Riot.im Privacy Notice

Please read this document carefully before accessing or using this service!

1. Introduction

Riot.im is an Open Source Matrix client which you can use to connect to any server that implements the Matrix protocol.

Where you read New Vector, New Vector Ltd. or we or us below, it refers to New Vector Ltd., and its French subsidiary: New Vector SARL and their agents.

Where you read 'the Service' in this document, it refers to the Riot.im instances exposed on riot.im (or subdomains) by New Vector Ltd.

1.1 Riot.im Instances Provided By New Vector

New Vector Ltd hosts several Riot.im instances at https://riot.im/. Today these include:

This agreement covers all of these instances, and any others that we may choose to provide on https://riot.im or any subdomain (https://*.riot.im). We might change which instances we run, and how they are accessed, at any time.

This agreement does not cover Riot.im instances hosted by anyone else.

1.2 Company Contact Information

Email: support@vector.org

Postal address: 10 Queen Street Place, London, United Kingdom. EC4R 1AG.

2. Your Data Privacy and the Matrix Server

In giving you access to the Service we collect the bare minimum of information required to expose any service via the web.

This agreement does not cover your relationship with the Matrix server! Your account details and preferences, messages, files and any other data you share via the Matrix protocol are the responsibility of the Matrix server, and it is the provider of that server's job to make sure your data is handled appropriately and that you are well informed.

If you are using the server provided by New Vector Ltd, matrix.org, you can find the relevant Privacy Notice and Terms and Conditions here:

3. What Data We Collect

Data collected automatically

We collect your IP address when you request access to the Riot.im client from our web server. This data is collected under legitimate interest, as per GDPR Recital 49.

We use Cloudflare to protect against DDoS attacks, so both New Vector Ltd and Cloudflare can see this information.

We collect this information to support operational maintenance and to protect against malicious actions against our infrastructure. This data is deleted automatically after 180 days.

Data collected if you opt-in to analytics

All our analytics data is opt-in and fully anonymised. We don't record any personal or identifiable data for our analytics.

We record analytics using a self-hosted instance of Matomo, an Open Source analytics package with an emphasis on data privacy. This means that our analytics data is not accessible by any third party.