Rocket.Chat is a complete communications system built with a secure architecture suitable for organizations that require high degrees of privacy and data protection. Rocket.Chat workspaces provide numerous customization options and connectivity functionalities while ensuring reliability for mission-critical operations.
This document highlights the security and compliance features that you can benefit from while using Rocket.Chat. These controls allow you to fine-tune the platform to meet specific organizational security and privacy requirements, ensuring that your communications and sensitive information remain protected.
Private deployment
Deploy and scale Rocket.Chat workspaces yourself using Docker or Kubernetes with MongoDB databases. You can configure and manage SSL certificates, reverse proxies, and firewall configurations according to your requirements. Rocket.Chat also offers cloud-hosting services with shared and dedicated infrastructure options. Additionally, migrate existing data from other services to Rocket.Chat.
Air-gapped and federated workspaces can be deployed similarly if you are looking for further security measures.
You have the option to use the desktop and mobile apps with no compromise to your operations. User sessions across other devices can be managed through the user profile or the administrator’s panel.
Secured user administration
Manage users, rooms, permissions, and workspace settings using the interface and API endpoints.
Integrate identity management providers with Rocket.Chat for centralized user management and authentication through LDAP, SAML, and OAuth methods. Sync user groups, roles, and other user data with Rocket.Chat according to your needs.
Control the lifetime of user sessions prompting user verification and login based on their activities.
Reset user passwords from the administration panel.
Implement password policies for your workspace users, preventing them from setting easy-to-guess passwords that attackers can leverage.
Access control
Restrict communications by using private, read-only, or broadcast rooms. You can also create encrypted rooms and encrypt existing rooms. Setting granular permissions allows you to limit the users who can edit rooms, create private rooms, and archive and unarchive rooms. Alternatively, create custom roles and assign them to users as required (available in the Enterprise plan).
Enforce MFA to provide further workspace protection by requiring users to provide additional forms of authentication before accessing their accounts.
Set rate limits to control the rate of requests sent or received by Rocket.Chat. It can be used to prevent cyber attacks like DoS (Denial of Service) attacks and limit web scraping.
Enable or disable CORS requests. It can be configured to permit only specific, trusted domains.
Data management and transmission
Rocket.Chat works seamlessly with reverse proxy servers like Nginx to support data-in-transit encryption (TLS).
Manage file upload options to enhance security by limiting file size, file type, and access to the files. You can choose to set up AWS S3 or Google Cloud Storage using the managed keys from these platforms. You can also opt to use the local path on your server. Alternatively, configure a MinIO server for an open-source option.
You can configure secured mobile push notifications by excluding the channels and message contents to avoid revealing sensitive information. It is helpful in meeting compliance requirements like HIPAA.
Monitor and audit controls
Authorized users can audit messages of all rooms, including edited, deleted, and encrypted messages (available in the Enterprise plan). Audit results are logged and you can view information such as the users who requested the reports, the search terms used, the dates and time, the returned results, and applied filters.
You can disable the options for users to edit and delete their messages after they are sent.
Configure the data retention policy settings if you need to automatically delete messages after a certain period of time.
You can use the Data Loss Prevention app from the Rocket.Chat Marketplace and define rules to prevent or restrict the sharing of sensitive information.
Support for the open-source anti-virus ClamAV toolkit that scans a file before uploading to Rocket.Chat.
Content moderation allows you to maintain a safe collaboration environment. Users can report suspicious and inappropriate messages and moderators can take suitable actions. Rocket.Chat Marketplace offers moderation automation apps: Mod Assist App and Mod Perspective App.
Select how you want your workspace to receive the server logs by setting the log levels and the type of calls to trace. You can also configure Prometheus and Grafana for monitoring purposes.
Extensibility
Rocket.Chat’s Apps-Engine solution helps you develop your own private apps using TypeScript with pre-built infrastructure and UI components.
Embed and customize secure chat experiences within your applications using the Chat Engine ecosystem (available through the Sales team). You can control user access to rooms and search functionalities.
With Rocket.Chat’s AI app, you can use your own training data on a self-hosted LLM and manage information access. You get relevant responses, conversation summaries, and the latest information based on your knowledge base.
You can engage in trusted interactions with external contacts such as your citizens and customers across different platforms within Rocket.Chat. This includes contact identity verification, advanced privacy and permission controls, and records of all communications, helping you meet security and compliance requirements.
Support for secure video conferencing through Pexip.
Security policies
For detailed information on Rocket.Chat’s security guidelines and policies, refer to our Security Center.
Rocket.Chat is committed to providing a comprehensive collaboration system for the most secure teams while also being flexible and accessible.