For the sake of the connection your IP address will be transmitted, but not saved. While using the website the key and the user-id will be saved temporarily on your computer, but will be removed when leaving the page.
On the server is the encrypted data from your phone. This data contains right now the location, the date, the random user-id(not encrypted), the battery level and the encrypted private key.
The data isn't used for any off-label purpose. It's won't get sold, used for statistics or anything else. The only use case is to provide the user the data to find the phone.
Yes, your data is end to end encrypted.(Except the user-id).
Great you ask.
Your phone creates a key-pair on registration. This key-pair consists of a private key (this one can decrypt and encrypt) and a public key(this one can only decrypt). The private key gets encrypted with the password you select and than send to the server. Now every time your phone sends data it uses the public key to encrypt this data and sends this data to the server.
When you no access the web page and enter your user-id, the user-id will be send to your PC where you decrypt it with your password. Once done you can access the data of the phone.
The password is never stored on the server and only temporarily on your PC.
I (Nulide) am the only who has access to the server. But I can't do something with your data. It's encrypted.
You can mail me at Nulide@tutanota.de
In a future version the server will clean the data automatically or by pressing a button, but this isn't developed yet.