Secure CommsOS® Plans

Built for organizations where sovereignty, compliance, and mission continuity are non-negotiable.

Secure team collaboration Citizen engagement

For technical evaluation, small businesses, and non-profits: Try Starter.

Enterprise

Secure collaboration
for commercial enterprises

‍Deployment flexibility and compliance across regulatory frameworks.

Get pricing

Government

Sovereign communications
for public sector agencies

‍Data sovereignty and jurisdictional control with comprehensive audit capabilities.

Talk to sales

Custom quote

Talk to sales

Defense

Mission-grade communications
for classified and sensitive operations

Clear deployment paths for air-gapped environments and Zero Trust framework.

* Planned for release in 2026

View the full feature breakdown across plans

Enterprise

Government

Defense

Deployment & Infrastructure Hardening

On-premises, national data center, sovereign cloud

Minimalistic icon of a droplet with a circular motion arrow inside, symbolizing water recycling or refresh.

Rocket.Chat can be deployed entirely within your own infrastructure. Ensures data never leaves your jurisdiction and remains subject only to your national laws and regulatory framework.

Premium and dedicated cloud hosting

Access enterprise-grade hosting with dedicated resources. Ensures consistent performance and strong isolation for mission-critical workloads.

Launchpad deployment

Streamlined deployment tools to quickly set up Rocket.Chat in enterprise or classified environments. Reduces setup time while ensuring compliance and best practices.

Air-gapped deployment

Supports deployment in isolated networks disconnected from the internet. Enables secure communication in highly sensitive environments.

High availability architecture with automated failover

Built with redundancy and failover to prevent downtime. Keeps Rocket.Chat operational round-the-clock which is critical for government and defense teams that cannot afford service interruptions.

Disaster recovery

Comprehensive backup and recovery processes to restore service quickly after failures or incidents (for cloud workspaces only). Minimizes downtime and protects sensitive information in critical environments.

DISA STIG-hardened deployment*

Planned support for deployment configurations that meet the Defense Information Systems Agency Security Technical Implementation Guide standards.

Data Protection & Encryption

End-to-end encryption

Optionally enable encryption for messages and files so that only intended recipients can read them. Provides an added layer of confidentiality for sensitive communications.

Export end-to-end encrypted chats

Securely export encrypted chat history without compromising data. Supports regulatory reporting and operational audits.

Data breach handling (report messages)

Enables any user to flag and report potential data leakage. Flagged content is immediately suppressed, and a designated security team is notified with context about the potential exposure.

Automated content moderation and monitoring

Monitors messages for policy violations or sensitive data exposure. Helps enforce compliance without slowing team collaboration.

Custom data retention policies

Set how long messages and files are stored. Ensures compliance with government or agency record-keeping requirements.

Data loss prevention policy

Prevents accidental or intentional sharing of sensitive information outside approved channels. Protects classified or regulated content.

FIPS 140-3 validated cryptography*

Planned support for FIPS 140-3 validated cryptographic modules, meeting the government's standard for cryptographic security.

Post-quantum end-to-end message encryption*

Planned next-generation encryption for message content. Will protect classified communications against both current and future quantum attacks.

Post-quantum transport layer encryption (TLS)*

Planned support for post-quantum TLS encryption. Will future-proof transport security against emerging quantum threats.

Identity & Access Management

Active Directory / LDAP authentication

Connect Rocket.Chat to your organization’s Active Directory or LDAP for seamless user authentication. Ensures secure and managed access across teams.

Single sign-on (SAML, OAuth 2.0, OpenID Connect)

Enables users to log in with existing enterprise credentials through SSO standards. Reduces password fatigue and strengthens security compliance.

Multi-factor authentication (MFA)

Adds a second layer of login verification, improving protection against unauthorized access. Can be applied per user or organization-wide.

LDAP and SAML user groups mapping

Maps existing directory groups to Rocket.Chat channels and roles. Simplifies user provisioning and keeps access aligned with organizational structure.

Account recovery and credential management

Provides secure workflows for password resets and credential updates. Helps maintain operational continuity without compromising security.

Role-based access controls

Granular permissions that define exactly what users can see and do. Critical for managing access in complex, highly regulated environments.

Custom roles

Create roles tailored to specific organizational or operational requirements. Ensures precise alignment between responsibilities and system privileges.

Centralized session logout controls

Allows admins to terminate active sessions across devices. Supports compliance and reduces the risk of unauthorized access.

Phishing-resistant MFA (FIDO2/WebAuthn)*

Planned support for hardware-backed authentication. Will offer strong protection against phishing and credential theft.

Zero Trust Architecture

Attribute-based channel access control (ABAC)

Controls access to channels based on user attributes like role, department, or clearance level. Ensures sensitive conversations are only visible to authorized personnel.

Dynamic attribute-based access controls

Import authoritative identity attributes from LDAP to enforce access in real time. As roles, mission assignments, or clearance levels change, Rocket.Chat automatically updates access so only cleared personnel retain visibility into classified rooms.

Support for Policy Decision Point (PDP) integration*

Connects with enterprise PDPs to enforce access rules and automate policy checks. Keeps access decisions centralized while maintaining fine-grained control over all channels.

Information Governance & Compliance

Administration security event logging

Logs every administrative action in Rocket.Chat, showing what was changed and by whom. Helps teams quickly spot misconfigurations or unauthorized changes, strengthening operational security.

Audit trails - messages, files, and sessions

Creates a secure, traceable record of all messages and file activity. Ensures accountability and supports compliance or forensic investigations.

Authentication and access logs

Records all login attempts to detect suspicious access and help enforce security policies.

Compliance-ready reports and exports

Easily export messages, files, and audit logs in formats suitable for regulatory audits. Helps demonstrate adherence to organizational policies and supports governance requirements.

ISO 27001 certification

Rocket.Chat is certified to ISO 27001 standards. Demonstrates robust information security management practices and commitment to protecting sensitive data.

SOC Type 2 assurance

Rocket.Chat has completed a SOC 2 Type 2 audit, verifying that security controls are operating effectively over time. Provides independent assurance that customer data is handled securely and reliably.

HIPAA-supportive with BAA available

Rocket.Chat supports HIPAA compliance requirements for healthcare organizations handling protected health information. A Business Associate Agreement is available, establishing shared responsibility for data protection.

FINRA and MiFID II ready

Supports financial services compliance requirements for capturing, archiving, and retrieving communications related to trading activity. Helps firms meet regulatory obligations for message retention and audit readiness.

Supports NIS2 and DORA requirements

Provides the communications infrastructure and audit capabilities needed to meet EU cybersecurity resilience requirements for essential entities and financial institutions. Supports incident reporting and operational continuity obligations.

Support for GDPR compliance

Built-in features to help meet EU data privacy regulations. Ensures proper handling, storage, and processing of personal data.

Global accessibility compliance (WCAG 2.1)

Ensures the platform is usable and accessible by all personnel, including those with disabilities.

Iron Bank certified

Rocket.Chat is listed on the DoD Iron Bank; approved for secure DoD software deployment. Confirms security and compliance for government containerized deployments.

DoD ATO up to IL6

Authorized to operate at DoD Impact Level 6. Supports highly sensitive data handling and mission-critical operations.

Secret and Top Secret compatible

Rocket.Chat can be deployed in environments handling Secret and Top Secret classified information, meeting the access control and encryption requirements for those classification levels across allied defense networks.

Listed on AWS ICMP

Rocket.Chat is available through the AWS Intelligence Community Marketplace, providing a streamlined and pre-approved procurement path for US intelligence community agencies and their contractors.

Classified network operations - NIPR, SIPR, JWICS

Supports deployment in classified networks. Enables secure communications across multiple U.S. government classification levels.

Secure messaging

Conversation taxonomy

Defines how discussions are structured in Rocket.Chat. Helps large programs keep communications organized by mission, team, or classification.

Direct and group messaging

Secure one-to-one and team chats within Rocket.Chat. Reduces reliance on unapproved tools.

Threaded conversations

Keeps related replies grouped under one message. Prevents loss of context in operational discussions.

Message formatting

Supports bold, italics, code blocks, and more. Improves clarity in technical, policy, and operational updates.

Message editing

Allows corrections or updates to sent messages. Reduces confusion and ensures accuracy in official communication.

Message lifecycle management

Controls how long messages are stored and when they are deleted. Supports compliance with record-keeping and data retention policies.

Delivery and read receipts

Confirms when a message is delivered and read. Increases accountability in time-sensitive communications.

Searchable chat history

Full-text search across past messages and files. Speeds up access to mission-critical information.

Multimedia and data sharing

Send and receive files, images, and documents securely. Avoids leakage through consumer apps or email.

Automatic messages translations

Translates messages into multiple languages in real time. Enables collaboration across international and coalition teams.

Audio and video messages

Record and send secure voice or video clips. Useful in mobile or field environments where typing is not practical.

Localization in 64 languages

Supports interface translation into 64 languages. Enables global teams to communicate and navigate the platform in their preferred language.

Voice calls - available as an add-on

Peer-to-peer internal voice calls via WebRTC

Enables direct voice calls between workspace users without external telephony infrastructure. Calls are established peer-to-peer via WebRTC, keeping audio traffic within your network with no external routing required.

Screen sharing during calls

Allows users to share their screen with call participants in real time. Supports tactical briefings, operational picture sharing, and remote collaboration without switching to a separate application.

Call controls

Provides essential in-call management functions including transfer, hold, mute, and unmute. Gives users full control over active calls directly within the Rocket.Chat interface.

Presence-aware call transfers

Transfers calls only to users who are currently available based on their presence status. Reduces missed calls and ensures handoffs reach the right person without manual availability checks.

Centralized call routing and user
availability management

All call routing, presence detection, and user availability are managed within Rocket.Chat. Provides administrators with full visibility and control over call flows without relying on external telephony systems.

Auditable call records

Maintains a complete log of all call activity including outcomes, duration, and participants. Supports compliance requirements, security investigations, and operational accountability across all voice communications.

In-conversation call records

Displays a call summary block within the chat thread when a call ends, showing outcome, duration, and participants. Keeps communication history complete and searchable without separate call logging systems.

Mobile voice - iOS and Android*

Extends Rocket.Chat voice calling to mobile devices, allowing field staff and remote personnel to make and receive calls from iOS and Android applications.

SIP integration - connects to PBX
and PSTN infrastructure

Routes Rocket.Chat voice calls through a SIP-compatible telephony provider, enabling calls to and from external phone numbers and existing PBX systems. Designed for organizations with established telephony infrastructure or centralized compliance and call recording requirements.

Video meetings

Video integrations - Jitsi, Google Meet, Zoom

Launches video meetings directly from within Rocket.Chat using your preferred third-party video platform.

Secure Pexip video meetings with integrated chat

Integrates Pexip's self-hosted video conferencing platform directly into Rocket.Chat, enabling classified or sensitive video meetings without routing through external commercial infrastructure. A persistent chat room is automatically created alongside each video session for pre and post-meeting communication.

Multi-party conferencing (Pexip)*

Host secure group calls for distributed teams or coalition partners. Ensures collaboration without reliance on commercial platforms.

Federation & Interoperability

Native Matrix protocol Federation

Enables controlled collaboration across independent Rocket.Chat deployments and interoperability with other Matrix-compatible clients without requiring an external homeserver.

Distributed federated channels

Creates shared channels that span multiple independent Rocket.Chat deployments, allowing users on separate servers to collaborate in a single room. Each organization retains full control over its own infrastructure with no shared backend required.

Invitation-based federated collaboration

Allows administrators to invite users from external Rocket.Chat or Matrix-compatible servers into specific channels. Access is controlled and governed — external participants only see what they are explicitly invited to, with no broader workspace access.

Secure file sharing across distributed channels

Enables files to be shared securely across federated channels between users on different servers. Files are transferred without exposing either organization's internal infrastructure to the other.

Cross-domain message read receipts

Confirms that messages sent across federated servers have been received and read by the intended recipient. Gives coordinators real-time acknowledgment across organizational boundaries without requiring a phone call or follow-up message.

Federation moderation and banned users list

Allows administrators to ban any participant from a federated room regardless of which server they originate from. Enforcement is server-agnostic and every moderation action is recorded in a dedicated banned users list with system messages for full auditability.

Transparent audit messaging for federated rooms

System messages in federated rooms explicitly record all moderation actions — including who was removed, when, and by whom — making them clearly distinguishable from voluntary departures. Supports information governance requirements and security investigations.

Microsoft Teams bridge

Bridge Rocket.Chat with Teams for cross-platform communication. Maintains connectivity and workflow continuity across different platforms.

XMPP bridge

Connects Rocket.Chat with external systems using the XMPP messaging protocol, enabling interoperability with allied organizations, legacy defense networks, and partner systems that operate on XMPP-based infrastructure.

Sovereign AI - available as an add-on

BYO Self-hosted LLM

Bring your own large language model and run it within your secure environment. Provides full control over data and model behavior while staying compliant with internal policies.

Thread and channel summarization

Automatically condenses lengthy discussions into concise summaries. Helps teams quickly catch up on important conversations, enhancing information access and accelerating decision-making.

General Q&A

Many AI tools are trained on limited, publicly available data, which leads to low-quality, generic responses. Enrich your LLM with in-house knowledge using our RAG pipeline for contextually appropriate and business-relevant responses, without having to expose your sensitive data.

Role-based access control

Apply access policies to AI features based on user roles. Protects sensitive data and ensures only authorized personnel can use specific AI capabilities.

Source attribution

AI responses include references to the original sources. Ensures transparency, trust, and accountability in generated insights.

Prompt augmentation

Automatically enhances prompts to improve AI response quality. Saves time and increases consistency in outputs across teams.

Model-agnostic architecture

Supports any AI model, giving organizations flexibility to adopt the model that fits their mission. Ensures no lock-in and maximum adaptability for evolving AI strategies.

Multi-model support

Leverage multiple AI models concurrently for different tasks. Enables optimized workflows and richer insights across the organization.

Data pipeline control and governance

Manage and monitor how data flows through AI pipelines. Enables compliance with security, privacy, and operational policies.

Data sensitivity classification support

Enforce security by tagging data with classification levels and only returning results that match a user’s clearance. This keeps sensitive information protected, accessible only to authorized users, and ensures compliance with strict security policies.

Data versioning support

Tracks changes in data over time for AI training or inference. Supports auditability, reproducibility, and governance in AI workflows.

Agentic RAG

Intelligent retrieval with multi-step reasoning for actionable insights. Leverage AI agents to autonomously retrieve and generate insights.

Prompt guardrails

Define constraints and safety rules for AI prompts. Ensures AI outputs remain aligned with policy, ethics, and operational objectives.

Intelligent search

Semantic, intent-based search across messages and time windows using natural language. Get a consolidated view of related discussions, decisions, and signals without manually stitching context together. Results automatically respect roles, permissions, and room access.

Model Context Protocol (MCP)* support

MCP support lets AI securely access enterprise systems, retrieve knowledge, and trigger AI agents in real time, without leaving the platform. This turns conversations into context-aware, cross-system actions for faster, smarter decisions at scale.

Security-Optimized Mobility

Mobile biometrics

Enforce PIN, fingerprint, or FaceID for app access. Ensures only authorized users can open the app, strengthening device-level security.

Mobile data-at-rest encryption

Encrypts messages and files stored on devices. Keeps sensitive information safe even if a device is lost or stolen.

Secure ID-only push notifications

Sends notifications without exposing message content. Ensures operational alerts remain private and compliant.

Push notification privacy controls

Customizes how push notifications appear on devices. Protects sensitive information from being displayed on lock screens or previews.

Custom mobile push gateway

Ability to use the Rocket.Chat gateway or a custom gateway. Use your own APNs/FCM keys, and restrict the app to your server.

MDM and AppConfig support*

Planned support for EMM/MDM tools via AppConfig. Will allow centralized device configuration and security management.

Extensibility & Customization

Apps integration

Connect Rocket.Chat with pre-built apps from the Marketplace. Extends functionality without custom development, speeding up deployment.

Embeddable chat (APIs, SDKs or iFrame)

Build fully customized front-ends on Rocket.Chat’s backend or embed the platform directly via iframe. Lets teams and external users communicate securely without leaving your environment.

Apps Engine - custom apps, bots, and workflows

Develop custom apps using Apps-Engine, which is a TypeScript-based developer tool with a ready-to-use framework, pre-built components, and modules. Enables tailored workflows and automation to meet your organization’s exact needs.

Visual customization

Allows you to personalize the appearance of your Rocket.Chat workspace, adjusting both the visual theme for a more comfortable and accessible experience and the layout, which includes defining content, applying custom CSS, and incorporating JavaScript. This provides an interface tailored to individual preferences and work environment needs.

White labeling

Customize Rocket.Chat branding to match your organization. Ensures a consistent visual identity for internal or customer-facing deployments.

Custom themes, emojis, sounds and status

Tailor the look, feel, and notifications of the platform. Define personalized user statuses and attributes.

System Performance & Scalability

Multiple instance architecture

Supports multiple Rocket.Chat instances working together. Allows organizations to segment workloads, improve resilience, and maintain high performance across diverse operational units.

Microservices scaling

Improves scalability and fault isolation within your workspace. By dividing Rocket.Chat into specialized services, each component operates independently, optimizing performance and simplifying maintenance.

High-volume concurrent users

Handles large numbers of users online at the same time without impacting performance. Ensures mission-critical operations continue smoothly, even during peak usage or coordinated exercises.

Workspace and channel throughput

Optimized to handle high volumes of messages, files, and interactions across multiple workspaces and channels. Ensures teams can communicate seamlessly without delays or message loss.

Performance monitoring and alerts

Track system health in large deployments, including deployments on high availability clusters, using advanced performance monitoring integrated with Grafana and Prometheus.

Server logs

Maintains detailed logs of system activity and resource usage. Supports troubleshooting, compliance, and forensic investigations to meet strict regulatory standards.

Services

Standard support

Provides access to Rocket.Chat's support team for technical issues, platform questions, and operational assistance. Included with all plans, ensuring organizations have a direct channel to resolve issues and maintain platform continuity.

Mission critical support - available as an add-on

Enhanced support tier designed for organizations where communication downtime has operational consequences. Provides prioritized response times, dedicated support resources, and escalation paths for time-sensitive incidents.

Professional services - available as an add-on

Access expert guidance for deployment, integration, and optimization of Rocket.Chat. Helps ensure smooth implementation and maximum value from the platform.

* Planned for release in 2026

FAQs

Deployed by secure organizations globally

United States Army emblem featuring a bald eagle holding arrows and an olive branch inside a black circle with a gold border.

Seal of the United States Air Force featuring a bald eagle, shield, and stars on a blue background.