Privacy Policy
How the hosted Lurker service at lurker.chat collects, uses, and protects your information. The self-hosted edition runs on your own infrastructure and is not covered here.
1.0Scope
This policy applies to the hosted Lurker service operated by Brad Root, a sole proprietor. By using the service you agree to this policy.
2.0What we collect
- Account data — your email address; and a password, stored as a secured hash.
- Service data — the messages you send and receive through Lurker, and the IRC network connection details you configure (server addresses, nicknames, and any network credentials you choose to store). This is stored so the service can function as an always-on bouncer.
- Technical data — IP addresses, timestamps, and operational logs needed to run, secure, and debug the service.
- Payment data — when paid plans launch, billing is handled by Stripe. Stripe holds your card details; we receive only limited information such as your subscription status to determine your account is active. No billing details are stored on our servers.
3.0How we use it
We use your information solely to provide and operate the service: to maintain your connections, store and sync your history, authenticate you, process payments, provide support, keep the service secure, and comply with the law. We do not sell your data, and we do not use the content of your messages for advertising or profiling.
4.0Access to your messages and uploads
Your message history is stored to operate the bouncer. We do not read it as a matter of course. It is only stored in Lurker to be retrieved and searched by you. Note that the IRC networks you connect to — and the other users in your channels — necessarily receive the traffic you send to them; that is how IRC works, and it is outside our control.
Uploads
Files you upload through the web app (images, and longer messages posted as a text file) are stored as objects on our infrastructure and served from our content-delivery domain. Because they live in our storage and are served under our name, we are able to — and, to comply with the law and enforce the Acceptable Use Policy, sometimes must — review them: an operator can browse uploaded files and remove any that violate our policies or the law, and such removals are logged. As with your message history, we do not browse your uploads as a matter of course.
5.0Where your data lives
Your account is assigned to a dedicated "cell" — a server instance that holds your data. Data is transmitted to and from the service over encrypted (TLS) connections. We replicate cell data to encrypted object storage for backup and disaster recovery. Files you upload through the web app are stored as objects in separate object storage and served from our CDN. We use reputable infrastructure providers (currently DigitalOcean for compute and Cloudflare for edge, DNS, and object storage) who process data on our behalf.
Network credentials
To act as an always-on bouncer, Lurker has to reconnect to your IRC networks while you are away — so any server, NickServ, or SASL passwords you ask it to store cannot be one-way hashed; they have to be kept in a form Lurker can replay to the network. They are encrypted at rest (AES-256-GCM) on your cell, with the encryption key held separately from the database backups — so the data we replicate to object storage holds only ciphertext. Because the service must decrypt them to reconnect you, this is not zero-knowledge: treat anything you store here as recoverable by the service, and don't store credentials you would not want held that way.
IRC connection security
The connection between you and Lurker is encrypted. The connection between Lurker and a given
IRC network depends on that network — some support TLS and some don't — and the network and the
other users in your channels receive whatever you send them. Treat IRC as a public medium:
don't send anything sensitive over a network you don't trust, and prefer networks that offer
TLS. Note that credentials a server sends back to you (for example in response to
/oper) can be captured in your stored message history.
6.0Who we share it with
- Service providers — infrastructure (DigitalOcean, Cloudflare) and payments (Stripe), acting on our instructions to run the service.
- IRC networks — the third-party networks you connect to receive the traffic you direct to them. They have their own policies; we are not responsible for them.
- Legal — where we reasonably believe disclosure is required by law or necessary to protect the rights, safety, or property of users, the public, or us.
We do not sell or rent your personal information to anyone.
7.0Retention and deletion
We keep your data while your account is active. When you close your account, we hard-delete your cell-side data (your messages, channels, and stored connection details) and anonymize your account record — your email is released so it is free to register again, and your former account identifier is retired rather than reused. Backup copies that may still contain your data roll off our encrypted backup storage within 30 days. We may retain limited records where required for legal, tax, or fraud-prevention purposes.
8.0Your rights
You can access and export your data, correct your account information, and delete your account at any time from within the service. Depending on where you live, you may have additional rights (such as under the California Consumer Privacy Act or the GDPR), including the right to know what we hold and to request deletion. To exercise any right, contact us at the address below. We do not discriminate against you for exercising your rights.
9.0Children
The service is not directed to children under 16, and we do not knowingly collect their data. If you believe a child has provided us information, contact us and we will delete it.
10.0Changes
We may update this policy. Material changes will be communicated by email or an in-app notice, and the effective date above will be updated.
11.0Contact
Privacy questions or requests: privacy@lurker.chat.