Everything your team needs to communicate securely, with full control over your data and infrastructure.
Messaging & Collaboration
Channels & Threads
Keep conversations organized with public channels, private groups, and direct messages. Threads let your team follow specific discussions without cluttering the main channel.
Unlimited public and private channels
Threaded replies to keep side conversations contained
Pin important messages for the whole channel
Full message history with file attachments
Rich Messages
Share formatted messages, embedded links, images, and files. Your team can react, reply, and collaborate without switching tools.
Markdown formatting for styled messages
Link previews that show content inline
Emoji reactions for quick feedback
File attachments with automatic metadata
Presence & Notifications
Know who's online and get alerted when it matters. Push notifications keep your team in the loop without constant checking.
Real-time online status for every member
Mentions with notification alerts
Typing indicators show who's writing
Push notification support for mobile browsers
Voice & Media
Voice Calls & Stage Channels
Talk to your team in real-time with voice channels. Stage channels work like virtual meeting rooms where speakers present and attendees listen.
High-quality audio and video calls
Stage channels for presentations and town halls
Speaker and listener role controls
Low-latency media delivery
File Sharing & Media
Share files, images, and videos with your team. All media is stored on your own infrastructure and scanned for safety.
S3-compatible storage (MinIO, AWS S3, etc.)
Media proxying to protect your network
Automatic metadata for uploads
Avatar and icon support for profiles and servers
Custom Expressions
Let your team express themselves with custom avatars, server icons, and emoji. Control what's available by role.
Custom user avatars and server icons
Emoji management and custom emoji sets
Role-based media permissions
Audit log for all media uploads
Identity & Access Control
Secure Accounts
Protect every account with strong authentication. Multi-session tracking means you can see exactly where each user is logged in.
Token-based authentication
Track every active session per user
Two-factor authentication (TOTP)
IP-based security rules
Roles & Permissions
Control who can see what and who can do what. Granular permissions let you set policies at the server and channel level.
Hierarchical roles with configurable permissions
Channel-level access control
Moderator and admin workflows
Permissions are enforced on every action
Moderation & Safety
Keep your community safe with built-in reporting, automated moderation rules, and full admin visibility into all activity.
User and message reporting system
Automated moderation rule sets
Admin dashboard with full activity view
Security event review and audit trail
Privacy & Compliance
Real Message Deletion
When you delete a message, it stays deleted. On licensed installs, the server rotates encryption keys so even devices that previously had access cannot recover deleted content. This is critical for compliance and data retention policies.
Deleted messages are unrecoverable — even from devices that had the key
Stolen or lost devices lose access automatically on key rotation
Former employees cannot read exports made before their access was removed
Free tier uses standard encryption (compatible, but client-managed cache)
Encryption Key Management
Your encryption keys stay on your infrastructure. The server validates key strength at startup and refuses to run with weak keys, so a misconfiguration can never silently compromise your data.
Hardware-backed keys via TPM 2.0 when available
Environment-based key source for container deployments
Automatic key migration when switching key sources
Startup validation catches weak or compromised keys before they're used
Data Export & GDPR Compliance
Built-in data export tool packages every piece of user data into a single bundle. Users can request their own export from the settings screen, and admins can trigger exports for compliance requests.
Complete user data bundle (messages, files, sessions, audit log)
Self-serve export from user settings
Admin visibility into all export requests
Configurable retention policies and export formats
Developer Tools & Integrations
REST API
Extend and integrate Plexichat with your existing tools. Every feature is accessible through a versioned API with interactive documentation.
API base URL: /api/v1
Interactive docs at /docs (Swagger) and /redoc
Static API documentation at /docs/api
All requests validated against schema definitions
Webhooks
Connect Plexichat to your existing workflow tools. Webhooks fire on events and push data to any HTTP endpoint you configure.
Create and manage webhooks per channel or server
Track webhook delivery status
Integration with external services
Easy-to-use route structure
Bots & OAuth
Automate tasks with bot accounts and integrate with identity providers via OAuth. Bots have their own API tokens and can respond to commands.
Bot accounts with dedicated API tokens
OAuth provider configuration for SSO
Slash command support for bot interactions
Client-side OAuth callback handling
Infrastructure & Operations
Database & Caching
Built on proven storage technologies. PostgreSQL handles persistence reliably, Redis keeps sessions and caches fast, and S3 storage scales for media.
PostgreSQL for reliable data storage
Redis for caching and session management
Configurable connection pools for scale
Bring your own external storage
Monitoring & Health
Keep an eye on your deployment with health checks and telemetry. Admins get full visibility into system status and performance.
Health check endpoint at /api/v1/health
Telemetry and performance metrics
Admin dashboard with system logs
Rate limit monitoring and alerts
Startup Validation
Every Plexichat instance validates its configuration on startup. Misconfigurations are caught early with clear error messages, so you never run in a broken state.
Self-test suite for core endpoints
Configuration validation on every boot
Request schema validation for all API calls
Safe defaults that work out of the box
Enterprise (Commercial Licence)
The core platform is free to self-host. A commercial licence unlocks these additional capabilities for organizations that need them. The free tier continues working normally — paid features show a no-op or read-only path instead of blocking.
Cross-Instance Federation (PlexiJoin)
Connect multiple Plexichat servers together so users on different instances can communicate seamlessly. Whether you're connecting departments, subsidiaries, or partner organizations, federation keeps everyone in touch without anyone's data leaving your control.
Link servers together with outbound federation connections
Approve or deny incoming federation requests
Monitor connection health and traffic
Built-in conflict resolution for federated data
SSO, Bots & Advanced Moderation
Integrate with your existing identity provider using SAML or OAuth, build custom bots with premium rate limits, and enforce advanced moderation rules. Audit log export lets you feed security events into your SIEM.
SSO / SAML integration with your identity provider
Bot accounts with higher rate limits for automation at scale
Custom roles and advanced AutoMod rule sets
Audit log export in SIEM-compatible formats
Server-Managed Encryption
When a commercial licence is active, the server takes ownership of the encryption key cache. This means a deleted message is permanently gone — even if someone exported data while they had access, the key rotates and the content becomes unreadable. Critical for regulated industries and strict data retention policies.