Update Privacy Policy

[thibaultamartin]

Supersedes #2775

🎩 Website WG on behalf of the legal team

✔️ Checklist

• Check for common mistakes:
  • Wrap plain URLs in <> to linkify them (learn more).
  • Use the right level of headings: The page title will use a level 1 headings, so your headings should use level 2 and below.
  • Use internal links: when linking to another page on https://matrix.org, use the Zola [label](@/target.md) syntax.
• For blog posts:
  • Verify the date and post ordering on the /blog page, especially for multiple posts on the same day. Prefer UTC format, e.g. 2025-12-01T14:00:00Z for Dec 1st, 2025, 2pm UTC.
  • Set the correct author and category. Browse existing ones at https://matrix.org/author/ and https://matrix.org/category/ to match them.
• Let us know if you are contributing in a specific role, such as on behalf of an organisation or team, for example.
• Let us know if your PR is time-sensitive in any way.
• Mention any issues related to the PR. Use GitHub keywords as appropriate.
• Your individual commits or pull request is signed off.

This PR should be merged today

[cloudflare-workers-and-pages]

Deploying matrix-website with    Cloudflare Pages

Latest commit:	e2fdf99
Status:	✅  Deploy successful!
Preview URL:	https://1dcc33a6.matrix-website.pages.dev
Branch Preview URL:	https://update-privacy-policy.matrix-website.pages.dev

View logs

[HarHarLinks]

we probably need to reference this in the handbook and consider it when setting up these services

[HarHarLinks]

same here

[HarHarLinks]

matrix.org or Matrix.org?

[HarHarLinks]

For the next iteration, I suggest to keep the wording more general instead of specific to Element. It's the team running the HS, not Element for the sake of being Element. For comparison: everywhere else it is written "guidelines the Foundation follows when accessing my data" and similar.

[HarHarLinks]

per 2.11

it would be feasible to link to headings as appropriate.

[HarHarLinks]

For the next iteration: This sentence implies that Foundation staff does not restrict itself in the same way.

[HarHarLinks]

For the next iteration: The implication from the following sentence is: Does Mythic Beasts not control physical access to their data centres?

[HarHarLinks]

Something's wrong about the heading levels.

is substantially bigger than

Maybe the legal pages ought to enable the ToCs.

Here is a useful patch for debugging (renders a TOC up to H5 into all pages incl legal):

diff --git a/templates/page.html b/templates/page.html
index 5dfe305f8..40970bd9b 100644
--- a/templates/page.html
+++ b/templates/page.html
@@ -12,6 +12,53 @@
     <header>
         <h1>{{ page.title }}</h1>
     </header>
+        <aside>
+            <h3>Post Contents</h3>
+
+            <ul style="list-style: none; padding-left: 0px;">
+                {% for h1 in page.toc %}
+                <li>
+                    <a href="{{ h1.permalink | safe }}">{{ h1.title }}</a>
+                    {% if h1.children %}
+                    <ul>
+                        {% for h2 in h1.children %}
+                        <li>
+                            <a href="{{ h2.permalink | safe }}">{{ h2.title }}</a>
+                            {% if h2.children %}
+                            <ul>
+                                {% for h3 in h2.children %}
+                                <li>
+                                    <a href="{{ h3.permalink | safe }}">{{ h3.title }}</a>
+                                    {% if h3.children %}
+                                    <ul>
+                                        {% for h4 in h3.children %}
+                                        <li>
+                                            <a href="{{ h4.permalink | safe }}">{{ h4.title }}</a>
+                                            {% if h4.children %}
+                                            <ul>
+                                                {% for h5 in h4.children %}
+                                                <li>
+                                                    <a href="{{ h5.permalink | safe }}">{{ h5.title }}</a>
+                                                </li>
+                                                {% endfor %}
+                                            </ul>
+                                            {% endif %}
+                                        </li>
+                                        {% endfor %}
+                                    </ul>
+                                    {% endif %}
+                                </li>
+                                {% endfor %}
+                            </ul>
+                            {% endif %}
+                        </li>
+                        {% endfor %}
+                    </ul>
+                    {% endif %}
+                </li>
+                {% endfor %}
+            </ul>
+        </aside>
     {{ page.content | safe }}
 </article>
 {% endblock content %}

[HarHarLinks]

imo:

diff --git a/content/legal/privacy-notice.md b/content/legal/privacy-notice.md
index 8eaaf6aca..be46dac48 100644
--- a/content/legal/privacy-notice.md
+++ b/content/legal/privacy-notice.md
@@ -84,7 +84,7 @@ State events are processed differently to non-state events. State events are use
 
 Because an account deactivation causes the removal of any data which could be used to validate the ownership of an account, it is our policy to not reactivate deactivated accounts. This measure is in place to protect the privacy and integrity of all accounts.
 
-#### 2.1.3.1 Exceptional erasure
+##### 2.1.3.1 Exceptional erasure
 
 As described above, erasing a state event may result in our needing to erase the entire conversation at the same time. Deciding whether to take this drastic step will require a balancing exercise to be carried out at the time of the request, and will depend on:
 
@@ -100,17 +100,17 @@ Each case will be decided based on the factors listed above. In most situations
 
 Under GDPR you have a right to request a copy of your data in a commonly-accepted format. If you would like a copy of your data, please send a request over Matrix to [[email protected]](mailto:[email protected]). In the future we will provide a better interface for this!
 
-#### 2.2 What Information Do You Collect About Me and Why?
+### 2.2 What Information Do You Collect About Me and Why?
 
 The information we collect is purely for the purpose of providing your communication service via Matrix. We do **not** profile users or their data on the Service.
 
 Be aware that while we do not profile users on the Service, third party Matrix clients may gather usage data.
 
 #### 2.2.1 Information you provide to us
 
 We collect information about you when you input it into the Service or otherwise provide it directly to us.
 
-#### 2.2.1.1 Account and profile information
+##### 2.2.1.1 Account and profile information
 
 We collect information about you when you register for an account. This information is kept to a minimum on purpose, and is restricted to:
 
@@ -135,32 +135,32 @@ Additionally, we collect data associated with each of your sessions, specificall
 
 Your email address and/or telephone number are used so that other users can look up your Matrix ID from these identifiers via the Matrix.org Identity Server. We will also use your email address to let you reset your password if you forget it, and to send you notifications about missed messages from users trying to contact you on Matrix if you enable the option. We may also send you infrequent urgent messages about platform updates.
 
-#### 2.2.1.2 Content you provide through using the Service
+##### 2.2.1.2 Content you provide through using the Service
 
 We store and distribute the messages and files you share using the Service (and across the wider Matrix ecosystem via federation) as described by the Matrix protocol and according to the access rules configured within the system. Storing and sharing this content is the reason the Service exists.
 
 This content includes any information about yourself that you choose to share.
 
-#### 2.2.1.3 Information you provide through purchases in the Matrix.org Foundation shop
+##### 2.2.1.3 Information you provide through purchases in the Matrix.org Foundation shop
 
 The Matrix.org Shop is an online store at which you can purchase Matrix.org-branded merchandise, such as stickers or tee-shirts. All proceeds go to The Matrix.org Foundation. Data you provide for this purpose is processed under Performance of Contract. This means that we process your data for the purposes of fulfilling orders you make from us, getting in touch with you, responding to your requests, working with our suppliers to deliver the Service and enabling its features, ensuring the security of our Service, developing, fixing and improving our Service, administering our business and complying with the law.
 
 The information we collect is purely for the purpose of taking payments for merchandise and shipping your purchases to you. We do not profile users or their data on the Service. We may need your personal information to establish, bring or defend legal claims. For this purpose, we will retain your personal information for the statutory recommended  7 years after the date it is no longer needed by us for any of the purposes listed under How we use your information above.
 
-##### 2.2.1.3.1 Information you provide to us
+###### 2.2.1.3.1 Information you provide to us
 
 We collect information about you when you input it into the Service or otherwise provide it directly to us.
 
 * Name and contact details  
 * Delivery address  
 * Purchase information  
 * Payment details (handled by Big Cartel, not visible to Matrix.org Foundation employees)
 
-##### 2.2.1.3.2 Information we collect automatically as you use the service
+###### 2.2.1.3.2 Information we collect automatically as you use the service
 
 Your IP address is logged when you access the Service. This data is used in order to mitigate abuse and debug operational issues. Our logs are kept for no longer than 180 days.
 
-##### 2.2.1.3.3 Third-parties
+###### 2.2.1.3.3 Third-parties
 
 **Big Cartel**
 
@@ -182,7 +182,7 @@ We use [Donorbox](https://donorbox.org/) to collect donations from individuals a
 
 [Donorbox](https://donorbox.org/) manages payment processing via [Stripe](https://stripe.com/). You can review their Privacy Policy [here](https://donorbox.org/privacy).
 
-#### 2.2.1.4 Information collected for Event Management
+##### 2.2.1.4 Information collected for Event Management
 
 For events held by the Foundation, we collect information through services such as Pretix and Pretalx. This information includes:
 
@@ -220,7 +220,7 @@ For more information on Pretix, who support us with event ticketing, please see
 
 For more information on Pretalx, who support us with event scheduling, please see their Privacy Policy.
 
-#### 2.2.1.5 Information collected for paid plans
+##### 2.2.1.5 Information collected for paid plans
 
 We need to collect additional information on your account to manage paid plans. This is essentially a flag to identify your account as being on a free or paid plan. Payment details are processed by [Stripe](https://stripe.com/). Additionally, we use [Xero](https://www.xero.com/) to automate our tax obligations.