GDPR and data responsibility

Self-hosted customers control their own server and operational processing. Cloud-hosted deployments are operated by TheChatApp, while customer administrators still control workspace users, settings, access, and retention policies.

• Personal data inventory for account, workspace, client, and support processing.
• Message, voice/video, file, and search data-flow documentation.
• Authentication, identity, key protection, logging, monitoring, retention, deletion, and platform-specific processing notes.
• Draft DPA, sub-processor list, ROPA, privacy policy, TOMs, and breach-notification procedure.

The customer portal supports GDPR export and deletion request intake with status tracking. Administrative export and wipe tools perform the data operations when a request is approved.