Version 1.0 · Effective February 14, 2026

1. Introduction

This Privacy Policy describes how mothertree labs (“we,” “us,” “our”) handles your information when you use our managed collaboration service (“Service”) at mother-tree.org.

mothertree is built on end-to-end encryption (“E2EE”). This policy covers both the data we collect and — just as importantly — the data we cannot access.

Self-hosting: This Privacy Policy applies only to the managed service. If you self-host mothertree using our open-source code, your instance operator’s privacy practices apply instead.

2. Data We Cannot Access

mothertree uses E2EE for your content. This is an architectural guarantee, not merely a policy promise. The following data is encrypted on your device before it reaches our servers, and we do not hold the keys to decrypt it:

  • Messages and conversations
  • Documents and collaborative content
  • Files and attachments
  • Voice and video calls

Because we cannot access this data, we cannot read, analyze, sell, or share it. We also cannot recover it if you lose your encryption keys.

Open-source verification: Our code is available under the AGPL-3.0 license. Anyone can inspect our encryption implementation and verify these claims independently.

3. Data We Do Collect

To operate the Service, we collect and process:

Account information

  • Email address
  • Display name
  • Account creation date

Usage metadata

  • Last login timestamp
  • Feature usage statistics (aggregate, not content-level)

Technical logs

  • IP addresses
  • User agent strings
  • Error logs

Technical logs are retained for no more than 78 hours, except when extended retention is required for active troubleshooting or diagnosis of specific issues.

Billing information

If you use a paid plan, our payment processor collects billing details (such as payment method and billing address). We do not store full payment card numbers on our servers.

4. How We Use Your Data

We use the data described in Section 3 to:

  • Operate and maintain the Service
  • Authenticate your identity and secure your account
  • Communicate with you about your account or the Service
  • Detect and prevent abuse, fraud, and security incidents
  • Comply with legal obligations

5. What We Do Not Do

  • No advertising. We do not serve ads and do not use your data for advertising purposes.
  • No data sales. We do not sell your personal information to third parties.
  • No content profiling. We cannot profile you based on your encrypted content because we cannot access it.

6. Data Sharing

We share your information only in these circumstances:

  • Service providers: With vendors who help us operate the Service (such as hosting and payment processing), under contracts that limit their use of your data.
  • Legal requirements: When required by law, court order, or governmental request. We will notify you when legally permitted to do so.
  • Complaint process: When we receive a complaint about your account, we share the substance of the complaint with you so you can respond (see our Terms of Service). We do not access your encrypted content as part of this process.

7. Data Retention

  • Account data: Retained while your account is active and deleted upon account deletion.
  • Technical logs: Retained for no more than 78 hours, unless extended for active troubleshooting or diagnosis of a specific issue.
  • Encrypted content: Stored on our servers in encrypted form while your account is active. Upon account deletion, encrypted content is deleted. We cannot selectively access or review this content at any time.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data
  • Object to certain processing

To exercise these rights, contact us at info@mother-tree.org.

Note that we cannot provide copies of your E2EE content because we cannot decrypt it. You must export encrypted content directly from your devices while your account is active.

9. Security

We implement reasonable technical and organizational measures to protect the data we process. E2EE provides the strongest protection for your content — even in the event of a server breach, your encrypted content remains unreadable without your keys.

10. Children

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16.

11. Changes to This Policy

When we update this policy, we will:

  • Publish the new version at a new versioned URL
  • Provide reasonable notice before changes take effect
  • Keep prior versions available at their original versioned URLs

12. Contact

If you have questions about this Privacy Policy, contact us at info@mother-tree.org.