I have noticed increasing amounts of what can only be described as 'surveillance' or 'tracking by Rocket Chat.

The code, documentation, and notifications of data usage for GDPR are woefully inadequate and urgently need addressing.

The latest was picked up by a user in open rocket.chat asking what collector.rocket.chat was. There is no information on this - what it is, and what it collects, and no questions on whether the installer voluntarily wants to enable it or not.

We then have situations like this:
RocketChat/Rocket.Chat#12789

"When you delete a chat the data is removed from the database. What remains in the database is the visitor data, so when we have this feature done, the Livechat managers will be able to remove the visitor data as well as we'll provide more tools to facilitate this process."

Closed apparently by:
RocketChat/Rocket.Chat#12982

But note:
"In Addition: These features will only be available on our new Livechat client."

But we can't use the new livechat widget because it exposes user details as per this:
RocketChat/Rocket.Chat#12908

Then we have stuff like this that gets put in. Where is the notification about this? Where is the 'Off' switch?
RocketChat/Rocket.Chat#14765

There are still data retention Issues eg:
RocketChat/Rocket.Chat#12862
RocketChat/Rocket.Chat#13916

On top of that there is Market Place. I have no idea what that wants in the way of data. And what about the Apps themselves? Is there a policy on place for this?

It is all well and good Rocket claiming to be GDPR compliant, but it has to back that up with code and documentation.

I would suggest that currently Rocketchat is far from GDPR compliant.

Currently this should be removed:
https://rocket.chat/gdpr