Privacy

Chatalot is software you run on your own hardware. Even on a managed Seglamater deployment, the operating company runs the infrastructure but never holds the keys that could decrypt your E2EE messages. This page describes the privacy properties of the software itself.

What the server CAN see

Your instance admin (which may be you, or someone you trust) has access to:

• Your account: username, email (if provided), role assignments, profile settings
• Message metadata: who sent what, when, to whom, how big — the routing information needed to deliver messages
• Message content that was NOT sent through the end-to-end encrypted path, specifically: webhook-posted messages and uploaded file contents (see Security for detail)

What the server CANNOT see

• End-to-end encrypted message content in direct messages and group channels. The server stores ciphertext. Decryption happens in your browser or desktop app using keys that never leave your device.
• Your password. Only an Argon2id hash is stored.
• Your TOTP secret as plaintext. Encrypted at rest with ChaCha20-Poly1305.
• Keys used to decrypt your messages. These live in your browser's IndexedDB or the desktop app's local key store.

What the instance owner can do

The instance owner can see the metadata listed above and manage accounts (approve registrations, reset passwords, ban users, delete accounts). Resetting a password invalidates existing sessions but does not grant access to the user's E2EE message history — decryption keys are tied to the user's device, not the server.

What nobody can do

• Read your E2EE message history without your keys — not even the instance admin, and not even with full database access.
• Silently inject messages attributed to another user — each message is signed with the sender's identity key.
• Force-decrypt your account later — the Double Ratchet provides forward secrecy, so compromising today's keys doesn't retroactively expose yesterday's messages.

Telemetry, analytics, tracking

None. Chatalot does not include analytics scripts, usage tracking, error-reporting callbacks, feature-flag services, or any other phone-home behavior. The server never talks to any remote service on its own.

This website

This site (chatalot.seglamater.app) is static HTML marketing and documentation. It does not load any third-party scripts, fonts, or analytics. It does not set any cookies. Web server logs are retained for operational purposes (abuse mitigation) and rotated.

Public demo instance (chat.seglamater.app)

The public demo instance at chat.seglamater.app is operated by Seglamater. It follows the same privacy model as any self-hosted instance: server sees metadata, never plaintext E2EE content. Because it’s publicly run, it has its own operational considerations (abuse reporting, takedown requests) handled per the instance’s terms of service.