Valid XHTML 1.0 Strict Valid CSS Level 3
The AlphaChat IRC Network
The first name in chat

AlphaChat IRC Network Privacy Policy

Effective date of the commencement of this Privacy Policy: 2018-05-25


  • Initial version (2018-05-21)
  • Add password hashing scheme; PBKDF2 (no policy changes) (2019-03-22)
  • Update password hashing scheme; PBKDF2 in SCRAM mode now (no policy changes) (2020-02-24)

This document lays out the information that the AlphaChat IRC Network (hereinafter referred to as "this network") collects, how that information is used (and what for), and how to view, correct or remove this information.

Types Of Information Collected

This network collects both personal and non-personal information from its users. Personal information is information that could be used to identify you (whether by itself or in combination with other information). Non-personal information is all other information. Information that is voluntary (i.e. you can choose whether or not to divulge it) is denoted by an asterisk (*). Note that having a services account is not required to use this network (but it may be required for some channels, subject to the whims of the founders and operators of those channels, and it may be required for some forms of network access, such as via the Tor Hidden Service).

Personal information collected:

  • Nicknames [1]
  • Host Names and IP Addresses
  • E-mail Addresses *
  • User Names [2] *
  • Real Names [3] *
  • Services Account Passwords [4] *
  • Services Account Virtual Hosts ("vHosts") *
  • Services Account Memos [5] *

Non-personal information collected:

  • The date and time you connect to and disconnect from the network
  • The date and time your services account (if any *) was registered
  • The date and time your services account (if any *) was last used
  • The date and time your services vHost (if any *) was assigned or removed
  • Any channels or groups your services account (if any *) has access to

How Your Information Is Used (And What For)

Nicknames are used to tell clients on the network apart, to properly route private messages, and are displayed in your /WHOIS output.

Host Names are used to enforce bans (both network bans ("K-Lines") and channel bans).

IP Addresses are used to enforce bans (both network bans and channel bans), to check against DNS Block Lists at connection time, to scan for open proxies at connection time, and to enforce session limits (maximum simultaneous number of permitted connections to this network from the same host). Note that when you connect to this network, your IP address will be sent to various providers of DNS Block Lists to check whether any other IRC networks have sufferred abuse from the address or whether a machine using that address has been compromised (e.g. become part of a botnet or is running an abuseable open proxy). If you do not consent to this check, you must not connect to this network, as there is no way to opt out of it; it is necessary for us to prevent large scale abuse of this network. This is the only information that we share with third parties.

E-mail Addresses are used during services account registration (to confirm your E-mail address), to enable your password to be reset should you forget it, to enable important information to be delivered to you by network staff (such as a data breach notification, or a new password should it become necessary for us to change it on your behalf), and to have copies of any memos sent to you to be delivered to your e-mail inbox (opt-in).

User Names are used to tell multiple clients behind the same address apart for the purposes of banning one of them (from either the network or individual channels), and are displayed in your /WHOIS output.

Real Names are used to enforce bans (both network bans and channel bans), and are displayed in your /WHOIS output. It is recommended that you not provide this information if you do not wish for this to be visible to other people.

Services Accounts are used to provide you with a persistent identity, to retain your access to channels and groups (and to enable you to register channels and groups), and to prevent others from using your identity.

How To View, Correct Or Remove Your Information

The only information we hold about you of a non-transitory nature is the information related to your services account (if any). All of this information (minus your services password and its hash) can be viewed with the following commands:

  • /msg NickServ CERT LIST -- to view your certificate fingerprints
  • /msg NickServ INFO -- to view basic account information
  • /msg NickServ LISTCHANS -- to view the channels you have access to
  • /msg NickServ LISTGROUPS -- to view the groups you have access to
  • /msg NickServ LISTOWNMAIL -- to view the registrations using your e-mail address
  • /msg NickServ TAXONOMY -- to view other miscellaneous metadata
  • /msg MemoServ LIST -- to view your memos

Any information we hold about you that is inaccurate or out of date can be rectified through use of the NickServ SET command. For example:

  • /msg NickServ SET EMAIL
  • /msg NickServ SET PASSWORD bugF1G9tV0hoYo8Q

If you wish for us to permanently remove all information associated with your services account, you can drop the account with the NickServ DROP command. Note that this command will need to be confirmed (you will receive instructions). Usage:

  • /msg NickServ DROP myaccountname

If you have any further inquiries, please use /msg NickServ HELP COMMANDS and /msg NickServ HELP SET; or /join #help; or email

Data Retention

Services Accounts will expire if they are unused (not logged into) for 90 days. However, the services database is backed up every night, and those backups are kept for 30 days. Thus, the maximum amount of time that your information will be retained is 120 days after you stop using your account, or 30 days after you drop your account (see above), whichever is sooner.

Information Shared With Third Parties

The only information we share with third parties is your IP address (in accordance with the conditions as described above). We will never share any other information, including your e-mail address (for any purpose); nor will we use or share your IP address for a purpose other than as described above.

[1] As provided by your IRC client, e.g. nickname!username@hostname [realname]

    If you use our WebChat, this is the nickname you fill out on the connection details page

[2] As provided by your IRC client, e.g. nickname!username@hostname [realname]

    If you use our WebChat, the username is a fixed non-configurable string "acwebchat"

[3] As provided by your IRC client, e.g. nickname!username@hostname [realname]

    If you use our WebChat, the realname is a fixed link back to the webchat webpage

[4] This is never visible to network staff (or anyone else other than you). It is strongly hashed at the point that it is supplied (during registration or when setting a new account password) or validated (during login). For our more technically-minded users, our password hashing scheme is as follows:

    Salt = CSPRNG(32)
    Iterations = 64000
    SaltedPassword = PBKDF2(PRF=HMAC-SHA2-256, password=<Password>, salt=<Salt>, c=<Iterations>, dkLen=32)
    ServerKey = HMAC-SHA2-256(SaltedPassword, "Server Key")
    ClientKey = HMAC-SHA2-256(SaltedPassword, "Client Key")
    StoredKey = SHA2-256(ClientKey)

    Store(Iterations + Salt + ServerKey + StoredKey) -> Database

    This is, in effect, SCRAM (RFC 5802), with SHA2-256 as the underlying digest algorithm (RFC 7677).

[5] If you send a memo to someone, it will be stored in the services database for them to retrieve later. If someone sends a memo to you, likewise; however, you can opt out of receiving memos with the /msg NickServ SET NOMEMO ON command. If you have not opted out of receiving memos, and you have opted in to receive them by email with the /msg NickServ SET EMAILMEMOS ON command, a copy of any memos you receive will be sent to you by e-mail; but the memo will still exist in the services database for future reference, until you delete it.