For the sake of the connection your ip address will be transmitted, but not saved. While using the website the key and the userid will be saved temporarly on your computer, but will be removed when leaving the page.
On the server is the encrypted data from your phone. This data contains right now the location, the date, the random user-id(not encrypted), the battery level and the encrypted private key.
The data isn't used for any off-label purpose. It's won't get sold, used for statistics or anything else. The only usecase is to provide the user the data to find the phone.
Yes, your data is end to end encrypted.(Except the userid).
Great you ask.
Your phone creates a keypair on registration. This keypair consists of a privatekey(this one can decrypt and encrypt) and a public key(this one can only decrypt). The privatekey gets encrypted with the passowrd you select and than send to the server. Now everytime your phone sends data it uses the public key to encrypt this data and sends this data to the server.
When you no access the webpage and enter your userid, the userid will be send to your pc where you decrypt it with your password. Once done you can access the data of the phone.
The password is never stored on the server and only temporarly on your pc.
I(Nulide) am the only who has access to the server. But i can't do something with your data. It's encrypted.
You can mail me at Nulide@tutanota.de
In a fututre version the server will clean the data automatically or by pressing a button, but this isn't developed yet.