Chatto: Open-source team messenger with privacy at its core

Teams that want their group chats off commercial platforms have a growing menu of self-hosted options. Chatto joined that group when its developer released the code under an open-source license and posted binaries for anyone to run on their own hardware. The software aims at the same ground as the large team messaging services, and it keeps message data on infrastructure the operator controls.

chatto chat app privacy

Installation runs through a single executable. An operator drops the binary onto a machine, runs it, and gets a working chat server that serves its own web frontend. Builds exist for Linux on x86_64 and ARM64, macOS, and Windows. A basic setup needs no separate database, and larger deployments scale out with Docker Compose or Kubernetes.

What the encryption covers

The privacy design starts at the account level. Chatto encrypts message text and selected durable account fields with per-user keys. Each user’s data locks to keys specific to that account, so the plaintext depends on keys held for that person alone. When someone deletes their account, the server performs crypto-shredding and destroys those keys. The data tied to them becomes unreadable, and recovery stops being possible even from a backup that still holds the encrypted bytes.

That model gives account deletion a concrete effect. A user who leaves takes the readability of their content with them, since the keys that unlocked it are gone.

Certain fields and assets sit outside the encryption boundary and stay in plaintext. The per-user keys reach message text and selected durable account fields, and that content makes up the encrypted set. Operators get a record of which data the keys cover and which data the server stores in the clear, so they can measure the exact reach of the protection against their own requirements.

One server, one community

Each Chatto server runs a single community. A server holds its own users and messages and keeps that content to itself, with no federation of data across instances. This design limits how far any one conversation travels, since the messages live on one server owned by one operator. People who belong to several communities connect to each server directly from the client. An operator who runs more than one community starts a separate process for each. Chatto carries no third-party tracking and no analytics.

Voice and video calls come built in, with screen sharing, and use end-to-end encryption that keeps call media readable only to the participants. Call capacity depends on the operator’s own hardware.

A hosted option on European infrastructure

Teams that want the privacy properties of self-hosting and prefer to hand off server operation have a hosted service on the way. Chatto Cloud will enter public beta soon, offering paid hosting for Chatto servers. It launches on European and European-owned infrastructure, a detail that carries weight for organizations with data-residency requirements in the region. More regions are planned for early 2027. Servers on Chatto Cloud stay compatible with self-hosted ones, and operators can move their data into or out of the service at any point.

Chatto is available for free on GitHub.

Must read:

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!

Don't miss