Data Loss Prevention (DLP) App

Prev Next

Data loss prevention (DLP) is a security mechanism that helps prevent sensitive data from being unduly shared, misused, lost, or accessed by unauthorized users. The DLP app works best with the most recent version of Rocket.Chat.

Through DLP features, admins can create a list of regular expressions to monitor in Rocket.Chat, and you can apply it to any conversation. Once a regular expression is detected, it appears blurred in the room where it was originally written. The original message is forwarded to a predefined channel for auditing flow, where a moderator can approve or reject its content. Rooms can have more than one moderator. It’s also possible to select which rooms to apply the DLP app to. If you have channels on your workspace where sensitive information is frequently shared, for example, the finance team channel, you can restrict this channel.

This app can also work in a fully air-gapped environment. Follow the Air-gapped app installation guide and continue with the configuration instructions below.

Installing the Data Loss Prevention app

To install the DLP app,

  • Navigate to Marketplace > Explore.

  • Search for the Data Loss Protection app.

  • Click Install.

Configuring the Data Loss Prevention app

After installing the app, you need to configure the rule set for its functionality.

To configure DLP,

  1. On the DLP App Info screen, select the Settings tab. Configure the following settings as needed:

    • Rules for Blacklisting message: Takes an array of JSON objects containing regular expressions defining the rules. Add each regular expression on a new line.

    • Moderator Channel: Specify the channel to which all blacklisted messages will be forwarded. For example, general. From there, the channel moderators can either Approve or Reject the message.

    • Content control type: Choose to ignore messages in all channels or select targeted channels to monitor.

    • Channels: Enter the list of channels separated by commas to apply the channel filter rule, if you’ve selected the option to monitor specific channels in the Content control type field.

    • Censor only Sensitive Information: If enabled, only the sensitive information is replaced by multiple hashtags (######).

    • Custom Blacklisted Message title: The blacklisted message will be replaced by a temporary message in the room until the blacklisted message has been approved by moderators. Set the title of this temporary message here.

    • Custom Pending approval message: This message is displayed instead of the blacklisted message in a room until the blacklisted message gets approved.

    • Custom Rejected Message: This message is displayed instead of the blacklisted message when a moderator rejects a blacklisted message.

  2. Click Save Changes.

  3. Next, go to Manage Screenshot 2025-12-23 130522.png > Workspace > Settings > Message.

    • Enable the Allow Custom Fields in Messages setting.

    • Update Custom Fields Validation with the rule defined below:

      {
	"properties": {
            "dlpMessage": {
              "type": "object",
              "nullable": true
            }
	}
}

  4. Click Save Changes. The Data Loss Prevention App is ready and functional in your workspace.

Refer to the Data Loss Prevention user guide to know more about using the DLP app.

Rocket.Chat versions receive support for six months after release. End-of-life for any version is the last day of the month when support ends.