Matrix server privacy notice

1. Introduction

1.1 English, Not Legalese

Most Privacy Policy documents are unreadable. They are written by lawyers and for lawyers, and in our opinion are not very effective.

Data protection and privacy are important, and we want you to understand the issues involved. For that reason we decided to use plain English instead as much as possible, to make our terms as clear as possible.

When you read 'the homeserver' or 'the Service' below, it refers to the services made available at which store your account and personal conversation history, and communicate via the open Matrix decentralised communication protocol with the public Matrix Network.

The public Matrix Network is a decentralised and openly federated communication network. This means that user messages are replicated on each participant's server and messages posted to a room are visible to all participants including in some cases any new joiners. This is further explained at 2.3.

Where you read "we", it refers to the private person who maintains the system as a hobby.

This privacy notice is based on the homeserver privacy notice, because the service we provide is very similar to the homeserver.

Should you have other questions or concerns about this document, please send us an email at

1.2 This Is a Living Document

We will likely improve this document over time. By continuing to use the Service, you will implicitly accept the changes we make.

Your access and use of the Service is always subject to the most current version of this document.

2. Access to Your Data / Privacy Policy

2.1 What is the legal basis for processing my data and how does this affect my rights under GDPR (General Data Protection Regulation)? processes your data under a Legitimate Interest basis of processing, to provide our Service to you in an efficient and secure manner and to ensure legal compliance. Essentially, this means that we process your data only as necessary to deliver the Service and for internal administration purposes, and in a manner that you understand and expect.

We process your information for the purposes of providing our decentralised, openly-federated and end-to-end encrypted communication Service.

The nature of the Service and its implementation results in some caveats concerning this processing, particularly in terms of GDPR Article 17 Right to Erasure (Right to be Forgotten).

You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. Some of these rights are explored in more detail elsewhere in this document. For completeness, your rights under GDPR are:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

You can request that we forget your copy of messages and files by instructing us to deactivate your account (using a Matrix client such as the Element chat app) and selecting the option instructing us to forget your messages. What happens next depends on who else had access to the messages and files you had shared. Due to the nature of the Matrix Synapse homeserver implementation we may not be able to delete all you messages, if this is not acceptable to you then do not use the service.

Any messages or files that were only accessible by your account will be deleted from our servers within 90 days.

Where you shared messages or files with another registered Matrix user, that user will still have access to their copy of those messages or files. Apart from state events (see below), these messages and files will not be shared with any unregistered or new users who view the room after we have processed your request to be forgotten.

State events are processed differently to non-state events. State events are used by the Service to record, amongst other things, your membership in a room, the configuration of room settings, your changing of another user's power level and your banning a user from a room. Were we to erase these state events from a room entirely, it would be very damaging to other users' experience of the room, causing banned users to become unbanned, revoking legitimate administrator privileges, etc. We therefore share state events sent by your account with all non-essential data removed ('redacted'), even after we have processed your request to be forgotten. This means that your username will continue to be publicly associated with rooms in which you have participated, even after we have processed your request to be forgotten. If this is not acceptable to you, do not use the Service.

Under GDPR you have a right to request a copy of your data in a commonly-accepted format. If you would like a copy of your data, please send a request over Matrix to Due to the nature of the Matrix Synapse homeserver implementation we may not be able to provide you with all your data, if this is not acceptable to you then do not use the service.

2.2 What Information Do You Collect About Me and Why?

The information we collect is purely for the purpose of providing your communication service via Matrix. We do not profile users or their data on the Service.

Be aware that while we do not profile users on the Service, third party Matrix clients may gather usage data. The Element app (the Matrix client provided by Element) optionally gathers opt-in anonymised usage data in order to improve the app. For more details on how your data is processed by Element, please review its privacy policy.

We collect information about you when you input it into the Service or otherwise provide it directly to us.

We collect information about you when you register for an account. This information is kept to a minimum on purpose, and is restricted to:

Your username and password is used to authenticate your access to the Service and to uniquely identify you within the Service.

Your password is stored until you change it or your account is deactivated (see 2.5 for details on how passwords are handled securely). Your username is stored indefinitely to avoid account recycling.

Your email address is used for the purposes of password resets.

Note that the Google reCAPTCHA required for registration may transfer some data to Google when you register for an account. This is outside of of our control. You can read more about reCAPTCHA at

We store and distribute the messages and files you share using the Service (and across the wider Matrix ecosystem via federation) as described by the Matrix protocol and according to the access rules configured within the system. Storing and sharing this content is the reason the Service exists.

This content includes any information about yourself that you choose to share.

Each device you use to access the Service is allocated a (user-configurable) identifier. When you access the Service, we record the device identifier, the IP address it used to connect, user agent, and the time at which it last connected to the service.

This information is gathered to help you to manage your devices - you can view and manage the list of devices by connecting to the Service with a Matrix client such as the Element app.

Currently, we log the IP addresses of everyone who accesses the Service. This data is used in order to mitigate abuse, debug operational issues, and monitor traffic patterns. Our logs are kept for not longer than 360 days.

2.3 What Information is Shared With Third Parties and Why?

In addition, the homeserver is a decentralised and open service. This means that, to support communication between users on different homeservers or different messaging platforms, your username, display name and messages and files are sometimes shared with other services that are connected with the homeserver.

Matrix homeservers share user data with the wider ecosystem over federation.

Access control settings are shared between homeservers, as well as any requests to remove messages by "redactions", or remove personal data under GDPR Article 17 Right to Erasure (Right to be Forgotten). Federated homeservers and Matrix clients which respect the Matrix protocol are expected to honour these controls and redaction/erasure requests, but other federated homeservers are outside of the span of control of, and we cannot guarantee how this data will be processed. Federated homeservers can also be located in any territory, and will be subject to the local regulations of that territory.

Some Matrix rooms are bridged to third-party services, such as IRC networks, Twitter or email. When a room has been bridged, your username, display name, messages and file transfers may be duplicated on the bridged service where supported.

Access control settings, requests to remove messages by "redactions" or remove personal data under GDPR Article 17 Right to Erasure (Right to be Forgotten) are shared to bridging services, which are expected to honour them to the best of their ability. Be aware that not all bridged networks or bridges support the necessary technical capabilities to limit, remove or erase messages. If this is not acceptable to you, do not use bridged rooms.

If you use our Service your data will be transferred outside of the EU to other homeservers and services connected with as this is necessary to provide the Service to you. By the very nature of our Service, such transfers will occur regularly and we have no control over the safeguards adopted by third party recipients.

2.4 Sharing Data in Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights

In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request.

2.5 How Do You Handle Passwords?

We never store password data in plain text; instead they are stored hashed (with at least 4096 rounds of bcrypt, including both a salt and a server-side pepper secret). Passwords sent to the server are encrypted using SSL.

It is your sole responsibility to keep your user name, password and other sensitive information confidential.

If you become aware of any unauthorised use of your account or any other breach of security, you must notify by sending an email to Suspicious devices can be deleted using the User Settings management tools in a Matrix client such as Element, and users should manage good password hygiene (e.g. using a password manager) and change their password if they believe their account is compromised.

If you forget your password (and you have registered an email address) you can use the password reset facility to reset it.

You can manage your account by using a Matrix client such as Element.

2.6 Our Commitment to Children's Privacy

We never knowingly collect or maintain information in the Service from those we know are under 16, and no part of the Service is structured to attract anyone under 16. However, due to the nature of the service we can not prevent people from under the age of 16 from using the service.

2.7 How Can I Access or Correct My Information?

You can access all that we collect about you by using any compatible Matrix client (such as Element) and managing your User Settings.

2.8 Who Can See My Messages and Files?

In unencrypted and encrypted rooms, users connecting to the homeserver (directly or over federation) will be able to see messages and files according to the access permissions configuration of the relevant room. This data is stored in the format it was received on our servers.

In encrypted rooms, the data is stored in our databases but the encryption keys are stored only on your devices or by yourself. Users can optionally backup an encrypted copy of their keys on the Service to aid recovery if they lose all their keys and devices. This key backup is encrypted by a recovery key that only the user has access to. This means that nobody, even Element engineers (employees and contractors) can see your message content in our database, and if you lose access to your encryption keys you lose access to your messages forever.

We use HTTPS to transfer all data.

2.9 What Are the Guidelines Follows When Accessing My Data?

2.10 Who Else Has Access to My Data? is hosted on a dedicated server rented from Worldstream in a datacenter located in Netherlands. Worldstream controls physical access to their datacenter.

We log application data (username, user IP and user agent). We keep logs for no longer than 360 days.

2.11 What happens if closes its service?

In the event of closing its service, all user data will be promptly deleted.

2.12 How Is My Data Protected from Another User's Data?

All of our users' data for the Service currently resides in the same database which is due to the nature of our Service. We use software best practices to guarantee that only people who you designate as viewers of your data can access it. In other words, we segment our user data via software. We do our best and are very confident we're doing a good job at it, but, like every other service that hosts their user data on the same database, we cannot guarantee that it is immune to a sophisticated attack.

2.13 What Should I Do If I Find a Security Vulnerability in the Service?

Please promptly send an email to where you describe your findings.

Please act in good faith towards our users' privacy and data during your disclosure. White hat security researchers are always appreciated.