Improve privacy policy structure and contents

@@ -50,3 +98,3 @@
 ## Where is the personal data stored?
 
-We run our all of our services on servers of the company [Greenbaum Cloud](https://greenbaum.cloud/).
+We run our all of our services on dedicated servers of the company [Hetzner GmbH](https://hetzner.com/). The data on these servers is encrypted at rest. Backups are made to several locations, the data is encrypted before it is sent to the backup locations.

@@ -30,1 +30,3 @@
-"Matrix" is an open, decentralized communication service for real-time communication. It enables members of pub.solar n.e.V., as well as other interested parties, to communicate with other users of this server as well as other Matrix users of federated Matrix servers via chat and audio/video telephony by means of a Matrix account.
+The services we offer each require their own dataset to be able to function. A specific service only records data if you use it.
+
+If you become a member of the association, we'll have to process personal data to make sure we oblige by German law.

@@ -43,3 +41,4 @@
 
 Any additional information that the user chooses to supply while using the services provided by us (whether it is chats, posts, emails, etc.). This additional information is optional and with the user's consent.
 
+If you become a member in the association, we record your full name, email address, and home address.

@@ -46,0 +45,4 @@
+
+### Keycloak (auth.pub.solar)
+
+A valid email address: required for account creation. This email address is deleted from our database after the account has been approved/denied, unless the user chooses during the registration process, to keep it for password reset process.

@@ -46,0 +47,4 @@
+
+A valid email address: required for account creation. This email address is deleted from our database after the account has been approved/denied, unless the user chooses during the registration process, to keep it for password reset process.
+
+An username and a password: required to identify the account holder and provide the services offered by pub.solar.

@@ -46,0 +51,4 @@
+
+### Nextcloud (cloud.pub.solar)
+
+This service requires login with pub.solar credentials.

@@ -46,0 +55,4 @@
+
+Everything (files, calendars, contacts, news, tasks, bookmarks, etc.) is stored unencrypted in a database, unless an application provides external encryption (none so far). This is a limitation of the software we are utilizing for this service (Nextcloud).
+
+We do not currently encrypt files when you upload them because we've had some bad experiences with dataloss incurred through end-to-end encryption.

@@ -46,0 +57,4 @@
+
+We do not currently encrypt files when you upload them because we've had some bad experiences with dataloss incurred through end-to-end encryption.
+
+Server logs, which store information such as, but not limited to, your IP address, your username, an app currently used, error messages and User Agent, are stored for a period of 24 hours after which they are deleted from the server. No backup of log files is created. Logs are kept to prevent brute-force attacks on accounts and to provide quick insight when debugging issues.

@@ -46,0 +61,4 @@
+
+### Git (git.pub.solar)
+
+This service requires login with pub.solar credentials.