Identity Server Privacy Notice

1. Introduction#

1.1 English, Not Legalese#

Privacy is important, and we want you to understand the issues involved. We have decided to use plain English as much as possible, to make our terms as clear as possible.

When you read 'the Identity Server', 'the Identity Servers', or 'the Service' below, it refers to the Identity Servers made available at greyman.network which provide account discovery services for GMN users.

Where you read 'GMN' or 'we' or 'us' below, it refers to Greyman Network.

The Matrix protocol is licensed by the Matrix Foundation which makes it available to third parties who set up their own Identity Server. This privacy notice does not apply to Matrix Identity Servers run by anyone else - Matrix is an open network like the Web and this agreement only applies to the Identity Servers (greyman.services) provided by GMN

GMN is the Data Controller for the Service.

Email: [email protected]

Should you have any other questions or concerns about this document, please send us an email.

1.2 This is a Living Document#

With your help, we want to make our policy documents the best they can be.

If you read something that rubs you the wrong way, or if you think of something that should be added, please get in touch! We're all ears! Email [email protected] and we'll chat.

We don't amend this document for any specific users or use case, but if your proposed changes apply to all of our users, we'll be happy to update it for everyone. Scroll to the bottom to see the history so far.

We will likely improve this document over time. By continuing to use the Service, you will implicitly accept the changes we make.

Your access and use of the Service is always subject to the most current version of this document.

2. What is a Matrix Identity Server?#

Identity Servers support contact discovery on GMN by letting people look up Third Party Identifiers to see if the owner has publicly linked them with their Matrix ID.

2.1 What is a Third Party Identifier?#

A Third Party Identifier is an identifier that uniquely identifies a person, but isn't a Matrix ID. Most commonly this is an email address or a telephone number.

2.2 How does it support contact discovery?#

Identity Servers offer the following services:

Verified Association of Matrix ID with Third Party Identifier#

You can ask the Identity Server to establish that you own your email address or phone number and associate it with your Matrix ID. The Identity Server will verify that you own that identifier by sending a link or code to your email address or phone. The association is not considered valid until your ownership of the Third Party Identifier has been confirmed.

Account Lookup by Third Party Identifier#

You can look up a Matrix ID by searching for its associated Third Party Identifiers. You cannot look up Third Party Identifiers by searching for their associated Matrix ID. For example: if Alice has used the Identity Server to link her email, [email protected] with her Matrix ID, @example:greyman.network, other users can look up her Matrix ID by querying the Identity Server with her email address, but they cannot discover her email address by querying the service with her Matrix ID.

The Identity Server supports both individual and bulk Third Party Identifier lookup:

Individual Third Party Identifier Lookup#

‍Individual Third Party Identifier Lookup is usually used when inviting a user to a Matrix room by their Third Party Identifier.

Bulk Third Party Identifier Lookup#

Bulk Third Party Identifier Lookup is usually used to check whether any of your existing contacts already have a Matrix ID.

Registration with Email or Phone Number#

GMN relies upon the Identity Server for part of new user registration, using the Identity Server to perform the verification of ownership of the email address or phone number.

We will be removing support for user registration from the GMN Identity Servers. In the near future homeservers we manage will be able to complete registration by email address without delegating ownership verification to an Identity Server. This document will be updated when this behavior has changed.

Password Reset#

GMN relies upon the Identity Server for password reset by email, using the Identity Server to send a unique link to the user to complete password reset securely.

3. Access to Your Data / Privacy Policy#

3.1 What is the legal basis for processing my data and how does this affect my rights under GDPR (General Data Protection Regulation)?#

3.1.1 Legal Basis for Processing#

Your data is processed under Legitimate Interest. This means that we process your data only as necessary to deliver the Service, and in a manner that you understand and expect.

The Legitimate Interest of the Service is the discoverability of contacts across the wider Matrix ecosystem. The processing of user data we undertake is necessary to provide the Service. This facility is an optional component of the services provided by GMN, designed to make contact discovery easier. Matrix works very well without an Identity Server.

3.1.2 Right to Erasure#

You can remove your data from the Service at any time by using a Matrix client (such as our GMN hosted Element web application at greyman.network) to remove your Third Party Identifiers from the connected Identity Server. The data will be rendered inaccessible across greyman.network Identity Servers straight away, and will be deleted from the greyman.network database within 30 days.

Your Third Party Identifiers will be deleted if your account is deactivated.

3.1.3 Data Portability#

Under GDPR you have a right to request a copy of your data in a commonly-accepted format. If you would like a copy of your data, please send a request to [email protected].

3.1.4 Your Rights as Data Subject#

You have rights in relation to the personal data we hold about you. Some of these only apply in certain circumstances. Some of these rights are explored in more detail elsewhere in this document. For completeness, your rights under GDPR are:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

For more information about these rights, please see the guidance provided by the ICO. If you have any questions or are unsure how to exercise your rights, please contact us at [email protected].

3.2 What Information Do You Collect About Me and Why?#

The information we collect is purely for the purpose of letting people discover Matrix IDs that have been publicly linked with a Third Party Identifier (such as email or telephone number). We do not profile users or their data on the Service.

3.2.1 Information you provide to us:#

We collect information about you when you input it into the Service or otherwise provide it directly to us.

  • Matrix ID
  • Third Party Identifiers (such as email or telephone number)

3.2.2 Information we collect automatically as you use the service:#

Third Party Identifiers you look up#

Third Party Identifiers that are looked up are logged in our application logs. These logs are kept for not longer than 7 days. Other systems logs may be kept up to 60 days.

‍Connection Information#

Currently, we log the IP address of the party who accesses the Service. This data is used in order to mitigate abuse, debug operational issues, and monitor traffic patterns. Our logs are kept for not longer than 180 days.

3.3 What Information is Shared With Third Parties and Why?#

3.3.1 Sharing Data with Connected Services#

The purpose of the Service is to share your associated Matrix ID with whomever looks up your linked Third Party Identifiers. As a reminder, use of this service is optional - if you do not want your Matrix ID to be discoverable from your Third Party Identifiers, please do not use the service.

3.4 Sharing Data in Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights#

In exceptional circumstances, we may share information about you with a third party if we believe sharing is reasonably necessary to:

  1. Comply with governmental request (see footnote),
  2. Protect GMN and our Users from harm or illegal activities, or
  3. Respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the serious bodily harm of any person.

With regards to #1, please see our documentation on how encryption on GMN works to understand which data would be available in such a request.

3.5 Our Commitment to Children's Privacy#

We never knowingly collect or maintain information in the Service from those we know are under 16, and no part of the Service is structured to attract anyone under 16. If you are under 16, please do not use the Service.

3.6 How Can I Access or Correct My Information?#

You can view and modify your published Third Party Identifiers by using any compatible Matrix client (such as our GMN hosted Element web application at greyman.network) and managing your User Settings.

3.7 Who Can See My Matrix ID/Third Party Identifier associations?#

Anyone who knows your Third Party Identifier can query the Service to see if you have publicly linked it with a Matrix ID. Queries only work in this direction It is not possible for parties who only know your Matrix ID to query the service and discover your Third Party Identifiers.

The association between your Matrix ID and your Third Party Identifiers is stored in GMN databases. This means that, unlike regular users, GMN administrators can look up your Third Party Identifiers from you Matrix ID (subject to the GMN data access guidelines below).

3.8 What Are the Guidelines GMN Follows When Accessing My Data?#

  • We restrict who at GMN can access user data to roles which require access in order to maintain the health of the Service.
  • We never share what we see with other users or the general public.

3.9 Who Else Has Access to My Data?#

We host all of GMN services locally on our own hardware and network. Physical access to our systems are protected under typical access restrictions and typically under armed protection.

We use Cloudflare to mitigate the risk of DDoS attacks. Here's Cloudflare's privacy policy.

3.10 How Is My Data Protected from Another User's Data?#

All of the GMN User data resides within the system. We use software best practices to guarantee that only GMN can access it. In other words, we segment User data via software. We do our best and are very confident we're doing a good job at it, but, like every other service that hosts User data on the same database, we cannot guarantee that it is immune to a sophisticated attack.

3.11 What Should I Do If I Find a Security Vulnerability in the Service?#

If you have discovered a security concern, please email us at [email protected] or contact an administrator in the GMN server. We'll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. Information security is our highest priority, and work to address any issues that arise as quickly as possible.

Please act in good faith towards our users' privacy and data during your disclosure. White hat security researchers are always appreciated.

4. Making a Complaint#

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention at [email protected] if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

5. Document History#

VersionDateComment
1.0.02021, March 15Policy document created and exposed online.