The Destiny code is maintained and the infrastructure is operated by Least Authority TFA GmbH (‘Least Authority’, ‘we’, ‘us’), located at Thaerstraße 28a, 10249 Berlin in Germany.
Least Authority is a technology company supporting people’s right to privacy through security consulting and building secure solutions. Least Authority developed Destiny with the goal of developing user-friendly applications of Magic Wormhole that would be suitable for human rights defenders and other vulnerable communities.
Read more about us on leastauthority.com.
We do not collect information about people who download the software via GitHub. On Github, we only have access to traffic data for the repository such as number of visitors and number of views of the repository.
However, third parties such as the Google Play store and the hosting provider, OVH Cloud, can collect some information including individual users’ IP address. We have no control of that and do not actively try to access such information.
Google provides us with the following information: Android Version: Android OS version reported from the user's device Device: User's device Marketing Name and Device Name (for example, Google Nexus 7/Flo) Country: User's country Language: User's Android OS language setting Carrier: User's wireless carrier (when applicable) App Version
Our hosting provider, OVH Cloud, collects the following information: IP address Time and date of request
In addition, our mailbox server and transit relay are collecting the following basic statistics: Outcome of a transfer (did the parties connect) Time of a transfer
The legal basis for the processing of this data is our legitimate interest to ensure the functionality, the integrity and security of the application (Art. 6 para. 1 (f) GDPR).
We do not collect contact information (name, email address, phone number) about people who send/receive files.
We do not store and cannot open files that are sent using Destiny.
When you send/receive a file directly, the two parties involved can learn each others’ IP address.
Files sent using Destiny are end-to-end encrypted.
Destiny is built on Magic Wormhole, which uses the SPAKE2 cryptographic algorithm to establish a strong high-entropy shared key with a short low-entropy password (the code). All data is encrypted (with nacl/libsodium “secretbox”) using this key.
For more details see our FAQ.
When you email us, we will inevitably collect the content of your email, your email address, the sender name, and anything else included in the email header.
Emails are currently stored with our email provider Google.
We keep emails received for as long as necessary to handle the issue. Six months after an issue has been handled or solved, we erase the email unless keeping it is necessary for our legitimate business or operational interests.
Data processing for the purpose of contacting us is based on your voluntarily given consent (Art. 6 para. 1 (a) GDPR), or - in case of general issues with our system - based on our legitime interest in the function of our service (Art. 6 para. 1 (f) GDPR).
We do not share any of your personal data with anyone outside of Least Authority or, by default, the sub-processors mentioned above.
In line with the European Union’s General Data Protection Regulation, you have rights related to any personal data of yours that we process. You have the right to request from us at any time: Information as to whether or not personal data concerning you is being processed, and, where that is the case, access to this personal data; Rectification of inaccurate personal data concerning you, subject to relevant legal requirements; Erasure of personal data concerning you unless there are conflicting interests; Restriction of the processing of your personal data where one of the following applies: you contest the accuracy of your personal data, the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead; we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or you have objected to processing pursuant to Article 21 para. 1 GDPR pending the verification whether our legitimate grounds override those of you. To receive the personal data that you provided to us, in a structured, common and machine-readable format or requesting transmission to another controller. In this case, please contact us at [email protected] and specify the information or processing activities to which your request relates. We will carefully consider your request and discuss with you how it can best fulfill it.
You can revoke your consent once given to us at any time. As a result we stop the data processing based on this consent in the future.
If we process your data pursuant to a legitimate interest or a legitimate interest of a third party , you can exercise your right to objections in accordance with Art. 21 GDPR.
Please send any requests or questions related to exercising your rights to [email protected]. As soon as we receive any request from you, we will process it. Please be aware that it might take some time for the process to be reflected across all our systems.
You have the right to lodge a complaint with the competent data protection supervisory authority. The supervisory authority responsible for Berlin, Germany is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, with its address Friedrichstr. 219, 10969 Berlin, Germany, and its phone number: +49 (0)30/138 89-0. Please find its website here: http://www.datenschutz-berlin.de.
If you have questions about this privacy policy or exercising your privacy rights, please contact us as at [email protected]
This privacy policy was last updated on September 22, 2022.