Terms of Service

1. Scope and Applicability

These Terms of Service (“Terms”) govern the use of all SMP relay servers operated by IT and More Systems (“SimpleGo,” “we,” “us,” “our”), a sole proprietorship (Einzelunternehmen) registered in Recklinghausen, North Rhine-Westphalia, Germany.

These Terms apply to all persons and entities (“users,” “you”) who connect to, transmit data through, or otherwise use our SMP relay server infrastructure, whether via clearnet (TLS) or Tor onion service (.onion) endpoints.

By connecting to any SimpleGo SMP relay server, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you do not agree with any part of these Terms, you must not use our relay infrastructure.

These Terms apply exclusively to the SMP relay server infrastructure. Separate terms may apply to other SimpleGo products and services, including hardware devices, the Flash Tool, and the SimpleGo website itself.

2. Service Description

SimpleGo operates public SMP (SimpleX Messaging Protocol) relay servers that function as encrypted message relays. The servers accept, temporarily store, and forward encrypted message packets between SimpleX Protocol clients. This includes, but is not limited to, the SimpleX Chat application, the SimpleGo hardware messaging device, and any other compatible SMP client implementation.

The service is provided free of charge. There is no subscription, no payment, and no premium tier associated with the use of our relay servers. We reserve the right to introduce paid tiers or capacity limits in the future, with reasonable advance notice.

Our servers participate in the decentralized SimpleX relay network. Users are free to choose which relay servers they use and may switch to other servers operated by other parties at any time. No lock-in mechanism exists.

2.1 What Our Servers Do

• Accept incoming encrypted message packets from authenticated SMP clients
• Temporarily store encrypted messages in unidirectional message queues until they are retrieved by the intended recipient
• Forward encrypted messages to connected recipients upon subscription
• Facilitate the SMP handshake and queue creation protocol
• Provide both clearnet (TLS 1.3) and Tor onion v3 (.onion) access endpoints

2.2 What Our Servers Do Not Do

• We do not decrypt, inspect, read, analyze, filter, or modify the content of any messages passing through our infrastructure
• We do not create, maintain, or store user accounts, profiles, or identities of any kind
• We do not log, track, or correlate communication patterns between users
• We do not inject advertisements, tracking pixels, metadata, or any additional data into the message stream
• We do not provide the messages or encryption keys to any third party, government, or law enforcement agency, except as required by valid German court orders and only to the extent technically possible
• We do not operate any content moderation system, as we have no technical ability to access message content

3. Technical Architecture and Encryption

Understanding the technical architecture is essential to understanding these Terms, particularly the sections on data processing and law enforcement. The following description is a simplified but accurate overview of how SimpleX Protocol relay servers operate.

3.1 End-to-End Encryption

All messages transmitted through our servers are encrypted with multiple layers of end-to-end encryption before they reach our infrastructure. The SimpleX Protocol implements up to seven cryptographic layers per message: four application-layer envelopes (Double Ratchet with post-quantum key exchange, per-queue NaCl encryption, server-to-recipient NaCl encryption, and content padding) plus three transport-layer TLS 1.3 sessions. Our servers process messages at the transport layer only and have no access to the inner encryption envelopes.

The encryption keys are generated, stored, and managed exclusively on the users’ devices. At no point do our servers possess, generate, derive, or have access to any decryption keys for message content. This is not a policy choice that could be reversed; it is a fundamental architectural property of the SimpleX Protocol.

3.2 No Persistent Identity

The SimpleX Protocol does not use persistent user identifiers. There are no usernames, phone numbers, email addresses, public keys used as identity, or any other form of persistent user identity. Each message queue is identified by a randomly generated, single-use cryptographic key pair. Our servers cannot determine which queues belong to the same user, which users are communicating with each other, or how many users are using the system.

3.3 Unidirectional Message Queues

Communication in the SimpleX Protocol occurs through pairs of unidirectional message queues. Each queue has exactly one sender and one recipient. The sender’s queue and the recipient’s queue may reside on different servers operated by different parties. No single server can observe both directions of a conversation. This architectural property means that even with full access to all data on our servers, it is not possible to construct a communication graph (who talks to whom).

3.4 Data Visible to Our Servers

In the normal course of operation, our servers may process the following data:

• Encrypted message blobs: Opaque, encrypted data packets that our servers cannot decrypt. All messages are padded to a fixed 16 KB block size, preventing traffic analysis based on message length.
• Queue identifiers: Random cryptographic identifiers for message queues. These cannot be linked to any real-world identity or to each other.
• Connection IP addresses: The IP address of the connecting client is visible at the network level during a TLS connection. This is a fundamental property of TCP/IP networking. See Section 8 for our logging policy. Users connecting via Tor onion services do not expose their IP address to our servers.
• Connection timestamps: The time at which a client connects to or disconnects from our servers.
• Protocol metadata: SMP protocol version, command types (SEND, SUB, ACK, etc.), and queue operation parameters. This metadata is necessary for protocol operation but does not reveal message content or user identity.

4. No User Accounts, No Registration

Our SMP relay servers require no registration, no account creation, and no authentication with user-provided credentials. Access is anonymous by design. The SMP protocol uses per-queue cryptographic keys for authentication, which are generated automatically by the client software and are not linked to any identity.

Because there are no user accounts, we cannot:

• Identify individual users of our service
• Suspend or terminate specific users’ access (we can only block specific queue identifiers or IP address ranges)
• Respond to account-specific data subject access requests under the GDPR, as no account data exists
• Provide user-specific information to law enforcement, as we hold no information that could identify specific users

5. Acceptable Use

Our relay servers are provided as neutral communications infrastructure for lawful purposes. Acceptable uses include, but are not limited to:

• Personal private communications
• Journalistic source protection and confidential reporting
• Legal professional-client privileged communications
• Business confidential communications
• Academic and research communications
• Activism, organizing, and political expression protected under applicable law
• Communications by individuals in regions where free expression is suppressed
• Any other lawful communication purpose

We do not monitor usage patterns and have no technical ability to verify compliance with this section. We rely on users to use the infrastructure responsibly and lawfully.

6. Prohibited Activities

The following activities are strictly prohibited. While we cannot monitor for these activities due to the encryption architecture, violation of these prohibitions constitutes a breach of these Terms and may result in infrastructure-level countermeasures (such as IP blocking or queue deletion) if we become aware of such activities through external reports or legal process.

• Any use that violates applicable local, national, or international law, including but not limited to German criminal law (StGB), European Union regulations, and the laws of your jurisdiction
• Distribution of child sexual abuse material (CSAM) or any content that exploits minors
• Planning, coordinating, or executing terrorist activities or violent extremism
• Distribution of malware, ransomware, or other malicious software
• Conducting or facilitating fraud, money laundering, or financing of criminal activities
• Stalking, harassment, threats of violence, or intimidation
• Unauthorized access to computer systems, networks, or data (hacking)
• Spam, unsolicited bulk messaging, or automated abuse of the relay infrastructure
• Denial-of-service attacks or any attempt to disrupt, overload, or interfere with the operation of our servers or any other party’s infrastructure
• Attempting to exploit vulnerabilities in the SMP protocol implementation, the server software, or the underlying infrastructure
• Using the relay infrastructure to circumvent sanctions, export controls, or other legally binding trade restrictions

We explicitly condemn any use of our infrastructure for illegal purposes. The availability of strong encryption does not imply authorization or encouragement to break the law.

7. Service Availability and Maintenance

We operate our SMP relay servers on a best-effort basis. We strive for high availability but do not guarantee uninterrupted, error-free, or continuous service. Specifically:

• The service may be interrupted for maintenance, upgrades, or security patches without prior notice
• Server hardware or software failures may cause temporary or extended outages
• We may add, remove, or replace server endpoints at any time
• Message queues may be purged after extended periods of inactivity to manage storage resources
• We may implement rate limiting, queue size limits, or other resource management measures to ensure fair access for all users
• We reserve the right to discontinue the service entirely with 30 days’ advance notice published on simplego.dev

Users should configure their SMP clients to use multiple relay servers (including servers operated by other parties) to ensure message delivery in case any single server becomes unavailable. The SimpleX Protocol is designed for exactly this kind of server redundancy.

8. Data Processing and Privacy

A comprehensive Privacy Policy for our SMP relay server infrastructure is available at simplego.dev/legal/privacy/. This section provides a summary.

8.1 Data Minimization by Architecture

Our infrastructure is designed to minimize data collection to the technical minimum required for operation. We do not collect, store, or process any personal data beyond what is strictly necessary for the TCP/IP connection and SMP protocol operation.

8.2 IP Address Logging Policy

By default, our servers do not log IP addresses of connecting clients in any persistent storage. Transient IP address data exists in system memory during active connections as an inherent property of TCP/IP networking. This data is not written to disk and is lost when the connection terminates or the server restarts.

We reserve the right to enable temporary IP logging for specific server endpoints or queue identifiers if compelled to do so by a valid German court order (richterlicher Beschluss). Such logging would be prospective only (from the date of the order forward) and limited to the scope specified in the court order. See Section 9 for details.

8.3 Encrypted Message Storage

Encrypted messages are stored temporarily in message queues until retrieved by the intended recipient. These messages are encrypted and we cannot access their content. Messages are automatically deleted upon successful delivery and acknowledgment, or after a configurable retention period (currently 30 days) for undelivered messages.

8.4 Legal Basis for Data Processing

The limited data processing we perform (transient connection IP addresses, encrypted message queue storage) is based on our legitimate interest in operating communications infrastructure (Art. 6(1)(f) GDPR) and the technical necessity of TCP/IP and SMP protocol operation.

8.5 Tor Users

Users who connect to our servers via Tor onion service (.onion) endpoints do not expose their IP address to our infrastructure. For these users, the only data processed is the encrypted message content and queue metadata, which cannot be linked to any identity.

9. Law Enforcement and Legal Requests

SimpleGo operates under the jurisdiction of the Federal Republic of Germany and fully complies with applicable German and European Union law. We take this obligation seriously and cooperate with lawful requests from authorized German authorities.

9.1 Our Commitment

We will comply with valid legal process issued by competent German courts or authorized German authorities, including but not limited to orders under § 100a StPO (telecommunications surveillance), § 170 TKG (lawful interception obligations), and § 174 TKG (subscriber data requests). We will not voluntarily provide data to any authority without valid legal process.

9.2 What We Can Provide

Due to the technical architecture described in Section 3, the data we can provide in response to lawful requests is extremely limited:

• Encrypted message blobs: We can provide copies of encrypted messages currently stored in queues. These are encrypted with keys we do not possess and cannot be decrypted by us or, in most cases, by the requesting authority.
• Connection IP addresses: Only if we are currently logging IP addresses for the specific endpoint or queue identified in the court order, or if ordered to begin prospective logging. We do not retain historical IP data by default.
• Server configuration and architecture documentation: We will provide technical documentation explaining our server architecture, data processing capabilities, and technical limitations.

9.3 What We Cannot Provide

• Decrypted message content (technically impossible)
• User identities, real names, email addresses, or phone numbers (not collected)
• Communication patterns, contact lists, or social graphs (not generated by the protocol)
• Historical connection data for periods before a logging order was in effect (not retained)
• Data linking specific queues to specific users (protocol does not support this)

9.4 Transparency

German law does not permit US-style gag orders that prevent service providers from disclosing the existence of government requests. We publish a semi-annual Transparency Report documenting the number and type of legal requests received. We also maintain a PGP-signed Warrant Canary. Both are available at simplego.dev/servers/.

9.5 Requests from Foreign Authorities

We do not respond to requests from foreign governments or law enforcement agencies directly. All international requests must be routed through the appropriate mutual legal assistance treaty (MLAT) process and result in a valid German court order before we will process them.

10. Limitation of Liability

To the maximum extent permitted by applicable law:

• SimpleGo shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages arising from or related to the use or inability to use the SMP relay service, including but not limited to damages for loss of data, loss of profits, business interruption, or any other commercial damages or losses.
• SimpleGo shall not be liable for any messages lost, delayed, corrupted, or undelivered during transmission through our relay infrastructure.
• SimpleGo shall not be liable for any unauthorized access to, alteration of, or interception of messages in transit, provided that such access does not result from our gross negligence or willful misconduct.
• SimpleGo shall not be liable for any actions taken by third parties using our relay infrastructure, including any illegal, harmful, or offensive messages sent through our servers.

As the SMP relay service is provided free of charge, liability for slight negligence (einfache Fahrlässigkeit) is excluded to the fullest extent permitted under German law, in accordance with the principles of gratuitous services (§§ 521, 599 BGB). Liability for damages arising from injury to life, body, or health, and liability under the German Product Liability Act (ProdHaftG), remain unaffected.

In no event shall SimpleGo’s total aggregate liability exceed EUR 100 (one hundred euros).

11. Disclaimer of Warranties

The SMP relay service is provided “as is” and “as available,” without warranties of any kind, express or implied. To the maximum extent permitted by applicable law, SimpleGo disclaims all warranties, including but not limited to:

• Any implied warranty of merchantability, fitness for a particular purpose, or non-infringement
• Any warranty that the service will be uninterrupted, timely, secure, or error-free
• Any warranty that messages will be delivered successfully, in order, or within any specific timeframe
• Any warranty regarding the security, reliability, or performance of the underlying SMP protocol, the server software, or the network infrastructure
• Any warranty that the service will meet your specific requirements or expectations

While the SimpleX Protocol has undergone a cryptographic design review by Trail of Bits (July 2024) and the SimpleGo C implementation has been verified against the official Haskell reference implementation, neither the protocol nor our implementation has received a formal independent security audit of the production relay server deployment. Users requiring formally audited communications infrastructure should evaluate this limitation.

12. Indemnification

You agree to indemnify, defend, and hold harmless SimpleGo, its operator, and its contributors from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from or related to:

• Your use of the SMP relay service
• Your violation of these Terms
• Your violation of any applicable law or regulation
• Any content transmitted through our relay infrastructure using your client software
• Any dispute between you and any third party relating to your use of the service

13. Intellectual Property

The SMP relay server software is based on the open-source SimpleX Messaging Protocol and server implementations. The SimpleGo project’s own software contributions are licensed under the GNU General Public License v3.0 (GPL-3.0). Hardware designs are licensed under CERN-OHL-W-2.0.

SimpleGo is an independent project. The SimpleX name and protocol specifications are used for interoperability purposes only. SimpleGo is not affiliated with, endorsed by, or connected to SimpleX Chat Ltd. or the SimpleX Network Foundation.

The SimpleGo name, logo, and branding are trademarks of IT and More Systems. Use of these marks without written permission is prohibited.

14. Tor Onion Services

SimpleGo operates Tor onion v3 (.onion) endpoints for its SMP relay servers to provide enhanced connection privacy. These endpoints route traffic through the Tor network, which conceals the user’s IP address from our servers.

Operating .onion service endpoints is legal under German and European Union law. The .onion endpoints provide identical SMP relay functionality to the clearnet endpoints. All other provisions of these Terms apply equally to connections made via Tor.

Users should be aware that while Tor conceals their IP address from our servers, it does not change the encryption properties of the SMP protocol. Messages are encrypted regardless of the transport method used. Tor adds an additional layer of connection-level privacy, not an additional layer of message encryption.

15. Modifications to These Terms

We reserve the right to modify these Terms at any time. Modifications will be published at this URL (simplego.dev/legal/tos/) with an updated effective date and version number. Material changes will be announced on the SimpleGo website and, where possible, through the SimpleGo GitHub repository.

Continued use of the SMP relay service after the publication of modified Terms constitutes acceptance of the modifications. If you disagree with the modified Terms, you must stop using our relay servers and configure your SMP client to use alternative relay infrastructure.

The current and all previous versions of these Terms will be maintained in the SimpleGo GitHub repository for full transparency and auditability.

16. Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent, or shall be replaced by a valid provision that most closely reflects the original intent.

17. Governing Law and Jurisdiction

These Terms shall be governed by and construed in accordance with the laws of the Federal Republic of Germany, excluding the United Nations Convention on Contracts for the International Sale of Goods (CISG) and any conflict-of-law provisions that would result in the application of another jurisdiction’s laws.

The exclusive place of jurisdiction for all disputes arising from or in connection with these Terms is Recklinghausen, Germany, to the extent permitted by law. Mandatory statutory provisions regarding the place of jurisdiction for consumers remain unaffected.

The European Commission provides an Online Dispute Resolution (ODR) platform at https://ec.europa.eu/consumers/odr/. We are neither obligated nor willing to participate in dispute resolution proceedings before a consumer arbitration board.

18. Contact Information

Operator:
IT and More Systems
Sascha Dämgen
Am Neumarkt 22
45663 Recklinghausen
Germany / EU

Email: legal@simplego.dev
Website: simplego.dev
GitHub: github.com/saschadaemgen/SimpleGo

Competent supervisory authority for data protection:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Postfach 20 04 44, 40102 Düsseldorf, Germany