Matter makes team recognition and rewards fun, all inside Slack or Microsoft Teams. Thousands of companies trust Matter to improve their company culture and increase employee retention & engagement.
At Matter, customer trust is our #1 priority
We maintain the highest standards of data privacy and security because we know your employee data is important to keep secure. Matter undergoes regular security reviews, designed to be GDPR compliant, and encrypts data at rest and in transit. Our customers entrust sensitive data to our care. Keeping data secure is our commitment to you. This document describes the systems and security practices we have in place to protect your sensitive data.
General Data Protection Regulation (GDPR)
We are committed to GDPR compliance and offer several data portability and management tools. Additional information is available in Matter’s Data Processing Addendum (DPA) and Sub-Processors.
All credit card payments paid to Matter go through our payment processing partner, Stripe. Matter stores no credit card data. Stripe is a certified PCI Service Provider Level 1. More information on Stripe’s security can be found at Stripe's Security page.
SOC 2 compliance
We strive to comply with all SOC 2 practices. An external audit from a third party certifying that our security policies and controls continuously meet the highest industry standards will be available in the future under NDA for qualified customers.
Matter encrypts your data, aligning with industry-tested and accepted standards. We use TLS 1.2 to encrypt network traffic between users' browsers and the Matter platform. We also use AES-256 bit encryption to secure your database connection credentials and data stored at rest.
Secure, reliable infrastructure
Matter uses Amazon Web Services (AWS) data centers for hosting. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance, and more. Each of our services is fully redundant with replication and failover.
All employees complete ongoing security training, including topics like information security, data privacy, and password security. Matter maintains vendor risk management practices to ensure third parties are scrutinized and maintain expected levels of security controls. Matter has all employees sign confidentiality agreements. Matter conducts appropriate background and/or verification checks.
What personal data is collected by Matter?
The only personally identifiable information (PII) Matter collects includes the user's full name and email, (and profile photo for Slack only).
Optionally, additional information can be provided on a per user basis to use Matter’s Celebrations feature. This includes:
Does Matter have access to all of my communication data?
No. Matter’s access is very limited by design. Matter can only read messages where MatterBot has been mentioned (e.g., Kudos message). To learn more, view permissions in the Slack app directory.
Microsoft Teams customers
No. Matter’s access is very limited by design. Matter can only read messages that are provided to it (e.g., Kudos message). To learn more, view permissions in the Teams app directory.
Do employees need to create an account to use Matter?
No. Account creation is not required or possible, as Matter uses single sign-on (SSO). Matter relies on SAML-based single sign-on (SSO) via Microsoft Teams or Slack. Matter does not store, use, or have access to any user passwords.