Skip to main content
WonkaChat implements robust compliance and governance features to support your regulatory requirements. While formal certifications are in progress, the underlying controls and capabilities are already built into the platform you’re using today.
Certification Status: WonkaChat has implemented security and governance controls aligned with major compliance frameworks (GDPR, SOC 2, ISO 27001). Formal third-party certifications are currently in progress.

​
What you can rely on today

Audit trails

Complete logging of user and agent actions with immutable audit trails.

Access controls

RBAC, authentication, and permission management across the platform.

Encryption & isolation

Encryption in transit and at rest with organization-level data isolation.

Retention controls

Configurable retention policies for conversations, logs, and user data.
These controls are operational today. Certifications will formally validate what is already in place.

​
Certification status

​
In progress
Formal audits underway
  • SOC 2 Type II: third-party audit in progress
  • ISO 27001: certification process initiated
  • GDPR: features supporting data subject rights implemented; conduct DPIA as appropriate
WonkaChat does not yet hold formal certifications. We are actively working toward them.
You can use WonkaChat confidently today; certifications will formally recognize the existing controls.

​
Audit trails and logging

  • Comprehensive logging system: Winston-based structured logging
  • Log levels: TRACE (10), DEBUG (20), INFO (30), WARN (40), ERROR (50), FATAL (60)
  • Security event logging: Auth attempts, permission changes, rate limits, suspicious activity
  • Migration audit trail: Schema changes, upgrades, config modifications, version tracking
  • User activity logging: Sessions, agent and tool usage, data access/exports
Sensitive data (passwords, API keys, tokens) is automatically redacted from logs.

​
Data retention policies

​
Conversation data

Enable automatic deletion of conversation history after a configured period.
  • Temporary chat: enabled
  • Retention window: 24 hours
  • Features: automatic cleanup jobs, user-controlled deletion, admin override, soft delete with recovery
Retain conversations indefinitely until manually deleted. Best for knowledge bases and long-term projects.

​
Log retention

Recommended retention:
  • Error logs: 90 days (debugging and troubleshooting)
  • Combined logs: 30 days (general activity)
  • Security logs: 365 days (compliance requirements)
  • Audit logs: 7 years (legal and regulatory requirements)
  • Violation logs: 180 days (violation tracking)
Rotation settings:
  • Daily rotation with date-based filenames
  • Max file size: 50 MB
  • Keep last 30 days of files
  • Compress older files

​
User data

Retention rules:
  • Active users: retained while account is active
  • Inactive users: 90 days after last activity
  • Deleted users: 30 days (soft delete with recovery)
  • Conversations: user-controlled retention
  • Files: 90 days after last access
  • Sessions: 7 days
  • Tokens: expire on refresh (typically 15 minutes to 7 days)

​
Need more information?

Contact WonkaChat

For questions about compliance, security documentation, or vendor assessments, reach out to our team for assistance.
WonkaChat provides enterprise-grade security features, but achieving full compliance requires your organization to implement appropriate policies, procedures, and controls based on your specific regulatory requirements.