Links

Privacy Policy

Effective date: October 20th, 2023
We have made some updates to our privacy policy which will come into effect on the effective date specified. These changes include modifications related to "workspace tracking and statistics data," which will be implemented upon the release of Rocket.Chat 6.5. To access the previous version of this Privacy Policy, click here.

Rocket.Chat Technologies Corp. ('us', 'we', or 'our') operates the Rocket.Chat Website (https://rocket.chat), Rocket.Chat Services, including the Marketplace and associated Rocket.Chat Apps, Rocket.Chat´s Cloud Hosting Services, the Rocket.Chat Open Server (https://open.rocket.chat), and the Rocket.Chat mobile applications (the 'Services').
Please note that additional privacy policies may apply to Rocket.Chat's specific services. These policies can be found here.
At a glance
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Services and the choices you have associated with that data.
We use your data to provide and improve the Services. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Customer Terms of Service.
Administrators are responsible for Users' privacy, and we help administrators.
  • There are basically two ways of using Rocket. Chat: Self-hosted (also known as on-premises deployment) on your own or someone else's infrastructure or via our Cloud-hosted services. In both cases, the administrator of that instance - or the organization behind the administrator - is the person responsible for ensuring the privacy of Rocket.Chat users.
  • We aim to help by providing features in our products and services to make that job easier.
  • We also provide this policy to explain what we do as a "helping hand"/data processor for administrators in case we process users' personal data.
Data Handling on a Self-Hosted Deployment
  • We cannot access Customer user-generated data in a Self-Hosted instance of Rocket.Chat.
  • Rocket.Chat code is open source; there are no back doors whatsoever.
  • Customers may desire to connect a self-hosted instance to other services, e.g., our marketplace or push notification gateway, where this privacy policy applies. You can also connect it to third-party services, such as external authentication services, in which case their privacy policy applies. It is Customer's choice, and Customers are not forced to do so.
Data Handling on a Cloud Hosting Services

Definitions
Other definitions not found here shall have the same meaning as outlined in our Customer Terms of Service.
Services means the website (https://rocket.chat), Rocket.Chat Open Server (https://open.rocket.chat​), Rocket.Chat Sotfware and Marketplace, incl. associated Rocket.Chat Apps, the https://cloud.rocket.chat service offering, push notification gateways, and the Rocket.Chat mobile applications operated by Rocket.Chat Technologies Corp.
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data means the data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies are small pieces of data stored on your device (computer or mobile device), they are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information is, or is to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.
Data Processors (or Service Providers) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
Data Subject (or User) Data Subject is any living individual who is using our Service and is the subject of Personal Data.
Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
The type of data we collect
In connection with our operations and during the lifecycle of business relationships with our Customers, we collect various types of personal data, meaning any information that identifies or allows us to identify you.

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include but is not limited to
  • Email addresses.
  • First name and last name
  • Cookies and Usage Data
  • Phone number and other contact details.

Account Data

Some Services may allow or require that you register for a personalized account. Account data may include, in addition, your account name, authentication information, registration date, contact information, payment information, and any other information associated with your account.

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access the Service, including by or through a mobile device ("Usage Data").
This Usage Data may include information such as your computer's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the Services by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, the IP address of your mobile device, your mobile operating system, the app version, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data

Location Data

We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service (only to allow you to share your location with another user via Rocket.Chat if it was enabled by the administrator).
You can enable or disable location services when you use our Service at any time through your device settings.

App Data

Apps Provided By Rocket.Chat

When you use the Marketplace, you may choose to install Apps provided by Rocket.Chat. These Apps process data from your instance of Rocket.Chat and, therefore, nonpersonal data, such as software version, amount of users, and similar. Depending on the purpose and your actual usage of the App (e.g., enabling certain features), Personal Data may however be processed. E.g., you enable an integration, which processes your users' information. The description of the App will make the types of personal data sufficiently clear, as well as any potential deviations from this policy.

Third-Party Apps

For Third-Party Apps on the Marketplace, the Vendor will provide you with a specific privacy policy that governs his Third-Party App.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.
  • We DO NOT track activity in your self-hosted instances.
  • We regularly monitor aggregated activity data on our infrastructure, but it is not tracking individual users in the sense of this paragraph, which only occurs when we have a legitimate interest in doing so (e.g., for security and compliance purposes).
  • We do perform regular tracking on our Open Server.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.

Workspace Tracking and Statistics Data

Rocket.Chat workspaces are set up to automatically send anonymous and non-personal usage tracking data to Rocket.Chat This is done to help us understand how customers use our Services, ensure compliance with the terms of use limits, and for billing purposes if the Customer's contract is based on consumption of our Services.
The information shared is the same data displayed on the administration panel's "info" page, which is described in detail here.
For example, the tracking statistics sharing will transmit the total number of channels, but not the actual channel names, to preserve your workspace's privacy. Depending on the services and plans purchased, disabling this tracking statistics collection may be possible.
For further details on how we secure your data, please refer to the "How do we secure your data" section. Additionally, information about our Cloud Infrastructure and Subprocessors can be found in our Subprocessors section.
How do we use the information?
We collect and use your personal data to the extent necessary to carry out our operations, provide our services, and comply with any regulatory obligations in our activities.
These purposes are defined in more detail below:
  • To provide and maintain our Services
  • To notify you about changes to our Services
  • To allow you to participate in interactive features of our Service when you choose to do so
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To detect, prevent, and address technical issues
  • To provide you with news, special offers, and general information about other goods, services, and events that we offer that are similar to those that you have already purchased or enquired about if you have provided consent to receive this information or the processing is in our legitimate interests and it's not overridden by your fundamental rights.
    • You may withdraw that consent at any time or object to receiving any or all of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us through our Data Request Form.
Retention of Data
Rocket.Chat will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Rocket.Chat will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
When your personal data no longer needs to be retained for any of the purposes stipulated in this privacy policy, we may delete or anonymize your personal data. Anonymized data - i.e. data that can no longer be associated with you as an individual - may be further used for research and statistical purposes, in which case we may use this information indefinitely without further notice to you.
Transfer of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States or other jurisdictions deemed not to have an adequate level of data protection deemed by the competent authorities of your residence. Rocket.Chat Technologies Corp. will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
Disclosure and storage of personal data

Disclosure of Data

Business Transaction

If Rocket.Chat Technologies Corp. is involved in a merger, acquisition, or asset sale; your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

In rare circumstances, we may be required to disclose user-uploaded content and other Personal Data in response to a valid request from law enforcement authorities. We will only comply with such requests if they are made in accordance with applicable laws, regulations, and our internal guidelines for disclosure.
For more information regarding Law Enforcement Disclosure, please refer to our Guidelines for Law Enforcement.
Rocket.Chat Technologies Corp. may disclose your Personal Data in the good faith belief that such action is necessary to:
  • To comply with a legal obligation
  • To protect and defend the rights or property of Rocket.Chat Technologies Corp.
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability.

Sharing data with third-party service providers ("subprocessors")

We may employ third-party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose
The ways in which we share your Personal Data include the following:
  • For Information processing, payment processing, credit checks, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys.
  • Where appropriate, we may provide your personal data to Rocket.Chat partners in order to fulfill your request for service delivery.
We execute contracts with our third parties to ensure they fulfill their data protection obligations.
A list of our third-party processors may be found here.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.
  • Google Analytics
    • Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
    • For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's site. When using such third-party websites, we recommend that you read the relevant sites' terms and privacy policies.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. This privacy policy is valid only for Rocket.Chat branded domains, owned and managed by Rocket.Chat Technologies Corp., as the owner and operator of the Pexip service.
Your Rights
In accordance with applicable regulations and where applicable, you have the following rights:
  • To access: you can obtain information relating to the processing of your personal data and a copy of such personal data.
  • To rectify: you can request that your personal data be modified accordingly if you consider that your personal data are inaccurate or incomplete.
  • To erase: you can require deleting your personal data to the extent permitted by law.
  • To restrict: you can request the restriction of the processing of your personal data.
  • To object: you can object to the processing of your personal data on grounds relating to your particular situation. You have the right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing.
  • To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
  • To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.
If the processing is based on your consent, you may also withdraw your consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal). If you have previously consented to receive promotional email communications from us, you can use the unsubscribe function at the bottom of our emails to unsubscribe from our emails at any time (“withdraw your consent”).
If you have an active Rocket.Chat account, it’s not possible to opt out of basic emails since we need to communicate basic information, where relevant, to users in order to continue delivery of the account.
How do you exercise your rights?
To exercise any of the rights listed above, please use our Data Request Form, a simplified form that ensures efficient request management and security. Alternatively, you can send an email to [email protected].
The request will be processed and completed in compliance with our privacy policy, terms of service, our business relationship, and any data privacy laws applicable in your country.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA or other applicable jurisdictions, you have the right to lodge a complaint with the competent supervisory authority.
How do we secure your data?
Ensuring the security of the data you entrust to us is one of our most important responsibilities. We apply appropriate technical and organizational measures to keep your personal data secure. We use physical, administrative, and technical security measures to reduce the risk of loss, misuse, or unauthorized access, disclosure, or modification of your personal data.
Your data can only be accessed by persons for whom it is necessary in relation to their work.
We may outsource our processing of personal data to external service providers. In such events, we enter into appropriate agreements with the providers to ensure that your personal data is processed per this Privacy Policy and any applicable laws. We also have received internationally recognized security certifications.
Although we do our best, given the nature of communications and information processing technology, we cannot guarantee that Information during transmission through the Internet or while stored on our systems or otherwise in our care will be absolutely safe from intrusion by others.
For more information regarding our security practices, please refer to our comprehensive Security Policy and Security and Compliance Guides.
Children's Privacy at Rocket.Chat
Our Services are only available to Users above the legal age of 13 years or any higher age required by the applicable regulations in your jurisdiction.
Users under the legal age should discontinue using our services. If you are from a country subject to GDPR, you must be 16 years old or above, unless your country has enacted a regulation specifying a lower minimum age.
Individuals from LGDP-regulated countries must be 18 years of age or older unless parental consent has been obtained.
We do not knowingly collect personally identifiable information from anyone under the legal age. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Please note that the customer is responsible for managing user-generated data and workspace control, including compliance with data handling for minors in their jurisdiction.
Changes to This Privacy Policy
As our business grows and our services and products evolve, this privacy notice may change, or other privacy notices may be written and posted specifically to address new offerings or to keep pace with data privacy laws.
When changes are substantial, we will first ensure to make you aware of any forthcoming changes by attempting to contact you directly via email, or via our user interfaces, or indirectly through your authorized partner, which is reselling the Rocket.Chat services or products., Changes to this Privacy Policy will become effective once they are posted on this page, and we will also update the "effective date" at the top of this Privacy Policy.

The distinction of data collection between Self-Hosted Workspaces and Cloud Hosting Workspaces

The following paragraph is intended to provide clarity on data processing in Rocket.Chat workspaces. Please note that there are differences in the data processing that occurs between self-hosted workspaces and workspaces hosted by us. With our Cloud Hosting service, all data input into the workspace is processed on our infrastructure.
The table below explains the general distinction between the data that is processed in each case. It's important to remember that individual circumstances may vary, such as cases where apps are installed on unregistered workspaces via workarounds.
Data Type
Self-Hosted
Cloud Hosted at Rocket.Chat
Account Data
Yes. To register your workspace via an account,
Yes. To register your workspace via an account
Usage Data
Yes. As per the service you are consuming via your registration, e.g., push notifications via our gateway,
Yes. As part of using the hosted workspace on our infrastructure
App Data
Yes. If you install apps from the marketplace and, based on the use case of the app. Third-party apps have their own privacy policy.
Yes - if you install apps from the marketplace and based on the app's use case. Third-party apps have their own privacy policy.
User Generated Content
No. Content is not processed unless it falls under the aforementioned (e.g. the content of a push notification sent via our gateway).
Yes. As part of using the hosted workspace on our infrastructure. End-to-end encrypted content is only stored in encrypted form.
Tracking and Cookies
Yes. Tracking occurs on our end to monitor the consumption of the services you use (Usage Data). We do not track inside the workspace.
Tracking occurs to monitor the consumption of the services used.
There are two classifications for Rocket.Chat self-hosted workspaces: registered and non-registered. Registered workspaces have access to a wide range of features and services, and registered workspaces are eligible for our "starter" or paid plans (dependent on user counts and functionality requirements). Note that non-registered workspaces operate independently without formal registration and no data collection by Rocket.Chat. Non-registered workspaces are only available via the Free and Open Source Software (FOSS) self-build deployment path.

Contact us

If you have any questions about this Privacy Policy, please contact us:

Data Protection Officer

To communicate with our Data Protection Officer, please email [email protected].

APPENDIX 1

Privacy Regulations Framework
Our Privacy Regulations Framework Appendix is an integral part of our Privacy Policy, which outlines the specific legal requirements that govern your privacy.
As part of our commitment to privacy and transparency, we provide this appendix to explain how we handle your data according to relevant regulations. We encourage you to read these clauses carefully to understand how your data is managed in compliance with the law.
If you have any questions or concerns, please do not hesitate to reach out to us.

Specific Provisions to California Consumer Privacy Act “CCPA”

This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.”
We do not provide services, or other items of value, as consideration for your, or your end users’, personal information protected by the CCPA.
You are responsible for ensuring your compliance with the requirements of the CCPA in your use of the Services we provide to you and your own processing of personal information.
Here are a few things that Rocket. Chat will NOT do with personal information in the scope of acting as a service provider, as defined by CCPA:
  • sell, rent, or otherwise disclose your personal information to third parties in exchange for money or something else of value;
  • use your information outside the scope of the agreement(s) for services that we have with you.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this personal information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers can exercise their CCPA rights by completing a data subject request form found here. We will verify your request using the email associated with your account.

Specific Provisions to California Online Privacy Protection Act “CalOPPA”

We do not support Do Not Track ("DNT") signals. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting your web browser's Preferences or Settings page.

Specific Provisions to Lei Geral de Proteção de Dados “LGPD”

Rocket.Chat only processes, stores, and collects data according to this Privacy Policy, which covers the main LGPD requirements. For a dedicated section on the appointment letter for Data Protection Officer (DPO) and frequently asked questions about LGDP compliance at Rocket.Chat, please click here.

Specific Provisions for General Data Protection Regulation “GDPR)” and Other Applicable Regulations

Where required, we provide the option to sign Standard Contractual Clauses approved by the European Commission to ensure sufficient data protection or other relevant mechanisms based on the Customer's requirements or applicable agreements in the customer's jurisdiction.

Previous versions of this Privacy Policy

Rocket.Chat is committed to transparency as part of its values. As such, we provide previous versions of our Agreements and Policies in our Agreements and Policies History.
Rocket.Chat versions receive support for six months after release.