Guidelines for Law Enforcement

Last updated: February 24, 2022

These guidelines are intended for law enforcement authorities seeking information about Rocket.Chat accounts. Our privacy policy and terms of service provide more information \.

Important Highlight from the page below

All requests for user account information must specify the server URL (e.g. https://open.rocket.chat) where the user in question is registered. Requests without the server URL will be rejected.

What is Rocket.Chat?s

Rocket.Chat is a free and open-source team chat collaboration platform that allows users to communicate securely in real time on the web, desktop, or mobile and customize their interface with a range of plugins, themes, and integrations with other key software. Anyone in the world can download and run a Rocket.Chat server at any time.

Rocket.Chat can be deployed in various ways as a platform. Users interact on the platform via user accounts.

Deployment options

There are three relevant deployment options for Rocket.Chat, that affect the process for requesting information:

1. servers hosted by us (Rocket.Chat Technologies Corp.) and managed by us directly (such as our community servers)

2. servers hosted by us but managed by a customer (our hosted offering)

3. servers hosted by a third party (private servers)

The third option - private server - is the most common one.

For clarification purposes: a server, on which Rocket.Chat is running, **** can contain various instances of Rocket.Chat, depending on the configuration. An instance of Rocket.Chat is each a unique community of users communicating with each other. In the following, we refer to servers, that run whichever number of Rocket.Chat instances (1 or more).

How can you find out which deployment is being used? We offer a lookup, which checks if the server is hosted by us (options 1 and 2) or not (option 3). Please check here for the lookup form.

Servers under control of Rocket.Chat

For total transparency, Rocket.Chat Technologies Corp. owns and operates only one publicly available Rocket.Chat server in the world. The server that Rocket.Chat Technologies Corp. operates can only be accessed at: ​https://open.rocket.chat​

That server is subject to our Code of Conduct.

Any other Rocket.Chat server you access is not operated by Rocket.Chat Technologies Corp. and is subjected to the usage warning above.

That said, Rocket.Chat Technologies Corp. provides a cloud service for hosting Rocket.Chat servers. The user data, messages, and files on those servers are subject to our Terms of Use.

To know if a server belongs to Rocket.Chat cloud, please contact us, and use the aforementioned server lookup or domain information systems.

Community Server

When someone registers an account at our community server, hosted at https://open.rocket.chat, we ask for a name, an e-mail, and a password, and they have to verify their e-mail address. Rocket.Chat does not monitor any public or private channel activities other than for the company's own use, such as the #general, #support, and #dev public channels.

We do not keep a log of IPs.

Rocket.Chat Cloud

When someone signs up for a Rocket.Chat Cloud server, we ask for a name, e-mail, workspace name and domain they'd like to use. The e-mail is then verified before the server is deployed. Every message and file sent is stored within Rocket.Chat cloud servers and databases are hosted with a third-party hosting provider. Rocket.Chat does not actively scan the content activity in Cloud servers.

fPrivate Servers

You need to be aware of any private Rocket.Chat server may be operated by arbitrary businesses, groups or individuals with no relationship to Rocket.Chat Technologies Corp. In particular:

• Rocket.Chat Technologies Corp. does not have access to these servers.

• Rocket.Chat Technologies Corp. does not and cannot control or regulate how these servers are operated.

• Rocket.Chat Technologies Corp. cannot access, determine, or regulate any contents or information flow on these servers.

Administrators of private servers may opt-in to register their servers for additional connected services by Rocket.Chat (e.g. push notifications for mobile devices).

The registration requires a working email address, a name or pseudonym, and the server URL. More information is generally not available. We do not store content that passes through our gateways to provide connectivity services.

Individual user account information

Rocket.Chat is a platform, and the interaction between individuals on the platform happens based on user accounts, e.g. in the format of:

firstname.lastname

These accounts are unique to Rocket.Chats's deployed server. So, if the information is requested for an individual platform user account, this information goes only as far as the scope of that specific individual server of Rocket.Chat.

Therefore, the specific server must also be named (generally in the form of the URL) to identify the proper user account.

The aforementioned restrictions regarding the deployment options apply to users as well. We cannot produce user information for user accounts of private Rocket.Chat servers. Requests for such information should be directed to the private server administrator. If the administrator is unknown, the request should be directed at the owner of the DNS record of the private server domain.

Data retention information

Rocket.Chat retains data and backs up data for an undisclosed amount of time. Rocket.Chat makes backups of Cloud servers according to each customer's choice of plan (daily, twice daily, or hourly). Some information we store is automatically collected, while other information is provided at the user’s discretion. Though we do store this information, we cannot guarantee its accuracy. For example, the server in use may not require real name use, email verification or identity authentication, hence the user may have created a fake or anonymous profile.

Preservation requests

We accept requests from law enforcement to preserve records that constitute potentially relevant evidence in legal proceedings. We will preserve, but not disclose, a temporary snapshot of the relevant account records for 90 days pending service of valid legal process.

Preservation requests, in accordance with applicable law, should:

• be signed by the requesting official;

• have a valid return official email address, and  be sent on law enforcement letterhead;

• include the server URL of the subject offense and any other information that may help us identify the offending server and/or user.

We may honor requests for extensions of preservation requests but encourage law enforcement agencies to seek records through the appropriate channels in a timely manner, as we cannot guarantee that requested information will be available.

Law enforcement and government preservation requests for user information must be submitted to our legal team at [email protected]. You can find further instructions below.

Requests for Rocket.Chat Cloud or community server account information

Law enforcement requests for user account information should be directed to Rocket.Chat Technologies Corp. in Wilmington, Delaware. Rocket.Chat responds to valid legal processes issued in compliance with applicable law.

Private information requires a subpoena or court order

Non-public information about Rocket.Chat users will not be released to law enforcement except in response to an appropriate legal process such as a subpoena, court order, or other valid legal process – or in response to a valid emergency request, as described below.

Contents of communications require a search warrant

Requests for the contents of communications (e.g., messages, files) require a valid search warrant or equivalent from an agency with proper jurisdiction over Rocket.Chat.

Does Rocket.Chat notify users of requests for account information?

Yes. Rocket.Chat's policy is to notify users of requests for their Rocket.Chat account information, which includes a copy of the request, as soon as we are able (e.g., prior to or after disclosure of account information) unless we are prohibited from doing so (e.g., an order under 18 U.S.C. § 2705(b)). We ask that any non-disclosure provisions include a specified duration (e.g., 90 days) during which Rocket.Chat is prohibited from notifying the user. Exceptions to user notice may include exigent or counterproductive circumstances, such as emergencies regarding imminent threat to life, child sexual exploitation, or terrorism.

What details must be included in account information requests?

Requests for user account information in accordance with applicable law, are required to include the following information:

• Include the Rocket.Chat server URL (!) and @username of the subject Rocket.Chat account in question;

• Provide details about what specific information is requested (e.g., messages, files, account information) and its relationship to your investigation;

• Include a valid official email address (e.g., [email protected]) so we may get back in touch with you upon receipt of your legal process;

• Be issued on law enforcement letterhead.

• Law enforcement and government requests for user information should be submitted through [email protected]. Further instructions are given below.

Production of records

Unless otherwise agreed upon, we currently provide responsive records in electronic format (i.e., text files that can be opened with any word processing software such as Word or TextEdit).

Records authentication

The records that we produce are self-authenticating. Additionally, the records are electronically signed to ensure their integrity at the time of production. If you require a declaration, please indicate it in your submission.

Cost reimbursement

Rocket.Chat may seek reimbursement for costs associated with information produced pursuant to legal process and as permitted by law (e.g. under 18 U.S.C. §2706).

Emergency disclosure requests

In line with our privacy policy, we may disclose account information to law enforcement in response to a valid emergency disclosure request.

Rocket.Chat evaluates emergency disclosure requests on a case-by-case basis in compliance with relevant law (e.g., 18 U.S.C. § 2702(b)(8)). If we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information necessary to prevent that harm if we have it.

How to make an emergency disclosure request?

If there is an exigent emergency that involves the danger of death or serious physical injury to a person that Rocket.Chat may have information necessary to prevent, law enforcement officers must submit an emergency disclosure request through [email protected].

Please include all of the following information:

• Indication on your cover sheet, which must be on law enforcement letterhead, that you're submitting an Emergency Disclosure Request;

• Identity of the person who is in danger of death or serious physical injury;

• The nature of the emergency (e.g., report of suicide, bomb threat);

• Rocket.Chat server URL and/or @username of the subject account(s) whose information is necessary to prevent the emergency;

• Any specific Rocket.Chat messages you would like us to review;

• The specific information requested and why that information is necessary to prevent the emergency;

• The signature of the submitting law enforcement officer and

• All other available details or context regarding the particular circumstances (e.g. names of channels, timeframe for which information is requested, etc.)

Contact information

Our address details are:

Rocket.Chat Technologies Corp. 251 Little Falls Drive, Wilmington, DE, 19808

Receipt of correspondence is for convenience only and does not waive any objections, including the lack of jurisdiction or proper service.

Electronic communication must go to: [email protected]