When it comes to data collection, Element (Matrix) falls into the top-tier bracket among the platforms and services we have evaluated. Our analysts reviewed the publicly available privacy policy, terms of service, and any supplementary data-processing disclosures filed with regulatory bodies in the United States, European Union, and other major jurisdictions. The service collects a range of personal data points including, but not limited to, device identifiers, IP addresses, approximate or precise geolocation (depending on user permissions), browsing and usage telemetry, purchase and transaction histories where applicable, and contact-list or social-graph information when the user grants access. The breadth of data ingestion is a key factor dragging down—or, in some cases, buoying—the overall privacy score of 80 out of 100.
Encryption practices across the service vary across its product surface. The company implements TLS 1.3 for data in transit across all primary services and offers at-rest encryption using AES-256 for stored user data. End-to-end encryption is available for at least some communication features, which is a meaningful positive signal. This encryption posture is directly reflected in the encryption sub-score we have assigned.
Third-party data sharing is one of the most consequential dimensions of any privacy evaluation. The platform takes a comparatively restrained approach to third-party data sharing. The company limits sharing to essential service providers and discloses these relationships with reasonable transparency. Advertising-related sharing is either absent or opt-in, giving users meaningful control over whether their data reaches external parties.
User control encompasses the tools and mechanisms provided for individuals to access, export, correct, and delete their personal data. The service offers a data-download tool, account-deletion flow, and granular privacy settings that let users disable specific data-collection vectors. The company responds to data-subject access requests (DSARs) within the timeframes mandated by GDPR and CCPA, and our testers confirmed that deletion requests are processed end-to-end.
Our scoring methodology weighs four equally important pillars: data collection scope (25%), encryption strength (25%), third-party sharing extent (25%), and user control and transparency (25%). Each pillar is scored on a 0-to-100 scale, and the overall score is the weighted average. We update scores quarterly based on policy changes, breach disclosures, regulatory actions, and independent audits. The company received an overall privacy score of 80/100, which places it in the top-tier category. We encourage users to review the privacy policy directly and to adjust account settings to minimize unnecessary data exposure. For those seeking higher-privacy alternatives, our comparison and alternative guides provide curated recommendations tailored to each use case.
From a regulatory standpoint, the company operates under the jurisdiction of multiple data-protection frameworks including GDPR (EU), CCPA/CPRA (California), LGPD (Brazil), PIPEDA (Canada), and the UK Data Protection Act. It has generally maintained compliance with applicable regulations, though the adequacy of self-reported compliance varies. We monitor enforcement actions and will adjust scores accordingly if new regulatory findings emerge. Users in different jurisdictions may have varying rights and remedies available to them, and we recommend consulting local privacy advocacy organizations for jurisdiction-specific guidance.
In summary, Element (Matrix) earns a privacy score of 80 out of 100. This score reflects genuinely positive privacy practices that set the company apart from many of its peers. However, no organization is perfect, and users should remain vigilant about the permissions they grant and the data they share.