Riot

Privacy Policy

 

At VECTOR CREATIONS LIMITED we are committed to protecting and respecting your privacy.

This privacy policy is aimed to help you understand what information we collect and how we use it. Together with our Terms of Use and any other documents referred to, this privacy policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read these carefully.

Your access to http://riot.im (the “Website”), and use of the Services, whether as a guest or registered user means that you have read and accept the practices described in this policy.  

In order to access the Services as a registered user, you must first read this policy and agree to the terms by clicking on the “ACCEPT” button.

When we refer to “VECTOR CREATIONS LIMITED”, “we”, “us” or “our” in this agreement (the “Agreement”), we mean VECTOR CREATIONS LIMITED of 90 High Holborn, London, WC1V 6XX, United Kingdom with company number 10330175. For the purpose of the Data Protection Act 1998 (the “Act”), VECTOR CREATIONS LIMITED is the data controller.

Overview

The Riot services (the “Services”) provide a communication service to end users, storing and forwarding text messages, files, voice/video-over-IP calls and other communication data between users on Matrix “Home Servers” in the Matrix ecosystem, for example the “Matrix Home Server” hosted at https://matrix.org/_matrix, or the “Riot Home Server” hosted at https://riot.im/_matrix or any other Home Server in the wider Matrix ecosystem and/or applications provided by third parties on the internet. The Services include client software running on the web (https://riot.im/app), iOS and Android devices (available in the relevant application stores) and the “Riot Home Server” and server hosted at https://riot.im/_matrix. The Riot server is currently operated by VECTOR CREATIONS LIMITED or an affiliate of VECTOR CREATIONS LIMITED.

 

This privacy policy applies to information we collect on the Website or through providing the Services.

 

 

Children Under the Age of 14

The Riot website http://riot.im (the “Website”) and the Service are not intended for children under 14 years of age. No one under age 14 may provide any personal information to or on the Website or in connection with the Service. We do not knowingly collect personal information from children under 14. If you are under 14, do not use or provide any information on this Website or in connection with the Service, or on or through any of the features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 14 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 14, please contact us at the contact information provided in the Contact section below.

 

What kinds of information do we collect?

We may collect and process a mix of information, including both personally identifiable and non-identifying data.

Personally identifiable data includes information by which you may be personally identified, such as name, postal address, e-mail address, telephone number, any other identifier by which you may be contacted online or offline (such as a Matrix ID), any credentials to external systems that you’re requesting Riot to bridge you to or any other information the Website collects that is defined as personal or personally identifiable information under an applicable law. In order to provide the Services we may also collect, process and store your communications via the Service and the content, attachments and metadata associated with such communications.

 

Personally non-identifying data includes information that is about you but individually does not identify you, such as any access token associated with your account.

 

We’ve set out the different types of data that we may receive, collect, and process below:

Š       Information you give us

When you use the Service on our Website, you automatically create a Riot account. By default, this is a “guest account” with no explicit username or password, but users can upgrade this to a full Riot account or register a new one. This will require you to provide a user name and password. You may choose to provide your email address.

If you report a problem with our Website, in corresponding with us by phone, e-mail or otherwise we may collect certain information including your name, address, e-mail address and phone number.

Š       Information we collect about you

Each time you visit our Website or use the Services, we may automatically collect the following information:

Š       technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type, browser version and settings, time zone setting, language preferences, browser plug-in types and versions, operating system and platform;

Š       information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page;

Š       the communication content that you send and receive while using our Service. This may include message content and timing information, including text, photo, video and other media files in the context of the communication history of a room. This content may be encrypted by your client;

Š       other information about your user activity to aid communication on the service: details of the rooms you participate in (name, topic, address, participant list, access permissions, and any other extensible data associated with that room), whether your user account is discoverable using which identifiers, optional public directory listing of your user identifiers and user trust/reputation data associated with your account;

Š       information about you made available to us through your client, including (where supplied by your client) user presence information (whether your client is currently active/idle/offline or other extensible presence data), user profile information (display name, avatar, encryption public key data, other extensible profile data), ‘typing notifications’ (whether you are typing a message in a given room or not), ‘read notifications’ (whether you have read a message in a given room or not), ‘push notification rules’ (which messages should trigger notifications and how to notify you), ‘search history’ (which terms you have searched for). You may be able to limit the information about you that your client provides to us via the account settings in your client application; and

Š       information about your mobile device (if the service is accessed through a smartphone application). In addition to the above, this may include the application name and version, device model and version, device OS version, and push notification client identifier.

Š       Information we receive from other sources

Š        We may receive information about you if you use any of the other websites we operate, the other Services we provide or through third party applications you require us to bridge to. We are also working closely with third parties who assist us in providing the Service to you (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies) and may receive information about you from them.

Š        We may also receive information about you made available to us through your client, including (where supplied by your client) user presence information (whether your client is currently active/idle/offline or other extensible presence data), user profile information (display name, avatar, encryption public key data, other extensible profile data), ‘typing notifications’ (whether you are typing a message in a given room or not), ‘read notifications’ (whether you have read a message in a given room or not), ‘push notification rules’ (which messages should trigger notifications, and how to notify you), ‘search history’ (which terms you have searched for). You may be able to limit the information about you that your client provides to us via the account settings in your client application.

We will store information for as long as it is necessary to provide the Service to you or as is required to meet any legal obligations.

 

Cookies

 

We currently use cookies to support our use of Google Analytics on the Website and Service. Google Analytics collects information about how you use the Website and Service.  Cookies don’t identify individuals personally, but are used on websites to remember the activities and preferences of users and distinguish between them. This helps us to provide you with a good experience when you browse our Website and use our Service and also allows us to improve our Website and our Service.

We may choose to use additional cookies in future. If we do we will update this policy and keep you informed.

Uses made of the information

We may use information held about you in the following ways:

Š       Information you give to us

We will use this information:

Š       to authenticate you so that we can securely deliver communications to and from you;

Š       to provide the Service to you, including to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us;

Š       to notify you about changes to the Service;

Š       to better understand and improve our Service to ensure that content from our Service is presented in the most effective manner for you and for your computer, and to keep our Service always secure; and

Š       to identify you such that other users within the Matrix ecosystem can communicate with you.

Š       Information we collect about you

We will use this information:

Š       to administer our Service and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

Š       to improve our Service to ensure that content is presented in the most effective manner for you and for your computer;

Š       to allow you to participate in interactive features of our Service, when you choose to do so;

Š       as part of our efforts to keep our Service safe and secure; and

Š       to provide user and content discovery features within the Service (e.g. letting other users within the Matrix ecosystem discover your existence and contact you or optionally letting you share information about your activity on the service (presence, profile, user directory) with users to aid discovery and communication.

Š       Information we receive from other sources

We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

When might we disclose your information?

We will generally only disclose your personal information with your consent, but in certain circumstances, we may need to, or believe it is appropriate to, disclose your personal information. More information on these limited circumstances are below:

Š       To comply with our legal obligations or to protect the interests of our users.

If we are or believe that we are under a duty to disclose or share your personal data, we will do so in order to comply with any legal obligation, the instructions or requests of a governmental authority or regulator, including those outside of the UK.

We may also choose to share information when we believe it is necessary to detect, prevent and address illegal activity or to otherwise protect the safety of our users.

We will share information in order to enforce or apply our Terms of Use and any other relevant agreements; or to protect our rights or property.

Š       To improve the Website and our Services

We may share personal information with analytics and search engine providers that assist us in the improvement and optimisation of our Website and Service.

Š       Within our group.

We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

Š       With our third party suppliers.

We may need to share your personal information with our business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you. We will only disclose information to third parties who are under obligations of confidentiality in respect of the personal data they receive.

Š       If VECTOR CREATIONS LIMITED is sold.

In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.

If we or substantially all of our assets are acquired by a third party, personal data held by us about our users will be one of the transferred assets.

Where we store your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (the "EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of our obligations to you, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Service; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Keeping information updated

We have a legal obligation to ensure that all information held and processed about you complies with the principles of the Act. This includes taking reasonable steps to keep personal data we hold about you accurate, complete and current. If you discover that the personal data we are holding about you is inaccurate, please notify us as soon as possible.

Your rights

We will not process your personal data for marketing purposes. If we intend to use your data for such purposes, or if we intend to disclose your information to any third party for such purposes, we will inform you before collecting your data. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.  You can also exercise the right at any time by contacting us at support@riot.im.  

Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

Access to information

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act.  If you want to obtain a copy, please write to us at the address below (see Contact) and mark your letter "Subject Access Request".  Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

Changes to our privacy policy

We may revise the terms of this policy at any time and at our discretion. The date the policy was last revised is identified at the top of the page. When we make material changes to the Agreements, we’ll provide you with notice as appropriate e.g., by displaying a prominent notice within the Service or by sending you an email. Your continued use of the Website and Services after any changes will constitute acceptance by you of those amendments. Please therefore make sure you read any such notice carefully.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be sent by e-mail to support@riot.im or addressed to:

VECTOR CREATIONS LIMITED

90 High Holborn

London, WC1V 6XX

United Kingdom