Legal Terms & Policies
Mattermost Privacy Policy
Effective Date: March 19, 2024
This Mattermost, Inc. (“Mattermost” or “we” or “us” or “our”) privacy policy (the “Privacy Policy”) is designed to help you understand what information we collect and how we use or share that information.
For self-hosted (on-premises) products, please see the first section of this Privacy Policy. For all other Mattermost products, services, and interactions, please see the remainder of the policy starting with the section entitled “Scope of this Privacy Policy.”
Self-Hosted (On-Premises) Products
This is the only section of the Privacy Policy that applies to end users of our self-hosted (on-premises) products. With self-hosted products, the Customer (defined below) that purchases the Mattermost product also controls the processing of end user data. Mattermost collects limited information related to end users, such as service and usage data like error and diagnostics information, security alerts, log file reports, and other data associated with device identifiers, unless the Customer opts out of this information collection. We refer to this information as “telemetry data,” and it does not include any end user personal identifiers or message contents. Please see telemetry data for more information.
- We use telemetry data to protect and improve the self-hosted products, such as to maintain security and prevent abuse.
- To the extent that our processing of telemetry data from self-hosted products is subject to the GDPR, the legal bases for such processing include GDPR Art. 6(1)(b) (performance of a contract) and GDPR Art. 6(1)(f) (legitimate interests).
We may share telemetry data collected through our self-hosted products in limited ways to support the product and comply with law, as follows:
- With service providers, subcontractors, partners, vendors, consultants, and others that help us provide the self-hosted products, and are not permitted to use the information collected on our behalf except to help us conduct and improve our business;
- To respond or comply with, in our sole discretion, a court order, subpoena, law enforcement, other government request, or other legal process (with or without notice to you, in our discretion) under applicable law;
- With buyers, successors, or others in connection with a potential or actual merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our business or assets;
- To: (i) satisfy any applicable law or regulation, (ii) investigate and defend ourselves against any third party claims or allegations, or (iii) protect against harm to the rights, property or safety of us or third parties (including financial loss, or in connection with preventing fraud or illegal activity, and/or to enforce our other agreements with you); and
- With our Customer’s consent or at the Customer’s direction.
For Customers who participate in telemetry data collection, we also may collect information through end user surveys. Survey responses may include personal information if survey respondents choose to provide it. In addition, if a Customer chooses to enable push notification services for a self-hosted product, then we will additionally collect personal information about end users to support notifications. When we collect survey responses or information related to push notifications, we use and disclose such information in the same ways as described in this Privacy Policy for end users of our other Services.
If you would like to learn more about our self-hosted products practices, you can contact us at [email protected]. If you are a Customer purchasing a self-hosted product, you can see the sections relating to Customers below to learn how we process your personal information collected through our business interactions.
Scope of this Privacy Policy
The remainder of this Privacy Policy applies to:
- Visitors to Mattermost.com, Mattermost forum, Mattermost documentation, Mattermost Community, code repositories, and other Mattermost websites (collectively, the “Sites”)
- Mattermost Customers
- End users of Mattermost’s cloud products and services (collectively, the “Services”)
- Mattermost Community or forum participants, including members and contributors
Our practices for each of these groups are described below. Please read this Privacy Policy carefully. By accessing or using any part of the Services or the Sites, you acknowledge that you have been informed of our practices with regard to your personal information and other data. If you do not agree to this Privacy Policy, please immediately cease use of the Services and the Sites and please shut down your account.
Customer Control of Services Data
In order to provide the Services, Mattermost is utilized by an organization (either an employer or another entity or person) (each, a “Customer”) under a contract that governs the delivery, access, and use of the Services. When you are an end user of our Services, the Customer has authorized you to access the Services. The Customer owns and controls the messages, files, or other content submitted to the Services, including your personal information (the “Customer Data”) and your account with the Services and any associated Customer Data that you provide. In these cases, Mattermost acts as a data processor (or service provider) within the meaning of applicable privacy laws, and the processing of Customer Data is governed by any data processing agreement between Mattermost and the Customer in addition to this Privacy Policy. The Customer controls the processing of Customer Data through the Services. Please contact the Customer if you have any questions related to such Customer’s specific settings and privacy practices in relation to the Services.
1. Contact Us
Please contact us at [email protected] if you have any complaints, questions, comments, or concerns with respect to your privacy or this policy.
If you believe that any account credentials for the Services have been compromised, please contact us immediately at [email protected].
2. Information We Collect and How We Use It
We collect information that you provide and information that we receive automatically. As described below, our information practices vary depending on whether you are acting as a visitor to our Sites, a Mattermost Customer, an end user of our Services, or a Mattermost Community or forum participant.
Please be aware that some of the information described below is required to offer the Sites and Services, and if this information is not provided, we may not be able to provide the Sites and Services. We may use the information we collect for any lawful purpose, including the purposes specifically described below. We may also use information that has been aggregated or deidentified, so that it cannot reasonably be associated with a specific person, for any business purpose. We maintain and use deidentified information only in deidentified form—we do not attempt to reidentify such information except as needed to determine that the information is appropriately deidentified.
Information Collected About Website Visitors:
If you are a visitor to our Sites, we collect information about you as described below. We may also combine the information we collect about you with information we obtain from third parties.
Information You Provide to Us: We collect personal information that you provide when you send us a message through our Sites, register for or create an account with the Sites, or request more information from us. This information includes your name, email address, phone number, other contact details, and other information you choose to provide us.
- We use this information primarily to communicate with you about the Sites and Services and respond to your requests. For instance, we use your contact information to respond to your questions, send you information that may interest you, communicate about account-related matters, and resolve technical issues you may encounter. We may also use your information to give you access to demo and educational materials.
- We may also use information you provide to improve our Sites and Services and to market to you.
- To the extent that our processing of the information you provide is subject to the EU General Data Protection Regulation or its UK equivalent (together the “GDPR”), the legal bases for this processing include GDPR Art. 6(1)(b) (performance of a contract) and GDPR Art. 6(1)(f) (legitimate interests).
Technical Information We Collect Automatically: When you use or visit the Sites, we (and other entities) may use cookies (and similar technologies) to automatically collect technical information, such as Internet Protocol (IP) address, location, browser type and settings, date and time the Sites were used, the web page that you were visiting before accessing our Sites, information about your activities on the Sites, external links and the features or content which you accessed from our Sites. When you access the Sites with a device (including a mobile device), we may also collect and store a unique identifier associated with your device and additional information about the device, including user settings, location, operating system of the device, and crash settings. Please see our Cookies Policy for more information about our collection and use of cookies and similar technologies.
- We use this technical information for various purposes, including to protect from potential security attacks and abuse. We may also use this type of information to verify accounts and activity, and to detect, investigate, prevent, and respond to potential or actual security incidents and other malicious, deceptive, fraudulent, or illegal activity. We also use technical information to help us improve performance and content, measure traffic, and measure usage trends. Additionally, we use this information to drive engagement with our Sites and Services and to market our Sites and Services.
- To the extent that our processing of technical information is subject to the GDPR, the legal basis for such processing is GDPR Art. 6(1)(f) (legitimate interests).
Information Collected About Customers:
As described below, we collect information about our Customers, such as administrative users of our Services and individuals who purchase our Services on behalf of their employer. We may also combine the information we collect about our Customers with information we obtain from third parties.
Information You Provide to Us: We collect personal information that you provide when you register for or create an account with our Services or request more information about our Services. We may also collect Customer information through helpdesk systems, forums, web input forms, surveys, and ticketing tools. This information may include your name, email address, phone number, other contact details, and other information you choose to provide. It can also include business information like billing details (such as payment information and billing addresses) and your organization’s name, phone number, domain, email address, and physical address.
- We use this information primarily to communicate with you about the Services and respond to your requests. For instance, we use your contact information to respond to your questions, inform you about changes to the Services and any Mattermost events, provide you access to demo and educational materials, communicate about account-related matters, and resolve technical issues you may encounter.
- We may also use information you provide to improve our Services, to market to you, and to offer you information and updates on our products or Services that may interest you.
- To the extent that our processing of service and usage information is subject to the GDPR, the legal bases for such processing include GDPR Art. 6(1)(f) (legitimate interests) and GDPR Art. 6(1)(b) (performance of a contract).
Technical Information We Collect Automatically: When you use or visit the Sites, we (and other entities) may use cookies (and similar technologies) to automatically collect technical information when you use or visit the Sites, such as Internet Protocol (IP) address, location, browser type and settings, date and time the Sites were used, the web page that you were visiting before accessing our Sites, information about your activities on the Sites, external links and the features or content which you accessed from our Sites. When you access the Sites with a device (including a mobile device), we may also collect and store a unique identifier associated with your device and additional information about the device, including user settings, location, operating system of the device, and crash settings. Please see our Cookies Policy for more information about our collection and use of cookies and similar technologies.
- We use this technical information for various purposes, including to protect from potential security attacks and abuse. We may also use this type of information to verify accounts and activity, and to detect, investigate, prevent, and respond to potential or actual security incidents and other malicious, deceptive, fraudulent, or illegal activity. We also use technical information to help us improve performance and content, measure traffic, and measure usage trends. Additionally, we use this information to drive engagement with our Sites and Services and to market our Sites and Services.
- To the extent that our processing of technical information is subject to the GDPR, the legal basis for such processing is GDPR Art. 6(1)(f) (legitimate interests).
Information Collected from Mattermost Services:
If you are an end user of the Services we provide to our Customers, we may collect information related to your use of our Services, as described below.
Service Information: When end users use our Services, we collect information that is generated that provides context about the way end users use the Services, such as team and channel memberships, system preferences, features they use, content and links they interact with, the types of files shared and what third party services are used (if any). We may also collect information end users voluntarily provide to us through the Services, such as survey responses.
- We use this service information to provide the Services to our Customers. For instance, this may include improving the Services and personalizing end users’ experiences with Services. We may also use this information to research and analyze usage and performance of Services to make the Services more useful, more performant, and more intuitive.
- To the extent that our processing of service information is subject to the GDPR, the legal bases for such processing include GDPR Art. 6(1)(b) (performance of a contract) and GDPR Art. 6(1)(f) (legitimate interests).
Log and Device Information: We may also record log file information each time end users access and use the Services, such as Internet Protocol (IP) address, location, browser type and settings, date, and time. When end users access the Service with a device (including a mobile device), we may also collect and store a unique identifier associated with an end user’s device and additional information about the device accessing the Services, including user settings, location, the operating system of the device, and crash settings.
- We use this log and device information to provide the Services to our Customers. As part of providing our Services, we use this information to protect from potential security attacks and abuse, to verify accounts and activity, to improve our Services, to detect, investigate, prevent, and respond to potential or actual security incidents, and to monitor and protect against other malicious, deceptive, fraudulent, or illegal activity.
- To the extent that our processing of log and device information is subject to the GDPR, the legal bases for such processing include GDPR Art. 6(1)(b) (performance of a contract) and GDPR Art. 6(1)(f) (legitimate interests).
Push Notification Information: Certain Customers may choose a specific configuration that uses the Mattermost Hosted Push Notification Service (HPNS). When using this feature, Customers may choose to enable information collection about end users that includes, but is not limited to usernames, full names, channel names and message preview snippets (which may include personal information shared by end users in messages, if the Customer enables the ability to display message preview snippets for the HPNS relay).
- We use this push notification information to provide the Services to our Customers, which may include improving and personalizing our Services.
- To the extent that our processing of push notification information is subject to the GDPR, the legal bases for such processing include GDPR Art. 6(1)(b) (performance of a contract) and GDPR Art. 6(1)(f) (legitimate interests).
Information from Community or Forum Participants:
If you participate in the Mattermost Community or forum, we may collect information as described below. We may also combine the information we collect about you with information we obtain from third parties.
Information You Provide to Us: When you participate in the Mattermost Community or forum , we collect personal information that you provide to us, such as when you register for or create an account, request more information about our Sites or Services, or contribute to our open source projects. This information may include your name, email address, physical address, phone number, and other information you choose to provide.
- We use this information primarily to provide the Sites and Services to you. We may also use your contact information to respond to your questions, inform you about changes to the Sites and Services and Mattermost events, communicate about your contributions, solicit feedback, send you information about Sites and Services that may be of interest to you, and resolve technical issues you encounter. If you have made a contribution to our open source projects, we may use your physical address to send you certain mailings as well, like thank you gifts.
- To the extent that our processing of such information is subject to the GDPR, the legal bases for processing this information include GDPR Art. 6(1)(f) (legitimate interests) and Art. 6(1)(b) (performance of a contract).
Technical Information We Collect Automatically: When you participate in the Mattermost Community or forum, we may send cookies to your computer or device that allow us to uniquely identify your browser, computer, or device. We (and other entities) may use cookies (and similar technologies) to collect other technical information when you use or visit the Sites and Services, such as Internet Protocol (IP) address, location, browser type and settings, date and time the Sites and Services were used, the web page that you were visiting before accessing our Sites and Services, information about your activities on the Sites and Services, external links and the features or content which you accessed from our Sites or Services. When you access the Sites or Services with a device (including a mobile device), we may also collect and store a unique identifier associated with your device and additional information about the device, including user settings, location, operating system of the device, and crash settings.
- We use this technical information for various purposes, including to protect from potential security attacks and abuse. We may also use this type of information to verify accounts and activity, and to detect, investigate, prevent, and respond to potential or actual security incidents and other malicious, deceptive, fraudulent, or illegal activity. We also use technical information to help us improve performance and content, measure traffic, and measure usage trends. Additionally, we use this information to market, promote, and drive engagement with our Sites and to market our Services.
- To the extent that our processing of technical information is subject to the GDPR, the legal basis for such processing is GDPR Art. 6(1)(f) (legitimate interests).
Information Shared with Third Parties and For What Purposes
We do not sell, trade, or otherwise transfer the information described above to unaffiliated third parties for monetary consideration. We may share information about website visitors, Customers, end users of the Services, and Mattermost Community and forum participants with other entities for specific purposes. This sharing may include:
- With service providers/processors, subcontractors, partners, vendors, consultants, and others that help us with any of the purposes in this Privacy Policy, including by providing tools that integrate with our Sites and Services or by performing services on our behalf such as processing payments, sending email, providing back-office services, or measuring site traffic. Entities designated as our service providers/processors are not permitted to use the information collected on our behalf except to help us conduct and improve our business.
- With providers of machine learning and artificial intelligence tools. With respect to information collected through our Services, we make such information available to such providers if they integrate with our Services and only to the extent permitted by our Customers;
- With our affiliates, parent companies, subsidiaries, and other related companies, all for the purposes in this Privacy Policy;
- To respond or comply with, in our sole discretion, a court order, subpoena, law enforcement, other government request, or other legal process (with or without notice to you, in our discretion) under applicable law;
- With buyers, successors, or others in connection with a potential or actual merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our business or assets;
- To: (i) satisfy any applicable law or regulation, (ii) enforce this Privacy Policy, including the investigation of potential violations thereof, (iii) investigate and defend ourselves against any third party claims or allegations, or (iv) protect against harm to the rights, property or safety of us, the Sites, the Services, other users of the Services, or third parties (including financial loss, or in connection with preventing fraud or illegal activity, and/or to enforce our other agreements with you); and
- With your consent or at your direction, with our Customer’s consent or at our Customer’s direction, or as otherwise disclosed at the time of data collection or sharing.
We also may share information that is not collected through our Services with third parties for marketing and advertising purposes. For both our Sites and Services, we may share information that has been de-identified or aggregated without limitation.
How We Protect Information
We implement a variety of security measures aimed at maintaining the safety of the personal information we collect from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process, and store, as well as the current state of technology. Given the nature of communications and information processing technology, we cannot guarantee that information we collect will be absolutely safe.
Cookies and Similar Technologies
As noted above, we use cookies and similar technologies on our Sites and Services. Please read our Cookies Policy for more details.
Digital Advertising and Analytics
Our Services do not collect, use, or share information for advertising. However, in connection with our Sites, we may partner with ad networks and other ad serving providers (“Advertising Providers”) that serve ads on behalf of us and others on non-affiliated platforms. Some of those ads may be personalized, meaning that they are intended to be relevant to you based on information Advertising Providers collect about your use of the Sites and other sites or apps over time, including information about relationships among different browsers and devices. This type of advertising is known as interest-based advertising.
To opt out of these practices or learn more about this type of advertising, you may visit the Digital Advertising Alliance Webchoices tool at www.aboutads.info/choices. You can also opt out of Google ad tracking by following the instructions on this page: https://adssettings.google.com/. As described below in the “California Privacy Rights” section of this Privacy Policy, California residents (such as our Customers, website visitors, and Mattermost Community and forum participants) also have a right under California law to opt out of sharing of personal information for interest-based advertising (also known as “cross-context behavioral advertising”). This right can be exercised by using the Webchoices and Google ad tracking tools described above.
Electing to opt out from interest-based advertising will not stop advertising from appearing in your browser or applications. It may make the ads you see less relevant to your interests. If you use a different browser or device, you may need to renew your opt-out choice.
We may also work with third parties that collect data about your use of the Sites and other sites or apps over time for non-advertising purposes. We use Google Analytics and other third-party services to improve the performance of the Sites and for analytics and marketing purposes. For more information about how Google Analytics collects and uses data when you use the Sites, visit www.google.com/policies/privacy/partners, and to opt out of Google Analytics, visit tools.google.com/dlpage/gaoptout.
Our Legal Bases for Processing in the EU
If the GDPR is applicable as per Art. 3 of the GDPR, then references to “personal information” in this Privacy Policy are equivalent to “personal data” governed by the GDPR.
As described above, we rely on various legal bases to process the personal information we collect. Our legal basis for processing this personal information depends on the personal information concerned and the specific context in which we process it. We will normally collect personal information only where we need the personal information to perform a contract (e.g. to provide our Services), where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent. In some cases, we may also have a legal obligation to process personal information.
International Data Transfers and Storage
In order for us to operate and provide our Sites and Services globally, the personal information we collect may be transferred or accessed in various countries, including the United States of America. If you are located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”), please note that we may transfer information, including personal information, to a country and jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal information than the jurisdiction you typically reside in.
In the event that personal information is transferred outside of the EEA, Switzerland, or the UK to a country which is not subject to an adequacy decision by relevant regulators or considered adequate as determined by applicable laws, we will take steps to ensure the personal information is protected (e.g., by implementing approved Standard Contractual Clauses or relying on other data transfer mechanisms as available under applicable laws).
Additionally, Mattermost complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework with regard to the processing of personal information received from the European Union (“EU”), UK, and Switzerland in reliance on the same. More information about Mattermost’s compliance can be found below in the “Data Privacy Framework” section of this Privacy Policy.
Retention of Personal Information
We retain the personal information we collect for as long as we need to provide our Sites and/or Services, or as required to comply with our legal obligations. After such time, we will delete, de-identify, or aggregate this information within 60 days, unless otherwise required by law.
If you have an account on Mattermost Sites or Services, we will retain your information for as long as your account is active or as needed to perform our contractual obligations, provide our Sites or Services to you, comply with legal obligations, resolve disputes, preserve legal rights, or enforce our agreements. We will delete, de-identify, or aggregate this information to the extent possible once it is no longer necessary to fulfill the purposes for which it was collected and processed.
Depending on the Services plan, Customers may be able to customize their retention settings for end user information such that they are different than Mattermost’s standard data retention practices. Customers may also apply different settings to messages, files, or other types of Customer Data. The deletion of Customer Data and other use of the Services by Customer may result in the deletion and/or de-identification of certain personal information and other information.
European Privacy Rights
Individuals in the EU, EEA, or the UK may have certain rights with respect to personal information processed through the Sites and Services. If your personal information was submitted to us by a Customer or your account is controlled by a Customer, then please contact the applicable Customer directly to learn about the rights you may have. Otherwise, please complete our request form to exercise any of the below rights.
Subject to certain exceptions and limitations, you may have the right:
- to request information regarding the processing of your personal information by us;
- to obtain the rectification of any inaccurate personal information stored by us or completion of such information;
- to obtain the erasure of your personal information stored by us;
- to obtain the restriction of processing of your personal information;
- to receive your personal information that you have provided to us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
- to withdraw your consent once given to us at any time.
In addition to the above-listed rights, you may also have the right to lodge a complaint with your local data protection authority. Further information about how to contact your local data protection authority is available at https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
State Privacy Rights
Mattermost Community and forum participants who are residents of California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, or Virginia may have rights under privacy laws in those states regarding personal information we process about them. Additionally, Mattermost Customers, visitors to our Sites, and other business contacts of Mattermost (collectively, our “Business Contacts”) who are California residents have rights under the California Consumer Privacy Act (“CCPA”) regarding personal information we collect about them. This section contains disclosures required by state privacy laws and explains the rights available under these laws.
However, this section does not cover personal information processed to provide our Services, because we process such information on behalf of our Customers as a “service provider” or “processor.” To learn more about the rights that may be available to you as an end user of the Services under state privacy laws, like the CCPA, please visit our Customers’ privacy policies.
Personal Information We Collect and Disclose. In the past 12 months, we collected and disclosed the below categories of personal information about Mattermost Community and forum participants and our Business Contacts.
- Personal and online identifiers (such as first and last name, email address, or unique online identifiers);
- Record-keeping information (such as address);
- Commercial or transactions information (such as records of products or services obtained or considered);
- Internet or other electronic network activity information (such as interactions with Mattermost’s Sites, emails, applications, and/or advertisements);
- Audio or visual information (such as video or call recordings);
- Professional or employment-related information;
- Sensitive personal information (such as account log-in information for your account);
- Inferences drawn from the above information about your predicted characteristics and preferences; and
- Other information about you that is linked to the personal information above.
Categories of Sources. We collect this personal information from the following categories of sources:
- You, when you provide it to us directly or by using our Sites or Services;
- Others at your organization, in connection with the business relationship between Mattermost and your organization;
- Other Mattermost Community or forum participants;
- Service providers;
- Affiliates not under the Mattermost brand;
- Commercial data resellers; and
- Event organizers of events you register to attend.
Why We Collect, Use, and Share Personal Information. We collect, use, and disclose personal information for our business and commercial purposes described in the “Information We Collect and How We Use It” and the “Information We Share with Third Parties and For What Purposes” sections of this Privacy Policy above.
Recipients of Personal Information. We may disclose each category of personal information that is described in this “State Privacy Rights” section to the categories of third parties described in the “Information We Share with Third Parties and For What Purposes” section of this Privacy Policy above.
While we do not sell the personal information we collect for money, we may allow certain third parties to collect personal information through our Sites in ways that may be viewed as “sales” under certain state privacy laws. This includes sharing such personal information for interest-based advertising purposes (also known as “cross-context behavioral advertising” or “targeted advertising”) by allowing third-party advertising providers to collect data on our Sites as described above under “Digital Advertising and Analytics” section of this Privacy Policy.
Your Rights Regarding Personal Information. Residents of California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia may have certain rights with respect to the personal information collected by businesses like Mattermost. If you are a resident of one of these states, you may be able to exercise the following rights regarding your personal information, subject to certain exceptions and limitations:
- The right to confirm whether we are processing personal information about you.
- For California residents, the right to know the categories of personal information we collect, use, disclose, and share about you, the categories of sources from which we collected your personal information, our purposes for collecting or sharing your personal information, the categories of your personal information that we have either shared or disclosed for a business purpose, and the categories of third parties to which we have disclosed personal information.
- The right to access a copy of the specific pieces of personal information that we have collected about you.
- The right to request that we delete the personal information we have collected from you.
- The right to request that we correct inaccurate personal information we maintain about you.
- The right to opt out of our sales, including sharing of your personal information for interest-based advertising purposes.
- The right not to receive discriminatory treatment for the exercise of the above privacy rights.
While some state privacy laws provide an opt-out opportunity for certain uses or disclosures of “sensitive personal information”, Mattermost uses and discloses such information only for purposes permitted by these laws that do not require an opt-out opportunity.
To opt out of “sales” of personal information for interest-based advertising purposes, please use the Digital Advertising Alliance WebChoices and Google ad tracking tools described above in the “Digital Advertising and Analytics” section of this Privacy Policy. To exercise any of the other above rights, please complete our request form.
Depending on your state, if you have submitted a request that you believe we have not fulfilled, you may contact us to appeal our decision by sending an email with the subject line “Appeal” to [email protected].
Verification Process and Required Information. For certain types of requests, we may need you to provide additional information to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. For all requests other than opt-out requests, we will require you to provide, at a minimum, your name and email address. We will verify your request by comparing information in your request to personal information we have collected about you.
Authorized Agent. You may designate an authorized agent to make a request on your behalf by submitting a written, signed permission to [email protected].
Minors. We do not knowingly sell or share the personal information of minors under 16 years of age.
Third-Party Links and Tools
This Privacy Policy does not apply to any third-party websites, services, integrations, or applications, even if they are accessible through our Sites and/or Services. This Privacy Policy only applies to our Sites and Services, so when you follow links to other websites you should read those separate and independent privacy policies to learn about their data practices. We have no responsibility or liability for the content and activities of these linked sites, or for any third-party websites, services, integrations, or applications.
The Sites and/or Services may also include integrated tools or “plug-ins,” such as machine learning, artificial intelligence, or social networking tools offered by third parties. If you use these tools to share personal information or you otherwise interact with these features on the Sites or Services, those third parties may collect information about you and may use and share such information in accordance with their privacy policies, and as applicable, your account settings.
Your interactions with third-party companies and your use of their features are governed by the privacy policies of the companies that provide those features. We encourage you to carefully read the privacy policies of any accounts you create and use.
Your Choices
To opt out of our email marketing, you can use the link provided at the bottom of each marketing message. If you opt out of our email marketing, we will still send you messages related to our transactions and relationship with you, such as order confirmations.
For choices with respect to third-party interest-based advertising activities, please see the “Digital Advertising & Analytics” section above.
Updating Your Information
When you have an account with us, you may review, change, or update your contact information by logging into your account.
Changes to our Privacy Policy
If we decide to change our Privacy Policy, we will post those changes on this page. We encourage you to visit this page periodically to learn of any updates.
Data Privacy Framework
Mattermost complies with the EU–U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss–U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce (collectively, the “Frameworks”). Mattermost has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Mattermost has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF.
If there are any conflicts between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the “DPF Principles”), the DPF Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
(1) Onward Transfers
Mattermost is accountable for the processing of personal information it receives under the Frameworks and subsequently transfers to a third party. Mattermost complies with the DPF Principles for all onward transfers of personal information from the EU, UK, and Switzerland, including the onward transfer liability provisions.
(2) Personal Information Processing
Mattermost commits to subject to the DPF Principles all personal information received from the EU, UK, and Switzerland in reliance on the relevant Framework.
Information about the types of personal information collected, the purposes for our information collection and use, as well as the types of third parties with whom we share personal information and purposes for this sharing can be found above in this Privacy Policy. We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
(3) Rights and Choices
Residents of the EU, UK, and Switzerland have the right to access the personal information that Mattermost maintains. In some cases, you may also have the right to limit the use and disclosure of personal information. These rights are described more fully in the “European Privacy Rights” section of this Privacy Policy. You can exercise these rights by completing our request form.
(4) Dispute Resolution and Enforcement
In compliance with the DPF Principles, Mattermost commits to resolve DPF Principles-related complaints relating to your privacy and our collection or use of personal information without any charge to you. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal information received in reliance on the Frameworks should first contact us at:
Email address: [email protected]
When you contact us, we will work to resolve your issue quickly. In compliance with the DPF Principles, Mattermost commits to refer unresolved complaints concerning our handling of non-human resources personal information received in reliance on the Frameworks to TRUSTe, an alternative dispute resolution provider based in the United States. For clarity, non-human resources personal information includes all personal information processed by Mattermost on behalf of its Customers. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your complaint to your satisfaction, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Further, Mattermost also commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unsolved complaints related to human resources personal information received in reliance on the Frameworks in the context of the employment relationship with Mattermost. You may engage the appropriate authority concerning adherence to the applicable DPF Principle, and Mattermost shall respond directly to such authorities with regard to investigations and resolutions of complaints.
Under certain conditions, more fully described on the Data Privacy Framework website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
The Federal Trade Commission has jurisdiction over Mattermost’s compliance with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.