Security

Encryption

Private chats and DMs in Element are end-to-end encrypted by default. Messages are encrypted on your device before they reach our server. We hold the ciphertext; we don't hold the keys. We can't read those messages. Nobody can compel us to produce them in readable form, because we don't have a readable form.

Large public rooms are usually unencrypted. The Matrix protocol stores those messages in plaintext. As the host we have the technical access; we don't go reading.

Infrastructure

• US-based servers. Adding more US regions and international locations.
• SSL certificates on all HTTPS, renewed automatically.
• Full-disk encryption on customer-data volumes.
• Each customer's homeserver runs in an isolated environment.
• Daily encrypted backups. 30-day rolling retention.

Payments

Stripe processes cards. Card data goes from your browser to Stripe directly. It doesn't touch our servers. We keep invoice and subscription state, nothing more.

Accounts

• Passwords are securely hashed. We never see plaintext.
• Email verification required before subscribing.
• Sessions signed with rotating server-side secrets.
• Password reset and email change use one-time tokens with short expiry.

What we can see

The plain version:

We can see: your account info (email, server name), your billing records, server-level resource usage, and metadata about who sent what to which room, when. The metadata is inherent to Matrix; every Matrix server has it.

We cannot see: the contents of end-to-end-encrypted rooms.

We will not: sell your data, profile you, advertise against your content, or train models on your messages. We charge for hosting. That's the entire business model.

Legal requests

If we get a valid legal request for your data, we comply to the extent required. We don't volunteer your data otherwise.

We can only hand over what we have. For encrypted rooms that's the ciphertext, which is useless without your keys.