45 DLP Patterns. AES-256-GCM Per Message.
Zero External Cloud Dependency.
Most enterprise messaging platforms are security problems wearing collaboration clothes. Your conversations, files, and metadata live on infrastructure you do not control. Ours runs entirely on your infrastructure, with per-message AES-256-GCM encryption, 45 data loss prevention detection patterns, 13 user roles, 47 granular permissions, five sensitivity classification levels, and a local AI assistant that never sends your data to any external service.
45 Patterns. Four Actions. Every Message and File.
Every message and file attachment is scanned in real time against 45 detection patterns across six categories. You choose whether each pattern triggers a warning, a redaction, a block, or a log-only alert — configurable per channel and per user role.
Financial Data
Credit card numbers (Luhn algorithm validated — no false positives on similar digit sequences), IBAN, SWIFT/BIC codes, ABA routing numbers, bank account numbers, and cryptocurrency wallet addresses. Financial data exfiltration is detected before the message leaves the channel.
Personal Identity (Multi-Jurisdictional)
US SSN (CRITICAL severity), US passport and driver’s license, UK National Insurance, Canadian SIN, Dutch BSN, Australian TFN, Spanish NIF, Brazilian CPF, Indian Aadhaar, and international phone numbers. Covers the identity data formats of every major jurisdiction your workforce operates in.
Healthcare Records
Medical Record Numbers (CRITICAL), DEA registration numbers, NPI identifiers, health plan member IDs, and ICD diagnosis codes. Meets HIPAA minimum necessary standard for communication platforms handling Protected Health Information — configurable to BLOCK all PHI sharing outside approved channels.
Credentials and Secrets
API keys, AWS access keys, Azure and GCP service account keys, private key files, JWT tokens, database connection strings, GitHub tokens, Slack tokens, Stripe secret keys, and SendGrid API keys. Prevents accidental exposure of live credentials in team channels — the most common source of cloud environment compromise.
DLP Action Controls
Four enforcement actions per pattern: BLOCK — rejects the message entirely with a user notification. REDACT — replaces the sensitive value with a configurable placeholder and delivers the message. WARN — delivers the message with an admin alert. LOG ONLY — records the event silently for audit review. Mixed actions allowed per pattern.
Custom Pattern Support
Define your own DLP patterns using regular expressions for organization-specific sensitive data formats: project codes, internal classification markers, proprietary identifier formats, contract numbers, or any other data type your security policy requires protection for. Custom patterns apply the same four-action enforcement model as built-in patterns.
The Controls Regulated Industries Require. Built In, Not Bolted On.
Encryption Architecture
AES-256-GCM authenticated encryption applied at the individual message level — not at the connection or storage volume level. Each message receives a unique 96-bit random initialization vector. Authentication tag verification prevents ciphertext tampering. Encryption keys are managed within your infrastructure.
Sensitivity Labels (5 Levels)
- PUBLICUnrestricted — no additional controls
- INTERNALNo external forwarding
- CONFIDENTIALEncryption required, watermark enforced
- HIGHLY CONFIDENTIALNo screenshots, no copy-paste
- RESTRICTEDMaximum controls, admin-only access
Retention Policy Templates (7)
- 7 days — Transient / temporary workspace channels
- 30 days — Short-term project channels
- 90 days — Standard operational channels
- 1 year — GDPR Article 5(1)(e) storage limitation default
- 3 years — SOC 2 and ISO 27001 audit evidence retention
- 7 years — HIPAA and financial records retention
- 10 years — Legal hold and regulatory investigation baseline
- Indefinite — Active legal hold with no expiry
Access Governance
13 named roles (Owner, Admin, Billing Admin, Compliance Officer, Security Officer, Records Manager, Channel Manager, App Developer, Support Agent, Read-Only Admin, Member, Guest) with 47 workspace-level permissions spanning user management, audit access, channel governance, compliance controls, and organizational settings.
An AI Assistant That Never Leaves Your Building
Most collaboration platforms connect to external AI services — sending your conversations, context, and queries to third-party infrastructure. Ours runs a local language model on your own infrastructure with a Retrieval-Augmented Generation pipeline that searches your workspace semantically without any external dependency.
On-Premises AI Model
Open-weight language models run on your infrastructure. No API calls to Anthropic, OpenAI, or any external AI service. Your queries and context stay inside your network.
Semantic Workspace Search
768-dimensional semantic embeddings of your workspace content enable natural language search across messages, files, and channels — finding meaning, not just keywords.
Access-Controlled Answers
The AI only surfaces content the querying user is authorized to see. Role and permission boundaries enforced at the retrieval layer — the model cannot be prompted around them.
Full AI Audit Trail
Every AI query, retrieved source, and generated response is logged with user identity, timestamp, and confidence metadata — immutable and available for compliance review.