Security Guide
Security overview
TheChatApp uses encrypted connections, authenticated identity, encrypted workspace storage, protected local secrets, file validation, audit logs, and deployment isolation across self-hosted and cloud-hosted environments.
Security model
Security is built around defense in depth: encrypted connections, authenticated users and devices, encrypted stored content, restricted key material, validated file handling, and audit records for administrative actions.
The main layers are application controls, transport encryption, storage protection, identity, and deployment operations. Each layer reduces a different class of risk, and each depends on administrators keeping backups, administrator accounts, and user devices protected.
Security controls
| Purpose | Protection |
|---|---|
| Transport encryption | Native realtime traffic uses authenticated session encryption. Browser, account, identity, and file-transfer paths use HTTPS in production. |
| Server identity | Clients remember the server identity and warn if it unexpectedly changes. |
| Stored message fields | Message bodies, attachment metadata, edit history, comments, and saved-message notes are encrypted before storage. |
| File bodies | Uploaded files are encrypted at rest while still supporting authorized streaming and downloads. |
| Database files | Server and client databases are opened with encryption, with keys protected by KMS or platform secure storage depending on where the data lives. |
| Key protection | Server-side workspace keys are protected with KMS-backed wrapping; local client secrets use platform secure storage. |
| Administrative control | Tenant roles split user, channel, backup, privacy, encryption, audit, update, analytics, and storage powers instead of relying on one broad operator role. |
| Audit logs | Security and administrative actions are recorded in protected audit logs. |
Administrative controls
Administration is permission-gated. The app separates normal workspace membership from administrative powers, then splits administrative powers into focused flags such as user management, role management, authentication settings, server settings, privacy/data management, backups, encryption, audit-log viewing, web chat, analytics, updates, channel directory management, and storage data management.
See Zero Trust and admin controls for the fuller control map.
Operational controls
- Progressive login lockout for brute-force resistance.
- Secure handling of identity-provider tokens and workspace sessions.
- File validation and access checks on upload/download paths.
- Encrypted data export and wipe paths gated by administrative authentication.
Encryption details
The implementation uses separate protection layers for different jobs. Realtime sessions, stored message fields, file blobs, database files, backups, exports, and client-side local caches are not all protected by one shared mechanism.
See Encryption and key protection for a product-level map of protected data, KMS-backed key protection, and the limits of each layer.
Deployment boundaries
Self-hosted administrators control the server machine, network access, backups, and administrator accounts. Cloud-hosted deployments add TheChatApp-managed hosting, TLS, key protection, and infrastructure backups.