The policy emphasizes minimal monetization, short log retention, and user controls like archive download and account deletion. The main caveat is the inherent exposure of federated messaging and the public nature of much of the platform.
Mastodon.social’s legal posture is relatively privacy-conscious compared with many social platforms: it says it does not sell personal information, limits server log retention, allows content export, and lets users delete accounts. At the same time, because it is a federated social network, posts may be copied to other servers, and direct or followers-only messages can still be viewed by server operators and recipients.
Points of interest
Followers-only and direct posts may be stored on other servers, and the policy warns that server operators or recipients may view, screenshot, copy, or reshare them. In practice, these messages are not treated as truly private.
"the operators of the server and any receiving server may view such messages, and that recipients may screenshot, copy or otherwise re-share them."
The service records your login IP address and says the latest IP address used may be stored for up to 12 months. That is a meaningful amount of identity-linked metadata retention.
"The latest IP address used is stored for up to 12 months."
The policy says Mastodon does not sell or trade your personal information. That reduces the risk of ad-tech style sharing or monetization of your data.
"We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information."
You can request and download an archive of your content, including posts, media, and profile images. This makes it easier to back up your data or move on from the service.
"You can request and download an archive of your content, including your posts, media attachments, profile picture, and header image."
The policy says you may irreversibly delete your account at any time. That gives users a clear exit path, though deletion is permanent.
"You may irreversibly delete your account at any time."
Server logs containing IP addresses are retained, if kept at all, for no more than 90 days. That is a relatively limited retention period for operational logs.
"Retain server logs containing the IP address of all requests to this server... no more than 90 days."
Other Social services on AIgree
Compare Mastodon with…
The 7 clauses that actually matter, the red flags to watch for, in 5 minutes.
Report a problem with this summary
Spot something wrong, missing, or misleading? Tell us — we review every report.
Spot something wrong, missing, or misleading? Tell us — we review every report.
Thanks — your report was submitted and will be reviewed.
Documents
Privacy Policy
source ↗- •If you register, you provide basic account details like username, email, and password, plus profile and media content that is publicly listed.
- •Public, unlisted, followers-only, and direct posts are stored and processed on the server and may be delivered to other servers where recipients’ accounts are.
- •Followers-only and direct posts may be viewed by operators of this and receiving servers, and recipients may screenshot, copy, or re-share them.
- •Your login IP address and browser application name are recorded, sessions can be reviewed and revoked in settings, and recent IP data may be stored up to 12 months.
- •Server logs may include the IP address for requests and are retained for a good-faith effort of no more than 90 days, if kept.
- •Mastodon uses your information to provide core service features, support moderation (including ban-evasion checks), and send emails for notifications and responses.
- •Passwords are protected with one-way hashing, connections are secured with SSL, and you may enable two-factor authentication for added security.
- •Cookies are used to recognize your browser, associate it with your account, and save your preferences.
- •Mastodon does not sell personal information, may share with trusted service providers, and may release information to comply with law or protect safety and rights.
- •You can request and download an archive of your content, and you may irreversibly delete your account at any time.
