Why Matrix, why now
Matrix is an open protocol for secure, decentralized communication. Unlike Signal or WhatsApp, organizations run their own homeserver - they own the infrastructure, the data, and the governance. That sovereignty is exactly why the public sector and regulated enterprises are adopting it at scale.
Germany’s armed forces run BwMessenger, France’s public administration runs Tchap, and Element Server Suite deployments are spreading across European government and enterprise. These are regulated environments with the same supervision and recordkeeping obligations as any bank or broker-dealer. We reference them here only as evidence that Matrix adoption is real and growing - not as customers, partners, or endorsements of Comma.
The organizations standing up sovereign Matrix homeservers still need an immutable, searchable archive with supervision and legal hold. That is the gap Comma is building to close.
Three things we get right
Built for the way Matrix actually works
Sovereignty-native
-
Runs inside your infrastructure
You run your own homeserver, and our capture runs inside it. Nothing about compliance forces your regulated conversations onto someone else's cloud. For this buyer, that is a feature, not a concession.
-
Auditable by design
We plan to open-source the capture agent and the Synapse enforcement module so your security team can read the code and verify exactly what is captured and how. Open source, coming soon.
Supervision and WORM over Matrix
-
The same archive you already trust
Everything our other connectors provide - immutable WORM retention, legal hold, review and supervision workflows, search, and reporting - extended to Matrix rooms.
-
Exam-ready records
Room events, edits, redactions, membership and state changes, and media are preserved as immutable records to support SEC Rule 17a-4, FINRA Rule 4511, and similar obligations.
Handles E2EE the credible way
-
A trusted participant device, not a decrypting server
Matrix encrypted rooms use Megolm, so the homeserver never holds plaintext. We do not pretend a server can read ciphertext. Capture uses a dedicated, cross-signed compliance device that is admitted as a trusted room participant and decrypts locally - the same way any verified device in the room does.
-
Honest about the boundary
The compliance device can only archive rooms it is admitted to, from the point it holds room keys forward. We tell you plainly where that boundary sits rather than claiming coverage we cannot deliver.
How the capture works
Because the customer controls their own homeserver, capture is a participant on that homeserver rather than an interception in transit. Four parts work together.
-
Application Service journal
We register as a Matrix Application Service in your Synapse config. Synapse pushes the appservice-interested room events for your local regulated users and configured namespaces to us in retried, idempotent transactions. AS interest is namespace-based and scoped to local users - it is not global capture. This stream journals Matrix events and ciphertext; decryption of encrypted rooms happens on the device path below, not in the AS stream. -
Trusted participant compliance device
A dedicated Matrix user (for example@compliance-archive:customer.example) with verified, cross-signed compliance devices receives Megolm room keys when it is admitted as a trusted room participant, and decrypts locally. Matrix and Element clients may withhold room keys from unverified devices by default, so the compliance device must be trusted under your device-verification policy. -
Synapse enforcement module
For locally created rooms and local-user actions, the module enforces that the compliance participant is admitted before encryption begins, blocks local attempts to remove the compliance user or device, and can enforce room-creation policy. It makes prospective capture enforceable for governed rooms under your homeserver's control. This module is planned to be open-sourced. Open source, coming soon. -
Synapse Admin API
Room and user inventory, membership and state reconciliation, and backfill of unencrypted history round out the picture, so the archive reflects the rooms your homeserver participates in.
What we can and cannot do
We would rather over-communicate the limits than let a Matrix-literate team discover them later. Encrypted-room capture is participant-based and prospective, on a homeserver you control.
Straight talk on scope
What we can archive
-
Governed rooms for local regulated users
Prospective, immutable archiving of Matrix / Element rooms for local regulated users on a homeserver you control - room events, edits, redactions (original and replacement both preserved), membership and state, and media when it is available and decryptable.
-
Encrypted rooms, with a device present first
Encrypted-room capture requires a trusted compliance participant and device present in the room before messages are encrypted, plus our standard supervision, WORM, legal hold, search, and reporting.
What we cannot do
-
No pre-admission encrypted history
We cannot decrypt encrypted history from before the compliance device held room keys - no keys exist for it. This is a property of Matrix E2EE, not something we can engineer around.
-
No forced capture of third-party or federated rooms
We archive rooms your homeserver participates in, and only to the extent the compliance user can be admitted and trusted. Where remote servers or room admins can exclude the compliance participant, we cannot guarantee coverage.
-
Redactions and media have limits
We cannot recover original redacted content that was not captured before the redaction, and media capture depends on fetching and decrypting media while it is still available from the media repository.
-
Calls and deployment
Matrix voice and video call signaling can be archived as events, but live call audio and video recording is not promised unless separately built. Deployment requires homeserver admin cooperation - it is not a self-serve OAuth click.
FAQ about Matrix / Element Compliance Archiving
Is Matrix archiving available today?
How do you archive end-to-end encrypted Matrix rooms?
Can you archive messages sent before we deployed the compliance device?
What about federated rooms hosted on other homeservers?
Do we have to trust the compliance device?
Will the capture agent be open source?
What do our homeserver admins need to do?
Running Matrix in a regulated environment?
Join the design-partner program. Request access and we will scope Matrix archiving against your homeserver, your rooms, and your supervision obligations.
Where to go next
- Matrix Archiving: Requirements & Request Access The technical runbook: how it works, capture scope, E2EE and federation limits, homeserver prerequisites, and the deployment checklist.
- Open-Source Capture Our approach to publishing capture code. Our WhatsApp and Signal modules are already open source; the Matrix agent is planned to follow.
- Signal Compliance Solution How Comma archives another end-to-end encrypted channel as a trusted, published, inspectable endpoint.
- All 40+ channels Matrix is one of 40+ channels Comma archives into a single, exam-ready archive.