Guidelines for Law Enforcement
Last updated: February 24, 2022
These guidelines are intended for law enforcement authorities seeking information about Rocket.Chat accounts. More general information is available in our Privacy Policy and Terms of Service.
Important Highlight from the page below
All requests for user account information must specify the server URL (e.g. https://open.rocket.chat) where the user in question is registered. Requests without the server URL will be rejected.
What is Rocket.Chat?
Rocket.Chat is a free and open source team chat collaboration platform that allows users to communicate securely in real-time on web, desktop or mobile and to customize their interface with a range of plugins, themes and integrations with other key software. Anyone in the world can download and run a Rocket.Chat server at any time.
As a platform, Rocket.Chat can be deployed various ways. The interaction on the platform between users happens via user accounts.
Deployment options
In short, there are three relevant deployment options of Rocket.Chat, that affect the process for requesting information:
servers hosted by us (Rocket.Chat Technologies Corp.) and managed by us directly (such as our community servers)
servers hosted by us, but managed by a customer (our hosted offering)
servers hosted by a third party (private servers)
The third option - private server - is the most common one.
For clarification purposes: a server, on which Rocket.Chat is running, **** can contain various instances of Rocket.Chat, depending on the configuration. An instance of Rocket.Chat is each a unique community of users communicating with each other. In the following, we refer to servers, that run whichever number of Rocket.Chat instances (1 or more).
How can you find out, which deployment is being used?
We offer a lookup, which checks if the server is hosted by us (options 1 and 2) or not (option 3). Please check here for the lookup form.
Servers under control of Rocket.Chat
For total transparency, Rocket.Chat Technologies Corp. owns and operates only one publicly available Rocket.Chat server in the world. The server that Rocket.Chat Technologies Corp. operates can only be accessed at:
That server is subject to our Code of Conduct.
Any other Rocket.Chat server you access is not operated by Rocket.Chat Technologies Corp. and is subjected to the usage warning above.
That said, Rocket.Chat Technologies Corp. provides a cloud service for hosting Rocket.Chat servers. The user data, messages, and files on those servers are subject to our Terms of Use.
To know if a server belongs to Rocket.Chat cloud, please contact us, use the aforementioned server lookup or use domain information systems.
Community Server
When someone registers an account at our community server, hosted at https://open.rocket.chat, we ask for a name, an e-mail and a password, and they have to verify their e-mail address. Rocket.Chat does not monitor any public or private channels activities other than for the company's own use, such as the #general, #support and #dev public channels.
We do not keep a log of IPs.
Rocket.Chat Cloud
When someone signs up for a Rocket.Chat Cloud server, we ask for a name, e-mail, workspace name and domain they'd like to use. The e-mail is then verified before the server is deployed. Every message and file sent is stored within Rocket.Chat cloud servers and databases are hosted with a third-party hosting provider. Rocket.Chat does not actively scan the content activity in Cloud servers.
Private Servers
You need to be aware that any private Rocket.Chat server may be operated by arbitrary businesses, groups or individuals with no relationship to Rocket.Chat Technologies Corp. In particular:
Rocket.Chat Technologies Corp. do not have access to these servers.
Rocket.Chat Technologies Corp. does not and cannot control or regulate how these servers are operated.
Rocket.Chat Technologies Corp. cannot access, determine or regulate any contents or information flow on these servers.
Administrators of private servers may opt-in to register their servers for additional connected services by Rocket.Chat (e.g. push notifications for mobile devices).
The registration requires a working email address, a name or pseudonym and the server URL. More information is generally not available. We do not store content that passes through our gateways to provide the connectivity services.
Individual user account information
Rocket.Chat is a platform and the interaction between individuals on the platform happens based on user accounts, e.g. in the format of:
firstname.lastname
These accounts are unique to the deployed server of the Rocket.Chat platform. So if information is requested for an individual user account of the platform, this information goes only as far as the scope of that specific, individual server of Rocket.Chat.
To identify the proper user account, the specific server therefore must be named as well (generally in form of the URL).
The aforementioned restrictions with regards to the deployment options apply to users as well. User information cannot be produced by us for user accounts of private Rocket.Chat servers. Requests for such information should be targeted at the administrator of the private server. If the administrator is unknown, the request should be targeted at the owner of the DNS record of the private server domain.
Data retention information
Rocket.Chat retains data and backups of data for an undisclosed amount of time. Rocket.Chat makes backups of Cloud servers according to each customer's choice of plan (daily, twice daily or hourly). Some information we store is automatically collected, while other information is provided at the user’s discretion. Though we do store this information, we cannot guarantee its accuracy. For example, the server in use may not require real name use, email verification or identity authentication, hence the user may have created a fake or anonymous profile.
Preservation requests
We accept requests from law enforcement to preserve records, which constitute potentially relevant evidence in legal proceedings. We will preserve, but not disclose, a temporary snapshot of the relevant account records for 90 days pending service of valid legal process.
Preservation requests, in accordance with applicable law, should:
be signed by the requesting official;
have a valid return official email address; and be sent on law enforcement letterhead;
include the server URL of the subject offense and any other information that may help us identify the offending server and/or user.
We may honor requests for extensions of preservation requests, but encourage law enforcement agencies to seek records through the appropriate channels in a timely manner, as we cannot guarantee that requested information will be available.
Law enforcement and government preservation requests for user information must be submitted to our legal team at legal@rocket.chat. You can find further instructions below.
Requests for Rocket.Chat Cloud or Community Server account information
Requests for user account information from law enforcement should be directed to Rocket.Chat Technologies Corp. in Wilmington, Delaware. Rocket.Chat responds to valid legal process issued in compliance with applicable law.
Private information requires a subpoena or court order
Non-public information about Rocket.Chat users will not be released to law enforcement except in response to appropriate legal process such as a subpoena, court order, or other valid legal process – or in response to a valid emergency request, as described below.
Contents of communications requires a search warrant
Requests for the contents of communications (e.g., messages, files) require a valid search warrant or equivalent from an agency with proper jurisdiction over Rocket.Chat.
Will Rocket.Chat notify users of requests for account information?
Yes. Rocket.Chat's policy is to notify users of requests for their Rocket.Chat account information, which includes a copy of the request, as soon as we are able (e.g., prior to or after disclosure of account information) unless we are prohibited from doing so (e.g., an order under 18 U.S.C. § 2705(b)). We ask that any non-disclosure provisions include a specified duration (e.g., 90 days) during which Rocket.Chat is prohibited from notifying the user. Exceptions to user notice may include exigent or counterproductive circumstances, such as emergencies regarding imminent threat to life, child sexual exploitation, or terrorism.
What details must be included in account information requests?
Requests for user account information in accordance with applicable law, are required to include the following information:
Include the Rocket.Chat server URL (!) and @username of the subject Rocket.Chat account in question;
Provide details about what specific information is requested (e.g., messages, files, account information) and its relationship to your investigation;
Include a valid official email address (e.g., name@agency.gov) so we may get back in touch with you upon receipt of your legal process;
Be issued on law enforcement letterhead.
Law enforcement and government requests for user information should be submitted through legal@rocket.chat. You can find further instructions below.
Production of records
Unless otherwise agreed upon, we currently provide responsive records in electronic format (i.e., text files that can be opened with any word processing software such as Word or TextEdit).
Records authentication
The records that we produce are self-authenticating. Additionally, the records are electronically signed to ensure their integrity at the time of production. If you require a declaration, please indicate it in your submission.
Cost reimbursement
Rocket.Chat may seek reimbursement for costs associated with information produced pursuant to legal process and as permitted by law (e.g. under 18 U.S.C. §2706).
Emergency disclosure requests
In line with our Privacy Policy, we may disclose account information to law enforcement in response to a valid emergency disclosure request.
Rocket.Chat evaluates emergency disclosure requests on a case-by-case basis in compliance with relevant law (e.g., 18 U.S.C. § 2702(b)(8)). If we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information necessary to prevent that harm, if we have it.
How to make an emergency disclosure request
If there is an exigent emergency that involves the danger of death or serious physical injury to a person that Rocket.Chat may have information necessary to prevent, law enforcement officers must submit an emergency disclosure request through legal@rocket.chat.
Please include all of the following information:
Indication on your cover sheet, which must be on law enforcement letterhead, that you're submitting an Emergency Disclosure Request;
Identity of the person who is in danger of death or serious physical injury;
The nature of the emergency (e.g., report of suicide, bomb threat);
Rocket.Chat server URL and/or @username of the subject account(s) whose information is necessary to prevent the emergency;
Any specific Rocket.Chat messages you would like us to review;
The specific information requested and why that information is necessary to prevent the emergency;
The signature of the submitting law enforcement officer; and
All other available details or context regarding the particular circumstances (e.g. names of channels, timeframe for which information is requested, etc.)
Contact information
Our address details are:
Rocket.Chat Technologies Corp. 251 Little Falls Drive, Wilmington, DE, 19808
Receipt of correspondence is for convenience only and does not waive any objections, including the lack of jurisdiction or proper service.
Electronic communication must go to: legal@rocket.chat
Last updated