Friedolyn does not phone home and only collects data necessary for its operation.

Friedolyn websites

When vising this documentation website or the Javadocs, no personal data is collected. Since both sites are hosted on Codeberg Pages, the Codeberg Privacy Policy applies.

Web requests

Friedolin credentials

When you first open the Friedolyn app, you are asked to enter your credentials at the University of Jena’s Friedolin service. Obviously, each time Friedolyn fetches data from Friedolin, your user name and password are submitted to the uni’s server via the login form at friedolin.uni-jena.de. Apart from that, your credentials are not sent anywhere and are only stored locally on your device.

You are strongly urged to keep your credentials safe.

• On the login screen, you have the option to connect to your KeePassXC password database to fill in your credentials. That way, Friedolyn doesn’t need to store your user name and password in plain text on disk.
• Alternatively, you can use a tool like Cryptomator to safely store your configuration file (containing your credentials) in an encrypted vault.

Connecting to Friedolin

When fetching data from Friedolin, the uni’s privacy policy applies.

IP address

Whenever a client connects to a server, for example when someone visits a website, the server learns the IP address of the client. (This is necessary, because otherwise, the server would be unable to respond to the client’s request.)

The downside is that IP addresses usually uniquely identify a specific device (and thus its user) on the internet, meaning that they can be used to track users across the web. Whether or not a server actually participates in such behaviour inimical to the public cannot be influenced by the Friedolyn developers.

You can mitigate this side effect by hiding your IP address using a VPN that routes your device’s internet traffic through a proxy server shared by many users. You may also configure Friedolyn to connect to the anonymous Tor network (a.k.a. the “darknet”) via the setup dialog.

User agent

Whenever Friedolyn connects to an internet server, it voluntarily submits its user agent. This is a string that identifies the requesting software by its name and version. By default, the user agent string is Friedolyn/1.0, and it is the same for all users, meaning it does not uniquely identify you or your device.

If you don’t want the uni to know that you use Friedolyn, you can configure the app to submit a spoofed user agent via the setup dialog, in order to make Friedolyn appear as a regular web browser to the server.

Automatic updates

Friedolyn checks for updates of the app itself and several configuration files on startup. Since everything is hosted on Codeberg, their privacy policy applies.

Notifications

Whenever we detect that you have received a new grade in Friedolin, we will notify you via one of the following channels (depending on your preferences):

Contact form

In the app, there’s a contact form that you can use to send help inquiries, feedback, bug reports or feature requests to the developers. When you submit the form, the following data is sent to the developers via email:

• your real name, e.g. “Edward Snowden”
• your Friedolin user name (not sensitive), e.g. “es13nsa”
• your university e-mail address, e.g. “edward.snowden@uni-jena.de”
• the subject of your message (whatever you have entered)
• the message content (whatever you have entered)
• a means of contacting you (whatever you have entered)
• the app version you’re using, e.g. 1.0.0
• the app’s log file (if you have decided to attach it)
• some technical information about your device (if you have decided to attach it):
  • name, version and architecture of your operating system, e.g. “Windows 10, 64-bit”
  • version, vendor, home directory, library path and temporary directory of your Java runtime
  • the file path to your home directory
  • the app’s current working directory

The administrators of the uni’s e-mail server will be able to see that you have sent an e-mail to us, but they won’t be able to read its content or view the attachments. That’s because we use OpenPGP to automatically end-to-end encrypt all contact form submissions.

Of course, we would strongly prefer to reply to you in a secure manner, which is why we ask you to provide any means of end-to-end-encrypted means of communication in your message.

You can use your university e-mail address with your own OpenPGP public key or your university Matrix account (use your Friedolin credentials to log in) or a third-party service to receive our encrypted reply.

When choosing a third-party service, please note their privacy policy. Here are all options that we can offer: