PRIVACY POLICY
As of February 4, 2026
1. Introduction
1.1 This Privacy Policy describes how we handle data generated by clients or users connecting to our free cloud MQTT broker (the "Service"), which utilizes the ThingsBoard MQTT Broker (TBMQ) technology. Due to the open and testing-oriented nature of this Service, user privacy expectations should be limited.
2. Data We Collect
2.1 To facilitate MQTT messaging functionality, the Service automatically collects and processes without limitation the following technical data when you connect:
(a) Connection Metadata: IP address, Client ID, Protocol Version (e.g., MQTT 3.1.1, 5.0), Keep-Alive settings, and Clean Session flags.
(b) Message Content: Topic names and Message Payloads (the actual data body) sent to the broker.
(c) Authentication Data: If you choose to provide a username or password (even if not required), this string is transmitted to our server.
(d) Session Data: If you connect with Clean Session = false, the Service stores your subscription preferences and undelivered messages to support persistent sessions.
(e) Personal data: Your username (nickname), password or other data you upload via the user interface or in another way to the Service.
3. Public Nature of Data
3.1 IMPORTANT: This is a public test instance.
3.2 Unless you implement payload encryption at the application level (before sending), assume that any user connected to this broker can subscribe to your topics (including via wildcard #) and view your messages.
3.3 You strictly agree not to publish Personally Identifiable Information (PII), financial data, passwords, or critical infrastructure secrets to this broker.
4. How We Use Your Data
4.1 We use the collected data solely for the operation of the Service and its improvements:
(a) Message Routing: Processing topics and payloads to deliver messages to subscribed clients.
(b) Service Stability: Analyzing connection logs (IPs and Client IDs) to detect abuse, unauthorized stress testing, or Denial of Service (DoS) attacks.
(c) Debugging: Temporary retention of logs to troubleshoot TBMQ performance issues.
(d) User experience improvements: By analyzing your behaviour, we can adjust the Service user interface to be more comfortable and easier to use.
5. Data Retention
5.1 Standard MQTT messages are processed in a queue and discarded immediately after delivery to active subscribers.
5.2 If you send a message with the Retained flag set to true, the Service stores this payload in our database. It remains there until overwritten by a new retained message or until the Service performs a system-wide reset/wipe.
5.3 Connection logs and system metrics are retained for a limited period (typically less than 30 days) for security and maintenance analysis, after which they are deleted.
6. Data Security
6.1 While TBMQ includes robust security features, this specific Service is configured as a public sandbox. We generally do not enforce encryption between your client and the broker unless you specifically connect via a designated SSL/TLS port.
6.2 We cannot guarantee the security of data stored in persistent sessions or retained topics against malicious actors or system breaches.
7. Third-Party Sharing
7.1 By no means, we sell your data. Data is not shared with third parties, except the Cloud infrastructure providers who host the physical servers/containers.
7.2 If compelled by law enforcement or legal process, we can share your data.
8. Changes to this Policy
8.1 We may update this Privacy Policy at any time. Continued use of the Service after changes implies consent to the updated terms.
9. Contact
9.1 If you have questions about how TBMQ processes your data in this instance, please contact: [email protected].