Starting the first of January this year, many businesses serving customers in California follow CCPA – a new regulation in California – when they process their personal data. Are you looking for a communications platform that can be used with the CCPA? Or are you already using Rocket.Chat and looking for some details about the effects of CCPA? Look no further, we have some answers for you right here.

What is the CCPA?

In short, a comprehensive consumer privacy law in the United States, enacted in 2018 and put in force on the first day of 2020. It is in parts much alike the General Data Protection Regulation (GDPR) in Europe and aims to put consumers in control of their data. The search engine of your choice will likely produce millions of results on the CCPA as it has been widely debated over the last few months. Rather than providing you a recap, let’s dive right into Rocket.Chat.

How can you use Rocket.Chat to comply with CCPA?

Rocket.Chat comes with numerous capabilities that make it easy for you to follow the requirements of CCPA when using Rocket.Chat. Being open-source, Rocket.Chat generally comes in two ways of installation:

  • Self-managed, where you run it on the infrastructure of your choice. We have both a Community Edition and an Enterprise Edition with more features available.
  • Our hosted offering, where we provide you the full service of running the edition of your choice for you. (Start your trial here: /pricing#cloud)

What is important for you under CCPA depends on the type of installation you want to use.

For all installations, including self-managed:

  • You can fully customize your privacy notice in Rocket.Chat. Either set an individual privacy notice text or place a URL to your overarching policy. This way you can inform your users about how you intend to use Rocket.Chat in your organization and what data you want to collect.
  • You can manage all data subject rights by yourself. Rocket.Chat gives you capabilities e.g. to delete personal data of individuals or to export data in an industry-standard format. According to your preferences, you can even toggle if you want this process as a user self-service or under the control of the administrator.
  • With our granular permission system, you can also give selected roles (e.g. moderators of a channel) the rights needed to purge messages, so your communities can govern themselves if you wish to.

For our hosted offerings:

  • We are a service provider under CCPA. In our privacy policy, we describe the categories of personal data we process. We also limit the usage of the personal data of your instance: we only use it in ways necessary to provide you the service. We do not collect and sell your personal data, you remain the owner of your data and in full control. As CCPA is a new law, there are different interpretations in how to address it in service provider agreements: So if you have specific contractual language that you would like to include, feel free to reach out to your sales representative.
  • We charge the same price for the same tier, regardless of the data inside. In today’s economy, some services offer “free” services as long as you allow them to analyze and sell onward your data. This is not our business model. We do not charge you different prices based on the personal data you enter in your instance. Our pricing tiers are purely based on features (/pricing#cloud) and in every tier, you remain in control of your data. Also in your free trial period.
  • All servers run on a secured infrastructure based on AWS. You can choose the region of where your data is hosted. In case an incident would occur, we would inform you and cooperate in the incident response to your users.

We hope this helped you with the implications of CCPA on your organization. As the next update of the CCPA called “CCPA 2.0” is already in planning, let us know which other features you would like to see upcoming.