What information do we collect?
As described below, the kinds of information that Mattermost collects and uses may depend on the configuration options selected by your administrator:
Security Fix Alert Feature:
Mattermost offers a Security Fix Alert feature that is designed to protect your system by attempting to alert you to relevant, high priority security fixes released for your system. You may opt out of receiving Security Alerts by switching off the feature in the System Console or via the configuration file (see link). If you opt out of the Security Fix Alert feature, Mattermost will not collect information required for communication of relevant Security Fix Alerts for your installation and may be unable to contact you regarding such alerts.
When you deploy a Mattermost server with the Security Alert feature enabled, information about your installation that is needed to (i) determine whether your system is at risk of security issues from time-to-time, and (ii) permit notification to you of security fixes and updates to protect your system, will be collected over an encrypted channel and communicated to Mattermost. Such collected and communicated information includes configuration options, the version and type of software components deployed, such as the Mattermost server, database and operating system, activity indicators counting the number of active users and teams, and a server identifier. If you are using an activated copy of Mattermost Enterprise Edition, Mattermost may also collect information about available enterprise features including commercial license key registration information.
Error and Diagnostics Reporting Feature:
Mattermost offers an Error and Diagnostics Reporting feature that, when enabled, permits the transmission of information to Mattermost about your system that is needed to diagnose errors and improve the functionality of Mattermost software for deployments with your usage pattern. This information will be collected over an encrypted channel, and include reports of critical errors, configuration options, the version and type of software components deployed, such as Mattermost server, database and operating system, anonymous usage statistics including changes to system preferences and creation of channels and posts. If you are using an activated copy of Mattermost Enterprise Edition, Mattermost may also collect information about usage of enterprise features as well as commercial license key registration information.
You may opt out of the Error and Diagnostics Reporting Feature by switching the feature off in the System Console user interface or via the system configuration file (see link). If you opt out of the Error and Diagnostics Reporting feature, Mattermost will not collect your information required for reporting of errors and diagnostics from your deployment and may be less able to improve system performance for deployments with your usage pattern in future.
Mattermost Hosted Push Notification Service:
What do we use your information for?
The information we collect from you may be used in the following ways:
To alert you of updates designed to protect your system from newly discovered potential security attacks.
To improve future versions of the Mattermost software for deployments with similar usage patterns as your installation — we continually strive to improve the performance, reliability and functionality of our product, and our efforts to do so are assisted the usage information and feedback we receive from you.
How do we protect your information?
Mattermost takes care to protect the information you provide as part of your use of the Mattermost software from misuse and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, as well as the current state of technology. You may opt-out of the Security Alerts (see link) and Error and Diagnostics Reporting (see link) services any time from the System Console or via the configuration file, as described previously. Any information that we consider potentially sensitive is transmitted through encrypted channels and we follow generally accepted industry standards to protect the data collected by us, both during transmission and after we receive it.
Internally, we restrict access to all personally identifiable information we receive from You to our personnel that need access to the information in order to do their jobs and that are authorized to handle such information. Our staff is limited and all personnel are committed to adhere to our privacy and security policies. All personnel execute nondisclosure agreements, which provide explicit confidentiality protections. Any staff member who violates our privacy and/or security policies is subject to possible termination of contract and civil/criminal prosecution.
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer the information we collect from you to unaffiliated third parties. We do, however, share the information we collect from you with trusted third parties who assist us in operating our site, conducting our business, or servicing you, provided that those parties agree to keep your information confidential and secure. We also reserve the right to release your information when we believe that release is necessary to comply with the law, enforce our site policies, or protect our own or another’s intellectual property rights, property, or safety.
Last revised September 2016.