This service, under the sub-domain "humhub.wuermkanal.de", is run at the very data-saving shared hosting provider "Uberspace.de". The site can only be reached via secure connection (HTTPS) and uses modern connection encryption with a certificate from Let's Encrypt. No third-party services (e.g., Google Analytics) are integrated and only "normal" session cookies are set so that the login works.
Access is only possible after registration and login; registration is by invitation only. As a result, search engines cannot find anything either.
However, as an administrator I have access to all data. This is especially true if I am not a member of a private group. The data is not encrypted on the server and can therefore theoretically be viewed by the administrators of Uberspace.de and the data center. Truth is, this is almost always the case.
What other users can see
Apart from the name and, potentially, the profile picture, other registered users can only see personal data (e.g., the email address), if these were entered by the users themselves in their profiles.
Humhub will send a daily summary to the internally known email address if there is news. This setting can also be changed or removed.
Access logs are actually always stored on a web server. All browsers automatically transmit these data:
These data as such cannot be assigned to specific persons. However, complete IP addresses are (rightly) considered "personal data." My hoster therefore does not save the hostnames/IP addresses completely, but in abbreviated form.
It is not possible to combine these data with other data sources because the latter do not exist.