PR1V4CY
Nothing to hide (NTH) is a privacy infrastructure provider based in The Netherlands. We operate privacy-enhancing services world wide and on this page you can read all about how we process your personal identifiable information (PII) for these services. If you have any questions about the processing of PII, please contact us.
Our public services are built in accordance with current privacy design strategies and best practices in mind. In short this means:
- We limit, separate, abstract and hide (the processing of) PII as much as possible.
- We’re transparent about the processing of PII to our data subjects.
- We will never sell PII to third-parties.
- We won’t share PII with third-parties unless it’s one of our data processors (like Tuta GmbH for handling our email) or unless we are compelled to do so by a competent authority.
Websites
When you visit our website nothingtohide.nl, your IP address and browser user agent are being processed by our webserver in order to serve the website’s content to your browser. In addition we log these personal data for 30 days for the purpose of finding and preventing abuse and keeping nothingtohide.nl available.
| PII | Controller | Purpose | Legal basis |
|---|---|---|---|
| IP address | NTH | Detect and prevent abuse/availability | Legitimate interest |
| Browser user agent | NTH | Detect and prevent abuse/availability | Legitimate interest |
You can send us an email. In order to receive, read and reply to these email we process the mailserver’s IP address, contents of the mail and email address(es)/account name(s) of email recipients and senders.
Nothing to hide uses the Germany based secure email service Tutanota by Tutao GmbH (Tutao) to handle its email. Do note that upon request we can provide a secure email link for sharing sensitive information or data.
| PII | Controller | Processor | Purpose | Legal basis |
|---|---|---|---|---|
| Mailserver IP address | NTH | Tutao | Sending/receiving email | Legitimate interest |
| Email address | NTH | Tutao | Sending/receiving email | Legitimate interest |
| Name(s) | NTH | Tutao | Sending/receiving email | Legitimate interest |
| Email contents | NTH | Tutao | Sending/receiving email | Legitimate interest |
Tor relays
When you use one of our Tor relays, your traffic will be routed through our infrastructure. This includes both the (heavily encrypted) contents and the traffic metadata such as the client source (in the case of guard relays) and destination (in the case of exit relays) IP addresses.
Do note that Nothing to hide can’t view the contents of the traffic since it’s heavily encrypted by the Tor network. We don’t log anything regarding the Tor relays or Tor traffic so although we process such information on a realtime basis, we can’t recall this information.
| PII | Controller | Purpose | Legal basis |
|---|---|---|---|
| Tor metadata | NTH | Required for Tor relays | Legitimate interest |
| Tor encrypted contents | NTH | Required for Tor relays | Legitimate interest |
DNS servers
When you use our DNS servers, your DNS queries will be encrypted (because of DNS-over-TLS) before they are send to us for further processing. This makes sure parties with a network presence in between your client (requesting a specific DNS record) and the DNS server (answering) can’t eavesdrop on the DNS query/answer content.
Do note that when you use on of our Tor exit relays, you’re automatically using our DNS servers because your DNS queries are resolved by our own DNS servers. In this case your client’s source IP address isn’t processed by our DNS servers since the Tor exit relay will send the DNS request to our DNS server from its own IP address.
| PII | Controller | Purpose | Legal basis |
|---|---|---|---|
| Client IP address | NTH | Required for DNS | Legitimate interest |
| DNS query contents | NTH | Required for DNS | Legitimate interest |