--- audience: everyone summary: When you want a conversation that doesn't leak into search, summaries, training data, or future AI context. title: Incognito and restricted rooms path: concepts/incognito-and-restricted status: published --- # Incognito and restricted rooms Most rooms are stored, searchable, and contribute to AI context. For sensitive conversations — incident response, hiring, legal, anything under embargo — you want the opposite. ## Incognito rooms An **incognito** room (`scope_kind=incognito`) has different rules: - **Not indexed**. Every event carries `do_not_index=True`, so the message never reaches Weaviate. Search will never surface it. - **Not summarised**. Conversation summaries skip incognito rooms. - **Not in future AI context**. Even when the same AI joins another room and consults its memory plugin, incognito-room content is excluded from retrieval. - **No training data export**. The GDPR / training-data export jobs skip incognito rooms. - **Auto-close on leave** (optional). When configured, the room closes the moment the spawner leaves it, hard-deleting events rather than archiving. Create one from the **+ New room** dialog → **Mode: Incognito**, or with `POST /v1/rooms` and `scope_kind=incognito`. ## What incognito doesn't do - **Not end-to-end encrypted**. Messages are still stored on the server in plaintext (in `sw_events`). The server can see everything. Use a different tool if you need real cryptographic privacy. - **No federation**. Incognito rooms can't be federated — the protocol explicitly refuses. - **No bridges**. Same. - **No export**. The room-export bundle refuses incognito rooms on both ends. ## Restricted rooms A **restricted** room is a normal room whose visibility is gated by a role. Set `visibility=restricted` and `read_role_slugs=["incident-response"]` at create time; only users in a group that holds the matching role can see it in the directory or be invited. Use this for "this room exists but only on-call SREs can see it" — the room is fully indexable and searchable, just to a smaller audience. ## Combining both `scope_kind=incognito` + `visibility=restricted` gives you a room that's only visible to a small group *and* doesn't bleed into search or AI context. This is the strongest available mode short of running the conversation outside the system entirely. ## Audit Incognito rooms still log to the audit table — admin actions (create, close, kick) are recorded — but message bodies are not. A compliance team can see "Alice created an incognito room with Bob on Tuesday" without seeing what they said. ## Where to go next - API: [Rooms](/docs/scaiwave/reference/api/rooms) — `scope_kind` parameter. - Reference: [Configuration](/docs/scaiwave/reference/configuration) — tenant-level overrides for incognito behaviour.