Guidelines for Law Enforcement

Last updated: October 14th, 2020

These guidelines are intended for law enforcement authorities seeking information about Rocket.Chat accounts. More general information is available in our Privacy Policy and Terms of Service.

What is Rocket.Chat?

Rocket.Chat is a free and open source team chat collaboration platform that allows users to communicate securely in real-time on web, desktop or mobile and to customize their interface with a range of plugins, themes and integrations with other key software. Anyone in the world can download and run a Rocket.Chat server at any time.

As a platform, Rocket.Chat can be deployed various ways. The interaction on the platform between users happens via user accounts.

Deployment options

In short, there are three relevant deployment options of Rocket.Chat, that affect the process for requesting information:

  1. servers hosted by us (Rocket.Chat Technologies Corp.) and managed by us directly (such as our community server)

  2. servers hosted by us, but managed by a customer (our hosted offering)

  3. servers hosted by a third party (private servers)

The third option - private servers - is the most common one.

How can you find out, which deployment is being used?

We offer a server lookup, which checks if the server is hosted by us (options 1 and 2) or not (option 3). Please check here for the lookup form.

Private servers

You need to be aware that any private Rocket.Chat server may be operated by arbitrary businesses, groups or individuals with no relationship to Rocket.Chat Technologies Corp. In particular:

  • Rocket.Chat Technologies Corp. do not have access to these servers.

  • Rocket.Chat Technologies Corp. does not and cannot control or regulate how these servers are operated.

  • Rocket.Chat Technologies Corp. cannot access, determine or regulate any contents or information flow on these servers.

Administrators of private servers may opt-in to register their servers for additional connected services by Rocket.Chat (e.g. push notifications for mobile devices).

The registration requires a working email address, a name or pseudonym and the server URL. More information is generally not available. We do not store content that passes through our gateways to provide the connectivity services.

Servers under control of Rocket.Chat

For total transparency, Rocket.Chat Technologies Corp. owns and operates only one publicly available Rocket.Chat server in the world. The server that Rocket.Chat Technologies Corp. operates can only be accessed at:

https://open.rocket.chat

That server is subject to our Code of Conduct.

Any other Rocket.Chat server you access is not operated by Rocket.Chat Technologies Corp. and is subjected to the usage warning above.

That said, Rocket.Chat Technologies Corp. provides a cloud service for hosting Rocket.Chat instances. The user data, messages and files on those instances are subject to our Terms of Use.

To know if an instance belongs to Rocket.Chat cloud, please contact us, use the aforementioned server lookup or use domain information systems.

What account information does Rocket.Chat have?

Rocket.Chat does not keep a log of IPs used to access either Community Server or Rocket.Chat Cloud instances.

Community Server

When someone registers an account at our community server, hosted at https://open.rocket.chat, we ask for a name, an e-mail and a password, and they have to verify their e-mail address. Rocket.Chat does not monitor any public or private channels activities other than for the company's own use, such as the #general, #support and #dev public channels.

We do not keep a log of IPs.

Rocket.Chat Cloud

When someone signs up for a Rocket.Chat Cloud server, we ask for a name, e-mail, workspace name and domain they'd like to use. The e-mail is then verified before the instance is deployed. Every message and file sent is stored within Rocket.Chat cloud servers and databases hosted with a third party hosting provider. Rocket.Chat does not actively scan the content activity in Cloud servers.

Individual user account information

Rocket.Chat is a platform and the interaction between individuals on the platform happens based on user accounts, e.g. in the format of:

firstname.lastname

These accounts are unique to the deployed instance of the Rocket.Chat platform. So if information is requested for an individual user account of the platform, this information goes only as far as the scope of that specific, individual instance of Rocket.Chat.

To identify the proper user account, the specific instance therefore must be named as well (generally in form of the URL).

The aforementioned restrictions with regards to the deployment options apply to users as well. User information cannot be produced by us for user accounts of private Rocket.Chat servers. Requests for such information should be targeted at the administrator of the private server. If the administrator is unknown, the request should be targeted at the owner of the DNS record of the private server domain.

Data retention information

Rocket.Chat retains data and backups of data for an undisclosed amount of time. Rocket.Chat makes backups of Cloud servers according to each customer's choice of plan (daily, twice daily or hourly). Some information we store is automatically collected, while other information is provided at the user’s discretion. Though we do store this information, we cannot guarantee its accuracy. For example, the server in use may not require real name use, email verification or identity authentication, hence the user may have created a fake or anonymous profile.

Preservation requests

We accept requests from law enforcement to preserve records, which constitute potentially relevant evidence in legal proceedings. We will preserve, but not disclose, a temporary snapshot of the relevant account records for 90 days pending service of valid legal process.

Preservation requests, in accordance with applicable law, should:

  • be signed by the requesting official;

  • have a valid return official email address; and be sent on law enforcement letterhead;

  • include the server URL of the subject offense and any other information that may help us identify the offending server and/or user.

We may honor requests for extensions of preservation requests, but encourage law enforcement agencies to seek records through the appropriate channels in a timely manner, as we cannot guarantee that requested information will be available.

Law enforcement and government preservation requests for user information may be submitted to our legal team at legal@rocket.chat. You can find further instructions below.

Requests for Rocket.Chat Cloud or Community Server account information

Requests for user account information from law enforcement should be directed to Rocket.Chat Technologies Corp. in Wilmington, Delaware. Rocket.Chat responds to valid legal process issued in compliance with applicable law.

Private information requires a subpoena or court order

Non-public information about Rocket.Chat users will not be released to law enforcement except in response to appropriate legal process such as a subpoena, court order, or other valid legal process – or in response to a valid emergency request, as described below.

Contents of communications requires a search warrant

Requests for the contents of communications (e.g., messages, files) require a valid search warrant or equivalent from an agency with proper jurisdiction over Rocket.Chat.

Will Rocket.Chat notify users of requests for account information?

Yes. Rocket.Chat's policy is to notify users of requests for their Rocket.Chat account information, which includes a copy of the request, as soon as we are able (e.g., prior to or after disclosure of account information) unless we are prohibited from doing so (e.g., an order under 18 U.S.C. § 2705(b)). We ask that any non-disclosure provisions include a specified duration (e.g., 90 days) during which Rocket.Chat is prohibited from notifying the user. Exceptions to user notice may include exigent or counterproductive circumstances, such as emergencies regarding imminent threat to life, child sexual exploitation, or terrorism.

What details must be included in account information requests?

Requests for user account information in accordance with applicable law, are required to include the following information:

  • Include the Rocket.Chat server URL (!) and @username of the subject Rocket.Chat account in question;

  • Provide details about what specific information is requested (e.g., messages, files, account information) and its relationship to your investigation;

  • Include a valid official email address (e.g., name@agency.gov) so we may get back in touch with you upon receipt of your legal process;

  • Be issued on law enforcement letterhead.

  • Law enforcement and government requests for user information should be submitted through legal@rocket.chat. You can find further instructions below.

Production of records

Unless otherwise agreed upon, we currently provide responsive records in electronic format (i.e., text files that can be opened with any word processing software such as Word or TextEdit).

Records authentication

The records that we produce are self-authenticating. Additionally, the records are electronically signed to ensure their integrity at the time of production. If you require a declaration, please indicate it in your submission.

Cost reimbursement

Rocket.Chat may seek reimbursement for costs associated with information produced pursuant to legal process and as permitted by law (e.g. under 18 U.S.C. §2706).

Emergency disclosure requests

In line with our Privacy Policy, we may disclose account information to law enforcement in response to a valid emergency disclosure request.

Rocket.Chat evaluates emergency disclosure requests on a case-by-case basis in compliance with relevant law (e.g., 18 U.S.C. § 2702(b)(8)). If we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information necessary to prevent that harm, if we have it.

How to make an emergency disclosure request

If there is an exigent emergency that involves the danger of death or serious physical injury to a person that Rocket.Chat may have information necessary to prevent, law enforcement officers can submit an emergency disclosure request through legal@rocket.chat.

Please include all of the following information:

  • Indication on your cover sheet, which must be on law enforcement letterhead, that you're submitting an Emergency Disclosure Request;

  • Identity of the person who is in danger of death or serious physical injury;

  • The nature of the emergency (e.g., report of suicide, bomb threat);

  • Rocket.Chat server URL and/or @username of the subject account(s) whose information is necessary to prevent the emergency;

  • Any specific Rocket.Chat messages you would like us to review;

  • The specific information requested and why that information is necessary to prevent the emergency;

  • The signature of the submitting law enforcement officer; and

  • All other available details or context regarding the particular circumstances (e.g. names of channels, timeframe for which information is requested, etc.)

Contact information

Our address details are:

Rocket.Chat Technologies Corp. 251 Little Falls Drive, Wilmington, DE, 19808

Receipt of correspondence is for convenience only and does not waive any objections, including the lack of jurisdiction or proper service.

Electronic communication should go to: legal@rocket.chat