Platform
ScaiWave ScaiGrid ScaiCore ScaiBot ScaiDrive ScaiKey Models Tools & Services
Solutions
Organisations Developers Internet Service Providers Managed Service Providers AI-in-a-Box
Resources
Support Documentation Blog Downloads
Company
About Research Careers Investment Opportunities Contact
Log in

Incognito and restricted rooms

json
1
2
3
4
5
6
{
  "title": "Incognito and restricted rooms",
  "audience": "everyone",
  "summary": "When you want a conversation that doesn't leak into search, summaries, training data, or future AI context.",
  "sort_order": 13
}

Incognito and restricted rooms#

Most rooms are stored, searchable, and contribute to AI context. For sensitive conversations — incident response, hiring, legal, anything under embargo — you want the opposite.

Incognito rooms#

An incognito room (scope_kind=incognito) has different rules:

  • Not indexed. Every event carries do_not_index=True, so the message never reaches Weaviate. Search will never surface it.
  • Not summarised. Conversation summaries skip incognito rooms.
  • Not in future AI context. Even when the same AI joins another room and consults its memory plugin, incognito-room content is excluded from retrieval.
  • No training data export. The GDPR / training-data export jobs skip incognito rooms.
  • Auto-close on leave (optional). When configured, the room closes the moment the spawner leaves it, hard-deleting events rather than archiving.

Create one from the + New room dialog → Mode: Incognito, or with POST /v1/rooms and scope_kind=incognito.

What incognito doesn't do#

  • Not end-to-end encrypted. Messages are still stored on the server in plaintext (in sw_events). The server can see everything. Use a different tool if you need real cryptographic privacy.
  • No federation. Incognito rooms can't be federated — the protocol explicitly refuses.
  • No bridges. Same.
  • No export. The room-export bundle refuses incognito rooms on both ends.

Restricted rooms#

A restricted room is a normal room whose visibility is gated by a role. Set visibility=restricted and read_role_slugs=["incident-response"] at create time; only users in a group that holds the matching role can see it in the directory or be invited.

Use this for "this room exists but only on-call SREs can see it" — the room is fully indexable and searchable, just to a smaller audience.

Combining both#

scope_kind=incognito + visibility=restricted gives you a room that's only visible to a small group and doesn't bleed into search or AI context. This is the strongest available mode short of running the conversation outside the system entirely.

Audit#

Incognito rooms still log to the audit table — admin actions (create, close, kick) are recorded — but message bodies are not. A compliance team can see "Alice created an incognito room with Bob on Tuesday" without seeing what they said.

Where to go next#

  • API: Roomsscope_kind parameter.
  • Reference: Configuration — tenant-level overrides for incognito behaviour.
Updated 2026-05-27 22:31:18 View source (.md) rev 4