Security & private deployment
Self-hosting means data, keys, and access policy stay under your control. imcore's security rests on real features, not compliance badges.
Data sovereignty
Self-hosted: messages, user data, and keys stay on your own servers / VPC and never pass through a third party.
Transport & auth
WSS / TLS encrypted transport; JWT-authenticated connections; WebSocket Origin allowlist; API rate limiting; SSRF protection on outbound webhooks.
Access control & audit
Role-based permissions (RBAC) in the admin console; every admin action is written to an audit log.
Content safety
Built-in content moderation and sensitive-word filtering.
Deployment & observability
Intranet / offline deployment supported; Prometheus metrics (/metrics) and health checks (/healthz) plug into your monitoring.
Compliance stance
We don't ship pre-baked third-party certification badges. Self-hosting lets you run inside your own compliance boundary — your data, your keys, your audit and access policy.