@bobhaugen, I am not personally in the fediverse just yet. My friend dansup is developing pixelfed which is like a federated Instagram. The federation features are not quite implemented yet, but when they are I suppose I'll be ansuz@pixelfed.social.

CryptPad does have an official account which has mostly been run by my colleague @cjd so far. It's available here.

RE: GDPR compliance, as far as I know we're pretty close to full compliance. We collect very little information, and inform users about what information we have. The company which employs me to develop CryptPad (XWiki) employs a DPO (Data Protection Officer) who is responsible for responding to any queries about how user information is handled.

We've taken some pretty extreme measures to protect information other service providers wouldn't consider sensitive. We don't ever have access to usernames or passwords, since they are only used clientside to derive the necessary keys for encrypting your Drive (and some other very technical things that I'll avoid getting into).

At the end of August I'll be presenting a paper about our architecture at DocEng 2018. I can see about digging up one of our drafts for anyone who's interested in the specifics about how things work, and what data is available to the server.