Log in

CometChat on-prem deployment

Run CometChat entirely inside your infrastructure. No shared cloud. No default external access. You own your data, runtime, and network.
Built for teams that need real-time messaging without giving up control, in environments where cloud SaaS isn’t an option.
Contact Us
Explore Docs
Hero image

Data ownership, security & compliance

Your data never leaves your infrastructure.

Data Residency

Your data, your infrastructure

Data is stored entirely within your environment:

  • Messages and message metadata

  • Media and attachments

  • User profiles and conversation data

  • Logs, metrics, and audit records

Access Model

You control system access

  • No CometChat access by default

  • Access only with explicit customer approval

  • Many customers operate in a strict zero-access mode

Security & Compliance

Compliance-aligned architecture

  • SOC 2–aligned architecture

  • GDPR-compliant deployments

  • HIPAA-compatible setups

  • ISO-aligned security controls

  • Supports COPPA, DSA, and CSAM-related requirements through data control, moderation, and auditability - configured and governed by your team.

Encryption

End-to-end data protection

  • In transit: TLS 1.2+

  • At rest: database and disk-level encryption

  • Key ownership: fully customer-owned (BYOK supported)

How CometChat runs in your infrastructure

CometChat on-prem fits into existing enterprise setups without forcing a specific architecture.

Deployment

Supported environments

CometChat on-prem can run on a variety of infrastructures to fit your enterprise needs. We’ll give you scale guidance upfront - if Kubernetes is overkill, we’ll say so. Supported environments at a glance:

Bare metal servers

Virtual machines (VMs)

Docker (local and production)

Docker Swarm (recommended up to ~200k MAU)

Kubernetes (recommended beyond ~200k MAU for HA and scale)

Customer-owned private cloud (AWS, GCP, Azure)

Restricted Networks

Built for locked-down & regulated environments

CometChat is designed to work in restricted and air-gapped networks. It runs entirely inside your isolated environment with no outbound internet access required. Even in environments where nothing can communicate outside your firewall, CometChat continues to function reliably. In air-gapped setups, some limitations apply:

External push notification services are unavailable

Third-party integrations must be mirrored internally

External API calls require explicit internal routing

Operations

Ownership, operations & lifecycle

You control how CometChat is operated long-term. Deployment responsibilities can be tailored to your organization, and operational capabilities include version pinning, offline upgrades, controlled rollbacks, and customer-owned monitoring, alerting, and disaster recovery; there are no forced upgrade cycles or hidden dependencies. Deployment options include:

Customer-managed: you own infrastructure, scaling, upgrades, and backups

Shared responsibility: you own infrastructure, and CometChat assists with setup, upgrades, architecture guidance, and troubleshooting

CometChat-managed: CometChat FDEs operate the deployment on your infrastructure with agreed access and commercial terms

Provisioning

Setup & time to production

On-prem deployments are deliberate, not rushed. Setup can be handled by your DevOps team, a shared engagement with CometChat engineers, or a fully managed CometChat deployment under contract. You get access to detailed deployment and operations documentation, Docker and Kubernetes tooling, upgrade and rollback scripts, and monitoring and observability integrations. Typical timelines are:

Standard production setup: ~1–2 weeks

High-availability or air-gapped deployments: ~3–6 weeks

Product availability in on-prem

Core messaging matches cloud. Availability and operations depend on deployment constraints.

Chat & Messaging

Fully supported for production on-prem deployments today

Includes the complete Messaging Platform: chat, moderation, webhooks, and notifications
Complete feature parity with cloud for messaging capabilities

Voice & Video Calls

On-prem support is actively being developed and will be available soon

On-prem support is actively under development
Will follow the same on-prem security and infrastructure model as messaging

AI Agents & Copilots

Available on-prem depending on connectivity & model-hosting setup

Supported when outbound connectivity to AI providers is allowed
Also supported with customer-hosted, internally managed AI models
Availability depends on network policy and model hosting approach
Ellipse
CometChat Logo

Talk to us about on-prem

Have questions about self-hosting? Talk to an engineer about your environment and constraints. We will help you think it through.

Explore Docs
Contact Us