This article will provide facts on Stream Chat data encryption and related topics.
Stream Chat Data Encryption
Messages are encrypted in transit using TLS 1.2 and at rest with AES256. Messages are not end-to-end (E2E) encrypted. You can use a third party service, like Virgil or Tanker.io to implement E2E encryption.
Stream is HIPAA ready. To become HIPAA compliant with Stream, you only need to sign a Business Association Agreement (BAA). Get in touch with firstname.lastname@example.org to sign this agreement. More info on BAA's here.
HIPAA and E2E encryption
E2E encryption is not required for HIPAA compliance, but if you would like to use E2E encryption for increased security with HIPAA, you can use third-party services like those mentioned above (i.e. Virgil or Tanker). This article also explains how to create a Chat App that is HIPAA compliant with E2E encryption.
Stream is SOC2 Type II Compliant.