Privacy is important, and we want you to understand the issues involved. We have decided to use plain English as much as possible, to make our terms as clear as possible.
When you read 'the integration manager' below, it refers to the integration managers made available by Element (a trading name of New Vector Ltd.), which provide bots, bridges, widgets and sticker packs to Matrix users. Element hosts several integration manager instances - today these include:
This agreement covers all of these instances, and any others that we may choose to provide on https://vector.im or any subdomain (https://*.vector.im). We might change which instances we run, and how they are accessed, at any time.
Where you read Element, we or us below, it refers to the company created in July 2017 to hire the Matrix core team and support Matrix's development: New Vector Ltd., its French subsidiary: New Vector SARL, and their agents. Element is trading name of New Vector.
This service is provided by Element. Element is the Data Controller for this service.
This agreement does not apply to integration managers run by anybody else. Matrix is an open network like the Web and this agreement only applies to the integration manager provided by Element
New Vector uses an integration manager to give you access to additional connected services such as bots, bridges, widgets and sticker packs. This document details how your data is processed when you make use of these connected services.
This is a living document. With your help, we want to make our policy documents the best in the industry.
If you read something that rubs you the wrong way, or if you think of something that should be added, please get in touch! We're all ears! Email [email protected] and we'll chat.
We don't amend this document for any specific users or use case, but if your proposed changes apply to all of our users, we'll be happy to update it for everyone. Scroll to the bottom to see the history so far.
We will likely improve this document over time. By continuing to use the Service, you will implicitly accept the changes we make.
Your access and use of the Service is always subject to the most current version of this document.
A Matrix integration manager connects additional services into the Matrix ecosystem, such as bots, bridges widgets, and sticker packs. Integration managers can provide services for free, in exchange for payment, or a mixture of both.
A Matrix integration manager is usually closely coupled with a particular Matrix homeserver. Usually, bots and bridges are connected directly to this homeserver, and, if that homeserver is federated, exposed to the wider Matrix network over federation.
A Matrix client may use one or many integration managers, or no integration manager at all. This choice might be exposed to you as the user, or it might be made on your behalf by the client vendor or administrator.
Some integration managers support delegating some or all functionality to other integration managers.
The integration manager architecture is very flexible, so it is possible for an integration manager to provide services outside of the mechanisms described above. You should always consult your chosen integration manager's privacy policy for the specific details.
A bot appears like Matrix user, but it is programmed to respond or take actions automatically. A bot might provide functionality directly, or through connecting to an external service.
A bridge connects Matrix to a third-party service. Different bridges have different capabilities (based on the features offered by the third-party service and the implementation of the bridge). Usually, a bridge will connect a Matrix room to a room or channel on a third party service, allowing users on both sides of the bridge to see the same messages and communicate with one another.
Some bridges support a feature called puppeting. Puppeting allows a bridge to use your real account on another service to send messages as if you were using that service directly. Some bridges (such as the New Vector-run IRC bridges) will do this automatically, where other bridges require further manual steps to link an account.
Bridges which do not support puppeting, or do not have it enabled will post your messages from a bot user on the remote server which may or may not use your displayname and avatar.
A widget is a small web application that can be attached to a Matrix room and shared with the other users in that room.
A sticker pack is a set of images grouped together in a bundle. Ownership of a sticker pack means that you can choose a sticker from that bundle and send it as a message into a room using the sticker picker.
Some sticker packs are free, others can be purchased through the integration manager.
Stickers are selected to send using a sticker picker, which is itself a widget provided by the integrations manager.
Your data is processed under Legitimate Interest. This means that we process your data only as necessary to deliver the Service, and in a manner that you understand and expect.
The Legitimate Interest of the Service is the ability to make use of additional services connected into the Matrix ecosystem. The processing of user data we undertake is necessary to provide the Service. This facility is an optional component of the services provided by Element - Matrix works very well without an integration manager.
We are working on bots' and bridges' exposing uniform support for erasure of configuration data. Until this is in place, data is erased manually. If you deactivate your account on the matrix.org homeserver we will within 30 days run a manual erasure process to delete your data from Element-provided bots and bridges. If you have an account on a different homeserver, or if you would like to erase your data on a subset of bots/bridges or without deactivating your account, please get in touch with [email protected].
Under GDPR you have a right to request a copy of your data in a commonly-accepted format. If you would like a copy of your data from the integration manager, please send a request over Matrix to [email protected].
You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. Some of these rights are explored in more detail elsewhere in this document. For completeness, your rights under GDPR are:
For more details about these rights, please see the guidance provided by the ICO. If you have any questions or are unsure how to exercise your rights, please contact us at [email protected].
The information we collect is purely for the purpose of letting people use bots, bridges, widgets and sticker packs within the federated Matrix ecosystem. We do not profile users or their data on the Service.
Data required to support the operation of bots, bridges, widgets and sticker packs via the New Vector integration manager may be collected across four different service layers. Use of the Element integration manager may cause your personal data to be persisted to:
The precise details will vary depending on the implementation and feature set of your chosen integration, but the following is designed to illustrate the persistence of personal data in some representative common cases:
Integration: Bot
Integration: Bridge
Integration: Widget
Integration: Sticker pack
We collect (within the integration manager and the configuration metadata for the New Vector-run bots and bridges) information about you when you configure bots, bridges, widgets or sticker packs using the New Vector integration manager.
Bots
Bridges
Widgets
Sticker packs
Bots
All unencrypted events in rooms in which a Element-managed bot is participating are theoretically visible to New Vector.
Bots log activity, including in some cases user-sent message text, as part of standard service operation. These logs are held for not longer than 14 days.
Bridges
All traffic sent via the bridges is visible to Element, and may be logged as part of standard service operation. These logs are held for not longer than 14 days.
Widgets
All data shared with widgets hosted by Element is visible to Element. All data shared with widgets hosted by third party providers is visible to the third party provider and subject to their Privacy policy.
Sticker pack
If you are using the Element sticker picker, Element can see which sticker packs you have enabled on your account.
In addition to the information you provide, the integration manager also logs your IP address and user agent. This data is used in order to mitigate abuse, debug operational issues, and monitor traffic patterns. These logs are held for not longer than 60 days.
IP addresses and user agent are logged by the integration manager when you configure a bot or bridge.
Many bots and bridges exist to share data with connected third party services. The nature of the data shared depends on the features, implementation and policies of the third party provider.
No.
In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to
(a) comply with any applicable law, regulation, legal process or governmental request,
(b) protect the security or integrity of our products and services (e.g. for a security audit),
(c) protect Element, The Matrix.org Foundation, and our users from harm or illegal activities, or
(d) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the serious bodily harm of any person.
We never knowingly collect or maintain information in the Service from those we know are under 16, and no part of the Service is structured to attract anyone under 16. If you are under 16, please do not use the Service.
We are in the process of improving our tooling to access information supplied to the integration manager. For the time being, if you would like access to this data, please submit a request to [email protected] and we'll provide manual assistance.
Integration manager setup configuration metadata and bot/bridge configuration data are stored in Element databases. Element employees and agents can access this data, subject to the Element data access guidelines detailed below.
We host the majority of the Service in UpCloud data centres. Here's UpCloud's privacy policy.
UpCloud controls physical access to their locations. We use Cloudflare to mitigate the risk of DDoS attacks. Here's Cloudflare's privacy policy.
Physical access to our offices and locations use typical physical access restrictions.We use secure private keys when accessing servers via SSH, and protect our AWS console passwords locally with a password management tool.We log application data (caller IP and user agent). We keep logs for no longer than 60 days.
In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are acquired by a third party, personal data held by us about our users will be one of the transferred assets.
All of our users' data for the Service currently resides in the same database cluster which is due to the nature of our Service. We use software best practices to guarantee that only people who you designate as viewers of your data can access it. In other words, we segment our user data via software. We do our best and are very confident we're doing a good job at it, but, like every other service that hosts their user data on the same database, we cannot guarantee that it is immune to a sophisticated attack.
If you have discovered a security concern, please follow the Matrix.org Security Disclosure Policy.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention at [email protected] if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you want to make a complaint about the way we have processed your personal information to the supervisory authority, you can contact the ICO (the statutory body which oversees data protection law) at https://www.ico.org.uk/concerns.
A note to other startups: this document was heavily inspired by Balsamiq's plain English ToS document. We were impressed by their championing of plain English, and wanted to reproduce that as much as possible in our own legal documentation. Feel free to draw similar inspiration from this document, though be sure to get any documents you produce checked over by a lawyer. Good luck!