We are a Danish company called Quenda ApS, and we created Pigeon because friends kept telling us they'd pay for a hosted mailing list service. We thought, let's build that then! This page explains what personal information we collect, why we collect it, and how you can manage that information.
Your IP address and access times are kept for security purposes. Your OAuth username is kept unless requested to provide a service and potential discounts to you. Your email address is kept for financial auditing. You may also be collecting personally identifiable data from your list users, and we store that data on your behalf, but you are considered the controller of that data and must act responsibly and legally with respect to that data.
If you are visiting this website, we keep server logs of your interactions with us which record your IP address and the time of visit. We do that because sometimes websites are attacked by bandits who try to infiltrate and steal your information, and keeping logs helps to see who might be attempting that. Sometimes people also try to interrupt service to a website by doing something called a denial of service attack. Keeping logs helps us to mitigate any such attacks.
We keep IPs and times indefinitely in case we ever need to audit past attacks. If somebody infiltrated the website and we deleted the logs, we'd never know who did it! Of course we take security very seriously and aim to prevent infiltration in a variety of ways, and keeping logs is just part of the process of being responsible about security. The logs themselves are kept secure, and are not published.
Our role in this is as a data controller.
We class you as a user if you've signed up to Pigeon, even if you're just on the free introductory plan.
As well as collecting the same information that we do of website visitors, we also collect your OAuth username and verified OAuth email address. OAuth is a system invented to make it easier for people to log into websites. It means you can use your existing login details with one site, e.g. Google, to log into a new site, e.g. ours, without ever giving your password to the new site. That means that we don't collect your password, because we don't need to! But we do need your username and email address.
We need your username because that's how we identify you as a user. When you log in, we need to know who you are in order to give you access to your account. We need your email address because this is a mailing list hosting service. If we don't know your email address, how are we going to subscribe you to your own lists for example? We don't share your username, but we may share your email address if you have a mailing list with a public archive and you send a message to that list.
We keep your username and email for as long as you have an account with us. When you close your account we keep your username and email by default, for two reasons. One is so that we can potentially give you a discount if you sign up with us again! The other is so that we have a record of our financial account with you, i.e. so that our invoices can be linked to our records in case of disputes etc.
You may request that we delete your OAuth username at any time. To do so means closing and erasing your account, because without the username we are of course unable to provide a service to you! Your email address is retained as part of our financial records, which is described in more detail in the following section.
Our role in this is as a data controller.
We retain the information of all of our financial transactions with you, including after you stop using our service, in order to have evidence for arbitration in case of any financial disputes that you may have with us. This information may include your email address or any other information that you give to stripe, excepting of course your card details.
Stripe's role in this is as a data controller for your card details, and a data processor for our financial transactions with you.
Pigeon is a public email archiving service. When you create a public mailing list, and send email to that list, we archive it and provide public access to copies of email sent to that list. Be aware that once emails are made public, other internet users may make copies that email (legally or otherwise) which we cannot control. For example, the digital Internet Archive library may copy our website, and indeed any website. Google may copy our website to keep it in their cache. Once you have made an email public, it can be very difficult if not impossible to erase all copies of it, as these copies are not under our control.
You therefore give consent not only for us to host these emails in public for you, but you also recognise that there is nothing we can do about third parties accessing, having accessed, or making copies of your data. If third parties act illegally, then you must take it up with those third parties independently of us. We cannot, in other words, pursue on your behalf the resolution of any copyright, privacy, trademark, or other rights violations committed by third parties.
When you create a mailing list, you may have users. A user is anybody who's subscribed or sent an email to one of your mailing lists. You may have responsibilities to your users with regards to privacy. It is your responsibility to ensure that your users' rights are not violated. We store personally identifiable information of your users on your behalf. Our role in this is as a data processor.
The worst case scenario for any website is that bandits infiltrate their systems and make copies of their users' personally identifiable data. This would mean that your personal data would be in the hands of potentially some very bad people. We try to mitigate this risk as much as possible by not collecting from you anything of value, such as your card details. Since we do have your OAuth username and email, however, we of course need a plan for what happens if that data is stolen by the aforementioned bandits. Since we are based in the EU, which has very good privacy laws, we simply follow the requirements of those laws and promptly notify the local data authorities when information is stolen. As long as the information wasn't erased, we also notify all of our affected users. Unfortunately beyond that there isn't much else that we'd be able to do. Again, we take many measures to ensure that this doesn't happen in the first place, which is the best policy.