Church of Cyberology

Privacy policy

Version 1.0 (01-01-2024)

The Church of Cyberology (also “Cyberology” hereafter) operates on the internet and therefore processes personal information. In this privacy policy we will elaborate on what personal data we collect, how we collect personal data, for what purposes we use personal data, how we retain personal data and to whom personal data is disclosed by us.

Further this privacy statement includes information regarding your rights with respect to the processing of your personal data. If you have any questions about the processing of (your) personal data, please contact us.

Privacy by design

All our processes (online and offline), are built in accordance with current privacy design strategies and best practices in mind. In short this means:

1 Website

The Church of Cyberology has the following websites:

When you visit our website(s), your IP address and browser user agent are processed by the webserver in order to serve the website’s content to your browser. In addition we retain these personal data for 30 days for the purpose of finding and preventing abuse and keeping the website(s) available. We may create (truly) anonymous aggregated statistics as well.

For our webhosting needs we make use of the Netherlands based IT service provider Nozel.

Personal data Controller Processor Purpose Legal basis
IP address Cyberology Nozel Detect and prevent abuse/availability Legitimate interest
Browser user agent Cyberology Nozel Detect and prevent abuse/availability Legitimate interest

2 Email

You can send us an email. In order to receive, read, reply to and (permanently) archive these emails we process your mailserver’s IP address, contents of the email and email address(es)/account name(s) of email recipients and senders.

We use two email service providers to handle email: the Germany based secure email service Tutanota by Tutao GmbH (Tutao) and the Netherlands based secure email service Soverin by Soverin B.V. (Soverin).

Personal data Controller Processors Purpose Legal basis
Mailserver’s IP Cyberology Tutao
Soverin
Handling email Legitimate interest
Email address Cyberology Tutao
Soverin
Handling email Legitimate interest
Name(s) Cyberology Tutao
Soverin
Handling email Legitimate interest
Email content Cyberology Tutao
Soverin
Handling email Legitimate interest

Do note that upon request we can provide a secure email link for sharing sensitive information or data.

3 Tor

We operate Tor relays from Nothing to hide, which is our division that provides public privacy infrastructure. When you use one of our Tor relays, your traffic will be routed through our infrastructure. Although we mostly operate Tor exit relays, but we also have a few Tor guard/middle relays. Do note that under normal circumstances (i.e. using the Tor Browser) our guard/middle and exit relays won’t be used together.

We don’t log anything regarding the Tor relays or Tor traffic so although we process such data on a realtime basis, we are not able to educe or reproduce these data. For our Tor needs we make use of servers of the Netherlands based IT service provider Nozel.

3.1 Guard relays

When you use one of our guard relays, your current outgoing IP address and your traffic heavily encrypted content are processed. We retain the IP address for the duration of your connection to our guard relay while the encrypted content is processed on a real-time basis to and from the middle relay (generally less than a second per packet).

Personal data Controller Processor Purpose Legal basis
Source IP address Cyberology Nozel Required for Tor Legitimate interest
Encrypted content Cyberology Nozel Required for Tor Legitimate interest

3.2 Middle relays

When you use one of our middle relays, your traffic heavily encrypted content are processed. We retain these personal data until the packets have been delivered to the target exit relay (your requests) or your device (their response), generally less than a second.

Personal data Controller Processor Purpose Legal basis
Encrypted content Cyberology Nozel Required for Tor Legitimate interest

3.3 Exit relays

When you use one of our exit relays, the destination IP address of your request and your traffic content are processed. We retain these personal data until the packets have been delivered to the target server (your request) or your device (their response), generally less than a second. Do note that the traffic content in this stage of Tor isn’t encrypted by Tor, so make sure to use another encryption mechanism such as TLS.

Personal data Controller Processor Purpose Legal basis
Destination IP address Cyberology Nozel Required for Tor Legitimate interest
Encrypted content Cyberology Nozel Required for Tor Legitimate interest

3.4 Processing outside of the EEA

Because of the global scope and purpose of the Tor network, it is possible or even likely that your personal data transferred through one of our Tor relays will be transferred to (other data controllers and their data processors in) countries outside of the European Economic Area (EEA). The EEA comprises all EU countries, Norway, Liechtenstein and Iceland.

In general, transfers of personal data to countries outside of the EEA are subject to additional rules under the General Data Protection Regulation (GDPR). Due to the nature of the Tor network we can’t give any guarantees about appropriate safeguards. Please be mindful about what Tor relays are part of your circuit and your traffic destination.

4 DNS servers

We operate DNS servers from Nothing to hide, which is our division that provides public privacy infrastructure. When you use our DNS servers, your current outgoing IP address and the content of the DNS query itself are processed by our DNS servers. Your DNS queries will be encrypted before they are send to us for further processing. This makes sure parties with a network presence in between your client (requesting a specific DNS record) and the DNS server (answering) can’t eavesdrop on the DNS query/answer content.

You will also automatically use our DNS servers if you use one of our Tor exit relays, because those DNS queries are resolved by our own DNS servers. In this case your current outgoing IP address isn’t processed by us. For our DNS needs we make use of servers of the Netherlands based IT service provider Nozel.

Personal data Controller Processor Purpose Legal basis
Source IP address Cyberology Nozel Required for DNS Legitimate interest
DNS query content Cyberology Nozel Required for DNS Legitimate interest

5 Your rights

Although the GDPR only applies to data subjects who are in the European Economic Area, we will take every request and complaint seriously no matter the data subject’s physical location on planet earth.

And finally, you have the right to lodge a complaint with the Dutch Data Protection Authority.

6 Policy review

This EPrivacy Policy will be reviewed periodically to ensure that it remains current, effective, and aligned with the church’s goals and mission. Amendments or revisions to the policy may be made as necessary with approval from the governing board.