1. Introduction
    1.1 English, Not Legalese
    Most Terms of Use and Privacy Policy documents are unreadable. They are written by lawyers and for lawyers, and in our opinion are not very effective.
    Privacy is important, and we want you to understand the issues involved. For that reason we decided to use plain English as much as possible, to make our terms as clear as possible. Some sections still have room for improvement — we plan to tackle these over time.
    Where you read ‘Dialog’, ‘Dialog Matrix Services’, ‘DMS’, ‘the Dialog app store’ or ‘dialogmessenger.ru’ it refers to all services made available at https://dialogmessenger.ru for:
    • The Dialog chat app, an open source Matrix client which you can use to connect to any server that implements the Matrix protocol;
    • The Gitter developer communication app;
    • The purchase, provisioning, configuration, monitoring and management of hosted homeservers and associated services via Dialog Matrix Services (DMS), or the Dialog app store.
    Where you read ‘homeserver’, ‘homeservers’ or ‘the Homeserver’, it refers to the services configured within Dialog which store the user account and personal conversation history, provide additional functionality such as bots and bridges, and (where enabled by the Customer) communicate via the open Matrix decentralised communication protocol with the public Matrix Network.
    1.2 Scope of This Document
    This document explains how we process personal data, as it relates to:
    • Dialog chat app users: Dialog chat app users use Dialog to connect to any server that implements the Matrix Protocol.
    • Gitter app users: Gitter.im is now a part of Dialog, and will soon be bridged to the Matrix protocol, allowing its users to talk to other Matrix users.
    • Dialog Customers: Dialog Customers use Dialog Matrix Services (DMS) to provision and manage hosted homeservers.
    This document does not cover:
    • Your relationship with the Matrix server if it isn’t provided by DMS: Your account details and preferences, messages, files and any other data you share via the Matrix protocol are the responsibility of the Matrix server, and it is the provider of that server’s job to make sure your data is handled appropriately and that you are well informed.
    • Your relationship with identity servers: you might chose to use an identity server, to allow other Matrix users to discover you via the Dialog app. This is optional and requires your explicit consent to discover users from your personal contacts. For the identity server made available by us, please see the Identity Server Privacy Notice.
    If you are using the matrix.org server provided by the Matrix Foundation, you can find the relevant Privacy Notice and Terms and Conditions here:
    • Matrix.org Privacy Notice — https://matrix.org/docs/guides/privacy_notice.html
    • Matrix.org Terms and Conditions — https://matrix.org/docs/guides/terms_and_conditions.html
    • Matrix.org Code of Conduct — https://matrix.org/docs/guides/code_of_conduct
    • Matrix.org Copyright Notice — https://matrix.org/docs/guides/copyright_notice
    1.3 The Customer and the User
    This document is designed to explain Data Protections issues relating to Dialog Customers and Users. Put simply, you’re a Customer if you’re paying (or otherwise compensating) Dialog to provide a dedicated hosted messaging service. If you have an account registered on a homeserver that you use to send and receive messages, or use the Dialog chat app to connect any server within the Matrix Protocol, you are a User.
    It is possible to be both a Customer and a User, but we encourage you to consider these roles separately when thinking about Data Protection concerns.
    1.4 Changes to This Document
    Over time we may make changes to this document. If we make a material change we will provide the Customer with reasonable notice prior to the change. We will set forth the date upon which the changes will become effective; any use of Dialog by the Customer, or any use of a hosted homeserver from DMS by a User will constitute the Customer’s acceptance of these changes.
    Your access and use of Dialog is always subject to the most current version of this document.
  2. Access to Your Data
    2.1 What is the legal basis for processing my data and how does this affect my rights under GDPR (General Data Protection Regulation)?
    2.1.1 Legal Basis for Processing
    Dialog has different legal basis for processing, based on which product you are using:
    • Dialog chat app users: we collect your IP address when you request access to the Dialog client from our web server. This data is collected under Legitimate Interest, to support operational maintenance and to protect against malicious actions against our infrastructure.
    • Gitter app users: we collect the details of whatever account you use to sign-up to Gitter, via OAuth (this could be GitLab/GitHub/Twitter). This data is collected under Legitimate Interest, to allow you to use the service.
    • Dialog customers: your data is processed under Performance of Contract. This means that we process your data only as necessary to meet our contractual obligations to you, or to engage with you to do something before entering into a contract (such as providing a quote);
    2.1.2 Data Ownership — Messaging and File data within hosted homeservers
    The Customer can use Dialog Matrix Services to provision and manage hosted Matrix homeservers. The Customer owns and controls all messages and files submitted to their homeserver by User accounts registered natively on their homeserver. This ownership does not extend to messages and files submitted over federation or bridging.
    This means that, in addition to the usual data access controls defined by the Matrix protocol, all unencrypted messages and files can be accessed by the Customer, and that access is retained even if no User account within the system retains access to the data.
    2.1.3 Your Rights as Data Subject
    You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. Some of these rights are explored in more detail elsewhere in this document. For completeness, your rights under GDPR are:
    1 The right to be informed
    2 The right of access
    3 The right to rectification
    4 The right to erasure
    5 The right to restrict processing
    6 The right to data portability
    7 The right to object
    8 Rights in relation to automated decision making and profiling.
    For more information about these rights, please see the guidance provided by the ICO. If you have any questions or are unsure how to exercise your rights, please contact us.
    2.2 What Information Do You Collect About Me and Why?
    The information we collect is for the purpose of supporting your management of hosted homeservers through Dialog Matrix Services, or to support operational maintenance of the Dialog Matrix client. We do not profile homeserver Users or their data, but we might profile metadata pertaining to the configuration and management of hosted homeservers so that we can improve our products and services.
    2.2.1 Information you provide to us:
    We collect information about you when you input it to the Dialog or Dialog Matrix Services apps or otherwise provide it directly to us.
    Dialog Matrix Services (DMS) and Dialog Home Customer Account and Profile Information
    We collect information when you register for an account. This information is kept to a minimum on purpose, and is restricted to:
    • Email address
    • Authentication Identifier; one of:
    • Email address and password
    • Twitter id
    • Google id
    Your authentication identifier is used to authenticate your access to Dialog Matrix Services at https://ems.host and to uniquely identify you.
    You will be given the choice to set up 2-Factor Authentication to secure your account. For 2FA over SMS, we will require your phone number. This information will be shared with Twilio, a SMS service provider.
    Dialog Matrix Services (DMS) Customer and Dialog Home Account Transaction and Billing Information
    Paying for hosted homeserver services via DMS is handled entirely by our payment processor, Stripe. The processor stores your credit card information as well as your billing contact information in order to process your monthly or annual automatic renewals, or to allow you to upgrade or downgrade your subscription without re-entering a credit card number.
    We never have access to, nor store your full credit card information.
    The payment processor code we use also sets a cookie in your browser, to remember your info for future purchases. You can delete or block that cookie if you wish; our website will continue to work.
    We require you to enter your billing information. This data, as well as the last four digits of your credit card which is sent to us by our payment processor, is stored in our transaction database in order to maintain our financial records. This information appears on your invoice, which can be accessed by anyone who has been sent the url link to your invoice. We make the invoice links purposefully long and hard to guess for added security, and we prevent search engines from indexing them.
    The history of changes to the billing contact information on the invoice made by you or our team are logged and stored in our transaction database.
    The data we collect in our transaction database, including Personal Data, is not shared with third parties, except for the purposes of determining the validity of a payment. In this case we may share the name and email address associated with the purchase with the credit card holder, your company’s accounting department, or with our payment processor when responding to a chargeback.
    We use a third-party, Quaderno, to help us with tax automation within our billing system.
    Dialog Home Account Setup
    When setting up an Dialog Home account via the setup wizard, we will temporarily access your account data, in order to migrate your existing Matrix account to your new Dialog Home account. This includes:
    • List of rooms you have joined
    • Power levels in those rooms
    • Your avatar
    The setup wizard will also request your OpenID and access token, in order to retrieve your name and verified email address. This information will be temporarily sent to our backend, but will not be retained following your setup completion.
    If you do not have an email address verified by a trusted homeserver (such as Matrix.org), we will require you to add and verify a valid email address, for billing and host setup purposes.
    Lead generation and marketing information
    We might collect information about you through adverts placed in third-party platforms such as LinkedIn, Twitter or Google. Whenever you click an advert on these platforms you may be asked to provide details such as:
    • Email address
    • Organisation of employment
    • Job title
    Within each of these adverts you will be notified of the legal basis under which your data will be processed. This information will be stored on our marketing automation platform Outplay and our CRM systems Salesforce and Pipedrive, and will be processed in accordance with this policy. We also use Hubspot, Matomo and Posthog to manage our website analytics and marketing automation.
    2.2.2 Information we collect automatically as you use the service:
    Connection Information
    We log the IP addresses of everyone who accesses Dialog. This data is used in order to mitigate abuse, debug operational issues, and monitor traffic patterns. Our logs are kept for:
    • 30 days, for DMS Customer IP addresses;
    • 180 days, for Dialog chat app IP addresses;
    Usage Information
    We track usage data for Dialog hosting services. When you are signed in to your account we may track your usage of the site and associate that information with your account details. This data helps us understand how our users are using the application so that we can make improvements to the Service.
    Our analytics are powered by the Free and Open Source analytics platform Matomo, hosted entirely within our network. The servers which host this data are located in the EEA, specifically in London, United Kingdom. We don’t share any analytics data with third parties.
    If you are using the Dialog chat app, you will be asked to opt-in to this anonymised data collection. Your use of the Service does not rely on your opt-in to this. When using any of the Dialog chat clients after opt-in, your visit to the service will be logged, alongside your device ID and agent. This allows us to understand usage patterns based on each platform. The mapping of this data is logged for 28 days — from this point on only aggregated data is kept, for operational and statistical purposes. For further details on our collection and usage of analytics data, please see our Cookie Policy.
    When reporting errors we might collect some information to help us find a solution. This may include your IP address, hostname, full name and e-mail address. This information is collated in the application monitoring platform Sentry and is subject to strict retention policies.
    Location Information
    We may collect location data on you, if you choose to use the static or live location sharing features within the Dialog app. This includes your longitude, altitude and latitude data in order to accurately calculate your precise location.
    Location data is held within the room in which it is shared, so it will be encrypted in encrypted rooms and not encrypted in rooms where encryption is switched off. You will be shown a disclaimer during your first time using this feature, but please apply caution and consideration when sharing your personal data within the app.
    The Dialog clients use the third-party service MapTiler to provide the images used to display maps.
    2.4 Sharing Data in Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights
    In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to
    (a) comply with any applicable law, regulation, legal process or governmental request,
    (b) protect the security or integrity of our products and services (e.g. for a security audit),
    (c) protect Dialog and our users from harm or illegal activities, or
    (d) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the serious bodily harm of any person.
    2.5 How Do You Handle Passwords?
    We never store password data in plain text; instead they are stored hashed (with at least 12 rounds of bcrypt, including both a salt and a server-side pepper secret). Passwords sent to the server are encrypted using SSL.
    It is your sole responsibility to keep your user name, password and other sensitive information confidential. Actions taken using your credentials shall be deemed to be actions taken by you, with all consequences including service termination, civil and criminal penalties.
    If you become aware of any unauthorised use of your account or any other breach of security, you must notify Dialog immediately by sending an email. Users should manage good password hygiene (e.g. using a password manager) and change their password if they believe their account is compromised.
    If you forget your password (and you have registered an email address) you can use the password reset facility to reset it.
    2.6 Our Commitment to Children’s Privacy
    We never knowingly collect or maintain information in Dialog, through any of the Services provided, from those we know are under 16, and no part of Dialog is structured to attract anyone under 16. If you are under 16, please do not use the Service.
    2.7 How Can I Access or Correct My Information?
    If you are a customer of Dialog Matrix Services (DMS) you can access all personal information that we collect by using the account management interface at https://dialogmessenger.ru You can download a copy of all your data as per section 2.1.3.
    If you are a user of the Dialog chat app you can request a copy of your data by emailing. We are working on a solution which will allow you to download the data automatically.
    2.8 Who Can See My Homeserver Configuration?
    Data stored in Dialog is accessible by the Customer’s account and by Dialog engineers (employees and contractors) under the conditions outlined below.
    2.9 What Are the Guidelines Dialog Follows When Accessing My Data?
    • We restrict who at Dialog (employees and contractors) can access Dialog non-encrypted data to roles which require access in order to maintain the health of the Dialog apps and services.
    • We never share what we see with other users or the general public.
    2.10 Who Else Has Access to My Data?
    We host the Dialog Matrix Services on Amazon Web Services (AWS), specifically:
    • Our admin server is hosted in an AWS data centre in Amsterdam;
    • Our deployment server is hosted in an AWS data centre in Stockholm;
    • Customer deployments have the option to select the geographical location which is the most convenient for them;
    We also host the Gitter.im app on AWS, in a datacenter based in the East of the US.
    Amazon employees may have access to some of this data. Here’s Amazon’s privacy policy. Amazon controls physical access to their locations.
    We use Cloudflare to mitigate the risk of DDoS attacks. Here’s CloudFlare’s privacy policy.
    Physical access to our offices and locations use typical physical access restrictions.
    We use secure private keys when accessing servers via SSH, and protect our AWS console passwords locally with a password management tool.
    Nobody at Dialog, or any of our processors, is able to access encrypted data.
    2.11 What happens if Dialog is sold?
    In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
    If we or substantially all of our assets are acquired by a third party, personal data held by us about our users will be one of the transferred assets.
    2.12 How Is My Data Protected from Another User’s Data?
    All of the Dialog user data resides within the same dedicated cluster. We use software best practices to guarantee that only the Customer can access it. In other words, we segment User data via software. We do our best and are very confident we’re doing a good job at it, but, like every other service that hosts User data on the same database, we cannot guarantee that it is immune to a sophisticated attack.
    2.13 What Should I Do If I Find a Security Vulnerability in the Service?
    If you have discovered a security concern, please email us. We’ll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. Information security is our highest priority, and work to address any issues that arise as quickly as possible.
    Please act in good faith towards our users’ privacy and data during your disclosure. White hat security researchers are always appreciated.
  3. Making a Complaint
    We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention at dpo@dialogmessenger.ru if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
    If you want to make a complaint about the way we have processed your personal information to the supervisory authority, you can contact the ICO (the statutory body which oversees data protection law) at https://www.ico.org.uk/concerns.
  4. Document History
    • 2018, March 28: Policy document for public homeserver exposed at https://matrix.org was created.
    • 2018, August 2: This document was derived from the above.
    • 2020, July 15: Document revision
    • 2020, August 14: Updates to section 2.2.2 and 2.10
    • 2020, October 2: Update to section 2 to include Gitter user data and section 2.2.2 to include Sentry error log collection
    • 2021, February 22: Updates to section 2, to include Dialog Home offering and update to section 2.2.1 to include marketing Information
    • 2021, April 23: Updates to 1.1 to include US subsidiary and 2.2.1 to cover Twilio for 2FA
    • 2021, October 11: updates to 2.2.1 to cover changes in Marketing subprocessors
    • 2021, December 1: updates to 1.2 to define relationship with identity servers
    • 2022, May 30: updates to 2.2.2 to include location sharing