Message Matrix Privacy Policy

Last updated: 01st October 2025

This privacy policy explains how Message Matrix Ltd ("Message Matrix", "we", "us", "our") collects, uses and protects your personal data when you:

visit our website at https://messagematrix.io
subscribe to our newsletter or other updates
connect to our Concierge and Messaging Platform through instant messaging channels such as WhatsApp, SMS, RCS, Signal, WeChat, etc
join a community or take part in campaigns that we operate directly.

If you are using a Concierge or Messaging service that has been provided by Message Matrix on behalf of a Customer, see the section "When we provide services on behalf of our Customers" below. If you do not agree with this policy, please do not use our website or services.

1. Who we are and how to contact us

Message Matrix Ltd is a company registered in England and Wales.

Registered office: 20-22 Wenlock Road, London, N1 7GU, United Kingdom
Website: https://messagematrix.io
Email for privacy queries: data.officer@messagematrix.io

In this policy:

"User" means an individual who visits our website or interacts with a Concierge or Messaging Platform that we operate.
"Customer" means an organisation that purchases or uses Message Matrix services; for example another business, public sector body or other organisation.

We are the data controller for personal data that we collect when you visit our website or use a Concierge and Messaging Platform that we operate in our own name.

2. What this policy covers

This policy explains:

what personal data we collect and from whom
how and why we use your data
our lawful bases for processing under UK GDPR
who we share your data with and why
whether we transfer data internationally
how long we keep data
how we keep data secure
your rights and how to exercise them
how we use cookies and similar technologies
how we update this policy.

3. Personal data we collect

3.1 Data you give us directly

You may give us personal data when you:

fill in forms on our website
subscribe to a newsletter or download content
start a conversation with our Concierge using instant messaging
take part in a community, survey, competition or promotion
contact us by email, contact form or messaging channels.

This may include:

name
job title and company
email address
phone number or instant messaging handle
communication preferences
any information you choose to include in messages or conversations with us or with the Concierge.

3.2 Conversation content with the Concierge and Messaging Platform

When you interact with our Concierge through instant messaging channels, we process:

the messages you send and the responses you receive
information about your preferences and interests that you choose to share
any feedback you provide about our services or our Customers.

We use this to operate the Concierge, answer questions, improve our services and provide analytics and reporting.

3.3 Technical and usage data

When you visit our website or use the Messaging Platform, we may collect:

IP address and approximate location
device identifiers, browser type and version, operating system
pages viewed, links clicked and time spent on the site
information about how you interact with messages; for example delivery, opens, clicks and replies
error logs and performance data that help us keep the service secure and reliable.

3.4 Cookies and similar technologies

We use cookies and similar technologies on our website for analytics, performance and to remember your preferences. For more detail, please see the Cookie Policy on our website. We do not knowingly collect information from children under 18 years of age.

3.5 Payment and billing data

When you buy services from us, we process payment and billing data. This may include:

billing name and address
business details such as company name and VAT number, if you provide them
details of the services you have purchased
payment details such as part of your card number and expiry date or other payment method information.

We use third party payment providers to process card and other electronic payments. Your full card details and security code are handled securely by those providers and are not visible to us. We only receive limited information such as the last few digits of the card, the card type and the status of the transaction. Please check the relevant payment provider's own privacy policy for more detail on how they handle your payment information.

4. How and why we use your data

We use your personal data for the following purposes:

To provide our services: To operate the Concierge and Messaging Platform, respond to your messages, and deliver information that you request.
To answer questions and support users: To help you find relevant information, troubleshoot issues and provide customer support.
To send service messages: To send messages that are necessary to provide the service you have asked for; for example reminders about an event you have registered for; important service updates; or changes to this policy.
To send marketing and sponsor messages: Where permitted, to send you information about our services; thought leadership; and sponsor or partner messages that we think may be relevant to you.
To personalise content and recommendations: To tailor Concierge responses, suggestions and content based on your interactions, preferences and role; for example showing content that is more relevant to event organisers or exhibitors.
To take and manage payments: To process payments for services you buy from us; issue invoices and receipts; and handle queries, refunds or chargebacks.
To measure performance and improve our services: To understand how people use our website and messaging services; to test features; and to improve content, user journeys and performance.
To keep our services secure: To monitor for fraud or misuse; to protect the integrity of our systems; and to meet our legal and regulatory obligations.
To comply with legal obligations and resolve disputes: To keep appropriate records; respond to lawful requests from authorities; and manage legal claims.

5. Our lawful bases for processing

Under UK GDPR we rely on different lawful bases depending on the purpose.

Performance of a contract: When we use your data to provide services you have requested; such as running a Concierge conversation; sending essential service messages; managing an account; or taking payment for services you buy from us.

Legitimate interests: When we use your data for our reasonable business purposes and these are not overridden by your rights and interests. For example:

analysing usage to improve services and fix problems
keeping our systems secure
basic audience segmentation and reporting
limited marketing of similar services to existing Customers, where PECR allows this.

Consent: When we send marketing or sponsor messages by instant messaging or email where consent is required by PECR; or when local laws require consent for particular types of processing. You can withdraw your consent at any time.

Legal obligation: When we need to process data to comply with law; such as tax, accounting or regulatory requirements. This includes keeping financial and transaction records for tax, accounting and audit purposes.

If we rely on legitimate interests, we only do so after considering the impact on your rights and expectations. Users in the European Union and the United States may have additional rights under local data protection laws. These rights sit alongside the UK GDPR bases explained here and are described further in the "Your rights" section below.

6. Marketing and sponsor messages

We may send marketing or sponsor messages in the following ways:

instant messaging messages through channels such as WhatsApp, SMS, RCS, Signal, WeChat, etc
email newsletters and updates
messages within communities we operate.

These messages may include:

information about Message Matrix products and services
educational content, case studies and invitations to events
sponsor or partner messages that are relevant to the audience; for example exhibitors at an event or partners in a community.

We only send these messages where this is allowed by PECR and other applicable laws. In practice that means we will either:

ask you to opt in; or
rely on our legitimate interests to send messages about similar services, where you have an easy way to say no.

When you start a conversation with the Concierge or Messaging Platform we will tell you what types of messages you can expect and how to opt out. You can control your marketing preferences at any time:

reply "NO MKTG" in the relevant messaging channel to stop marketing messages on that channel
click the unsubscribe link in our marketing emails
email us at data.officer@messagematrix.io with your request.

We may still send service messages that are necessary for your use of the service, even if you opt out of marketing.

7. Use of AI and automated decision making

Our Concierge is powered by artificial intelligence. It uses your messages and context to generate helpful replies; suggest content; and help you discover relevant information. Key points:

the AI Concierge is designed to support and augment human teams, not to replace them
you can always ask the Concierge to connect you with a human, where that option is available in a specific deployment
we do not use the Concierge to make decisions which produce legal or similarly significant effects about you; such as credit decisions or access to essential services.

We use technical and organisational controls to prevent misuse and we regularly review performance and safety.

We share personal data only when necessary and with appropriate safeguards.

8.1 Service providers and partners

We may share data with:

messaging infrastructure providers such as WhatsApp (provided by Meta); SMS gateways; and other instant messaging platforms, etc; so that messages can be delivered
AI platform providers that help us generate Concierge responses and analyse conversations
cloud hosting and infrastructure providers that host our website and Messaging Platform
payment service providers who process card and other electronic payments on our behalf
analytics and monitoring services that help us measure performance and improve reliability
professional advisers such as lawyers, auditors and insurers where necessary.

These providers may act as our data processors and we require them to process personal data only according to our instructions and to keep it secure.

8.2 When we provide services on behalf of our Customers

Message Matrix often provides the Concierge and Messaging Platform as a service to other organisations such as businesses, public sector bodies or other corporate Customers. In those situations:

our Customer is the data controller of the personal data involved
Message Matrix acts as a data processor and handles data only on the Customer's instructions
this privacy policy applies to our role as a controller for our own website and direct services
Customers have their own privacy policies explaining how they use your data; if you are unsure, you should refer to the relevant Customer's policy or contact them directly.

8.3 Legal and business reasons

We may also share data:

to comply with a legal obligation or lawful request
to protect the rights, property or safety of Message Matrix, our Users or others
in connection with a merger, acquisition or sale of all or part of our business.

If this happens, we will take steps to ensure your privacy is protected. We do not sell personal data.

9. International transfers

Our services may involve processing in countries outside the United Kingdom and the European Economic Area. For example; some of our service providers may be based in other countries; and messaging platforms such as WhatsApp and other channels operate globally.

When we transfer personal data outside the UK or EEA, we will:

rely on an adequacy decision where the destination country is recognised as providing an equivalent level of protection; or
use appropriate safeguards; such as the International Data Transfer Agreement or the EU Standard Contractual Clauses; as approved by the relevant regulators.

You can contact us for more information about these safeguards.

10. Data retention

We keep personal data only for as long as it is needed for the purposes described in this policy; or as required by law. In summary:

website and contact data is kept while we are dealing with your enquiry and for a reasonable period afterwards; so we can refer back to previous conversations
messaging logs, Concierge conversations and related analytics are kept for a period that lets us operate the service; analyse performance; and handle any issues that arise
marketing preference and consent records are kept for as long as we need to show that we have respected your choices and complied with PECR and UK GDPR
technical logs and security data are kept for periods that support security monitoring and auditing.

Where possible we use a range of one to two years for routine operational data and a longer period; up to several years; for records we need for legal or compliance reasons. Financial and transaction records relating to services you buy from us are normally kept for up to six years to meet tax, accounting and audit requirements.

When data is no longer needed, we will delete it or anonymise it so that it can no longer be linked to an identifiable person. More specific retention periods are documented in our internal data protection records.

11. Security

We use a combination of technical and organisational measures to protect personal data; for example:

encryption in transit and at rest where appropriate
access controls and authentication
regular security updates and monitoring
staff training and policies on data protection and confidentiality
vendor due diligence and contracts that require appropriate security.

Where we take card payments, we use payment providers who apply industry standard security controls and do not require us to store your full card number or security code on our own systems. No system can be guaranteed as completely secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will act in line with our legal obligations; which may include notifying you and the relevant regulator.

12. Your rights

Depending on where you live, you may have the following rights in relation to your personal data:

Right of access to request a copy of the personal data we hold about you
Right to rectification to correct inaccurate or incomplete data
Right to erasure to ask us to delete your data in certain circumstances
Right to restriction to ask us to limit how we use your data in certain situations
Right to object to processing based on legitimate interests or to direct marketing
Right to data portability to receive your data in a commonly used format and, where technically feasible, to have it transferred to another controller
Right to withdraw consent where we rely on consent; you can withdraw it at any time.

If you are in the European Union or the United States; you may have additional rights under EU GDPR or state privacy laws. These will generally include the ability to know what personal data is collected about you; to request access to it; to ask for it to be deleted; and to object to certain uses, including some kinds of targeted advertising. You can exercise these by contacting us and we will explain how they apply in your case.

You can exercise your rights by:

sending a message in the relevant instant messaging channel; or
emailing us at data.officer@messagematrix.io.

We may need to verify your identity before responding. We aim to respond to all valid requests within one month; or within the timeframe required by law.

12.1 Right to complain

If you are unhappy with how we handle your personal data, please contact us first so that we can try to resolve the issue. You also have the right to complain to the UK Information Commissioner's Office (ICO):

Website: https://www.ico.org.uk
Phone: +44 (0)303 123 1113

If you are based in the EU or USA you may also have the right to complain to your local supervisory authority.

13. Cookies and similar technologies

We use cookies and similar technologies on our website:

strictly necessary cookies to make the site work
analytics cookies to understand how visitors use the site
preference cookies to remember your choices.

Where required by law, we will ask for your consent before placing non-essential cookies. You can usually manage cookies through your browser settings and, where available, through our cookie banner. For more detail, please see our Cookie Policy on our website.

14. Links to other websites and services

Our website and messaging services may contain links to third party websites, services or content. Those sites and services are not controlled by Message Matrix and their privacy practices may differ from ours. We are not responsible for the privacy policies of third party sites or services. We encourage you to read the privacy policy of every website or service you visit.

15. Changes to this policy

We may update this privacy policy from time to time. When we do, we will change the "Last updated" date at the top. Please check this page regularly so that you know how we are using your data.

16. When we provide services on behalf of our Customers