Effective: 1 September 2017
An updated copy of this document can be found at https://rumuki.com/privacy-policy.html
This document outlines what happens to, who has control over, and how we handle your data. Your privacy is our top priority and we are committed to being as transparent as possible with how these things are managed.
Our approach to security is to transmit and store only the minimum amount of data necessary. Because what isn't sent can never be intercepted, and what isn't stored can't be stolen.
More details from a technical perspective can also be found in our whitepaper.
Device tokens: these help us identity your device in order to deliver things such as push notifications, online-mode videos or playback grants. It is randomly generated by your phone, and isn't associated with any personal information or the username that you choose in the app.
Playback grants: when you send someone a playback grant, it is stored temporarily on Rumuki servers until consumption. Each playback grant contains a copy of the sender's key part, encrypted in a way whereby only the recipient can decipher it.
Video names: these are never sent to our servers in plaintext. They are encrypted in a way whereby only the recipient of the video can decipher them.
Encrypted videos: in nearby mode your content is delivered encrypted over peer-to-peer local WiFi or bluetooth and never reaches Rumuki servers. In online-mode, your video is stored temporarily on Rumuki servers. It is encrypted in a way whereby only the recipient with a playback grant can decipher it, therefore it is safe in transit. Online mode videos are stored for a maximum of up to 30 days on Rumuki servers.
Email addresses: if you do choose to subscribe to our mailing list, your email address is never stored in association to your device or its videos.
Crash reports: if enabled, we use a service called Crashlytics to retrieve and store anonymous data related to any problems with the app in order to provide a better experience in the future. This information includes, but is not limited to, device state information, unique device identifiers, device hardware and OS information, information relating to how an application functions, and the physical location of a device at the time of a crash.
Logs: the Rumuki server stores access logs for up to 7 days. These logs include the timestamp, ip address, user agent, http method and url. Logs may contain unique device tokens in the URL, however they will never contain information originating from the user, such as usernames, or video names.
Rumuki is a new product, and we understand that just like any relationship, it takes time to build trust.
We plan to open-source the majority of the components used to build it. This will provide better visibility into exactly what happens to your data. As of now, the rumuki-server source is available for viewing.