Backup and key protection

Cloud-hosted deployments use managed key services to protect workspace encryption keys. Key material is not stored on the application disk; decrypted keys are kept in memory only while the service needs them.

Self-hosted deployments use the standard local key protection included with the server. Administrators should protect the server machine and keep backup recovery material in a safe place.

Backups are encrypted before they are stored. In cloud-hosted deployments, TheChatApp manages infrastructure backups. In self-hosted deployments, administrators should keep backup files and recovery passwords protected and test restore procedures before relying on them.

Backups are designed to protect against lost or damaged servers, accidental deletion, and copied backup archives.

• The encrypted backup archive.
• The backup password or recovery material for self-hosted deployments.
• Access to the same cloud-hosted account or managed restore process for cloud-hosted deployments.
• A restored server or workspace should be verified before users resume normal work.