Electronic Monitoring Policy
We use tools like Google Workspace (Gmail, Drive, etc.), Matrix Element, and GitHub to collaborate and keep our work moving. These systems keep records (like emails, file edits, and code changes) which help us troubleshoot, stay organized, and meet legal or business requirements.
While we don't monitor these tools on a regular basis, or for "productivity tracking", Hypha does have access to them. That means, if needed, we can review activity in these systems. For example, we may need to review work completed in these tools to resolve an issue, respond to a legal request, or look into a serious workplace concern.
Tool-Specific Access and Monitoring
Google Workspace
The Infrastructure Working Group has Administrative access to all of our @hypha.coop Google accounts and all associated workspace tools.
Note: We back up current data regularly, and archive/re-assign former employee data upon termination.
Matrix Element
Without client-side crypto keys, encrypted messages cannot be accessed by anyone. However, Server Admins do have the ability to overtake your account and do whatever they want to it (except see anything that is encrypted in encrypted rooms, so we ask all room owners to ensure this is done.)
Bitwarden
Admins can gain access to all passwords stored in the HYPHA ORG (shared passwords). Any password in your personal vault is accessible only by you as the owner by default. However, if the individual who owns the account assigns an emergency account, that Emergency account has the power to then activate an "emergency grant" and access the original account. This must be done by the individual at their own discretion and is outside of Hypha's control. If the master password is forgotten without any recovery process available and no emergency contact has been defined, the best Hypha can do is "factory reset" the account, and you will lose all stored passwords.
Discord
Your personal accounts are yours and cannot be accessed by anyone else at Hypha. However, there is a set of "shared accounts" which have shared logins and passwords between Hypha members. In these cases, those with shared access to these accounts do have access to view messages (direct and group) sent by others on the shared account.
Roo
Roo uses logs for user statistics, but does not capture specific names/messages. Vincent can see how often you've used the tool for the purposes of usage data, but would not see the content. User statistics, response time, and quality assessment are the purposes of this reporting.
GitHub
All Hypha repositories are managed under the @hyphacoop GitHub organization. Org Admins have full access to repository settings, permissions, and visibility (public/private). They cannot access private content from personal accounts or private forks unless explicitly shared. If a member leaves Hypha, their GitHub access is revoked from the org. Any code stored in personal forks or personal gists remains under their control unless previously migrated or shared.
Slack
We use Slack to interface with clients. Many Hypha members have administrative access. They can manage accounts and channels, including deleting messages, but will not have access to any direct messages or private channels in which they do not belong. Workspace Owners can request access to these private spaces from Slack under specific circumstances (legal requirements).
Guidelines for Responsible Use
In short, we trust you to use company tools responsibly. As always, use good judgment when communicating or sharing work through company systems, especially externally. If it's something you wouldn't want made public, it's worth pausing before hitting send or commit.