SOC 2 Type IIGDPR Compliant

Security at Chatwoot

Your data security is our top priority. We follow industry best practices and maintain rigorous compliance standards to keep your information safe.

Report a security concern
SOC 2 Type II compliance badge

SOC 2 Type II Certified

We've met rigorous standards for information security, including strict policies and procedures to ensure the security, availability, processing, integrity, and confidentiality of user data. Your data is protected by the highest levels of security.

View trust portal
GDPR compliant badge

GDPR Compliant

We align with GDPR requirements across our product, processes, and agreements so your teams can confidently support customers in the EU and beyond. Our privacy posture covers data processing terms, access controls, and clear workflows for data subject requests.

View trust portal

How we protect your data

Multiple layers of security to ensure your customer data stays safe.

Data Encryption

All data is encrypted at rest and in transit using AES-256 encryption. We use AWS KMS with hardware security modules for key management.

Application Security

We use CodeQL, Secrets Scanner, and Dependabot for continuous security analysis. Our open-source codebase is regularly audited by security experts.

Infrastructure Security

Hosted on AWS with GuardDuty, Inspector, and WAF protection. Multi-region redundancy ensures high availability and disaster recovery.

Access Control

Role-based access control, SSO/SAML support, and audit logs for all administrative actions. Two-factor authentication available for all accounts.

Data Privacy

GDPR compliant with data processing agreements available. We follow strict data protection regulations to safeguard your information.

Learn more

Incident Response

24/7 monitoring with automated alerts. Dedicated incident response team with documented procedures for rapid resolution.

Self-Hosted Option

Full control with self-hosting

For organizations with strict data residency requirements, self-host Chatwoot on your own infrastructure. Keep all customer data within your environment and maintain complete control over your security policies.

  • Complete data sovereignty and residency control
  • Deploy in your own cloud or on-premises
  • Integrate with your existing security infrastructure
  • Meet industry-specific compliance requirements
Learn about self-hosting
15K+
Self-hosted instances
100%
Data ownership
MIT
Open source license
24/7
Community support

Have security questions?

Our security team is here to help. Reach out for security assessments, compliance documentation, or to report vulnerabilities.

Contact security team