted we remove the account record, DMs, and friendship data. messages posted in public channels or nodes are associated with a username — those may remain as orphaned entries after deletion.
asterisk is MIT-licensed open source. if you run your own instance, this policy does not apply to your users at all. you are independently responsible for their data and must write your own policy.
we may update this policy at any time. the "last updated" date above will reflect the latest revision. continued use of the service after changes constitutes acceptance.