Legal

Privacy Policy

Last updated: 15 April 2026

Matome (“we”, “us”, “our”) is a user feedback data aggregation service. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with the Matome platform (“Service”). We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using Matome you agree to the practices described in this policy. If you do not agree, please stop using the Service and contact us to delete your account.

1. Who we are

Matome is the data controller for personal data collected directly from users of the platform (registrations, billing, support communications). For feedback data that you submit via the Matome API on behalf of your end-users, you act as the data controller and Matome acts as a data processor on your instructions.

Contact us at support@matome.co.uk for any data protection enquiries.

2. Data we collect

Account data

  • Name and email address when you register
  • Billing and payment information (processed by our payment provider; we do not store card details)
  • Organisation name and preferences you set in the dashboard

Feedback data (submitted via API)

  • User feedback text and metadata you send to the Matome ingest endpoint
  • Anonymous or pseudonymous user identifiers you choose to include
  • Timestamps and source platform labels

Usage data

  • Log data (IP address, browser type, pages visited, timestamps)
  • Feature usage telemetry to help us improve the Service

3. How we use your data

We process personal data for the following purposes and legal bases:

PurposeLegal basis
Providing and maintaining the ServiceContract performance
Sending transactional emails (alerts, invitations)Contract performance
Billing and subscription managementContract performance
Improving and developing the ServiceLegitimate interests
Security monitoring and fraud preventionLegitimate interests
Responding to support requestsLegitimate interests
Complying with legal obligationsLegal obligation

We do not sell personal data to third parties. We do not use your feedback data to train AI models for purposes other than delivering the Service to you.

4. Data storage and security

All data is stored in encrypted databases hosted on infrastructure located in the European Economic Area (EEA) or United Kingdom. Data in transit is protected by TLS 1.2 or higher. We apply access controls so that only authorised personnel can access production data, and only when necessary.

We maintain security measures including:

  • Encryption at rest for all database storage
  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Role-based access control and least-privilege principles
  • Regular dependency updates and security patching
  • Audit logging of significant system events

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

5. Data retention

Account data is retained for as long as your account is active and for a reasonable period after closure to fulfil legal obligations (typically 7 years for financial records). Feedback data is retained according to the plan you are subscribed to. You may request deletion at any time by contacting support@matome.co.uk.

6. Sharing data with third parties

We share data only with:

  • Infrastructure and hosting providers — to operate the Service (subject to data processing agreements)
  • Payment processors — to handle billing (they are independent controllers for payment data)
  • AI model providers — to generate summaries and embeddings from feedback text (data is processed under strict data processing agreements and is not used for training)
  • Law enforcement or regulators — where required by law

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request erasure of your data (“right to be forgotten”)
  • Restrict or object to certain processing
  • Receive your data in a portable, machine-readable format
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, email support@matome.co.uk with the subject “Data Request”. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

Matome uses strictly necessary cookies to maintain your authenticated session. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this will prevent you from logging in.

9. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have done so in error, please contact us and we will delete the data promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or by displaying a notice in the dashboard. The date at the top of this page shows when the policy was last updated. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

All privacy-related enquiries should be directed to support@matome.co.uk.