Security and privacy, by design.

ChatFormats runs entirely offline on your Windows environment — no cloud upload, no third‑party APIs for message processing. Designed for law firm confidentiality and compliance.

How ChatFormats handles data

📥

Input

WhatsApp ZIP exports (with or without media), local OCR/Tesseract models, local Moonshine transcription models. All inputs stay on your machine.

⚙️

Processing

Message parsing, privilege detection, OCR, transcription, entity extraction — all on your Windows device. No client data transmitted to external servers.

📁

Output

PDF exhibits, HTML review sets, CSV files, Concordance/Relativity load files, JSON, and organised media folders. Written to user‑selected local directories.

Offline by default

No cloud upload. Period.

ChatFormats never sends your client's WhatsApp data to our servers or any third‑party cloud. All evidence stays inside your firm's environment — no vendor access, no unexpected data transfer.

  • ✓ Local OCR (Tesseract) runs on your device
  • ✓ Voice transcription (Moonshine) runs locally — no OpenAI API calls
  • ✓ Privilege detection, NER, and structured extraction are 100% on‑prem
Updates & licensing

What (if anything) reaches the internet

License validation and update checks may contact our servers, but they never transmit message content or metadata. These checks are limited to version info, license status, and anonymised basic telemetry (if enabled — optional). Client evidence remains isolated.

🔒 For air‑gapped environments, offline license verification and manual updates are available under Enterprise terms.

Where data is stored and how outputs behave

Input locations

The WhatsApp ZIP file stays exactly where you place it. ChatFormats reads from that location but does not move or duplicate it without your direction. Processed message data exists only in memory during parsing.

Output directories

All exports (PDF, HTML, CSV, DAT/OPT, media folders) are written to a user‑selected folder. No proprietary cloud storage, no vendor copy of the evidence. You control retention, backups, and deletion.

Supporting chain‑of‑custody narratives

ChatFormats helps you build a defensible chain of custody by:

  • Computing SHA‑256 hashes of the original WhatsApp ZIP and extracted .txt file.
  • Embedding those hashes in generated PDF exhibits and HTML review sets.
  • Providing a separate Chain of Custody TXT report with timestamps, case metadata, and hash values.
  • Recording the export generation date and environment details (configurable).

📌 These are technical aids; final chain‑of‑custody procedures remain your firm's responsibility. We provide the building blocks for a clear narrative from source to exhibit.

Access control & environment

OS‑level controls

ChatFormats runs as a standard Windows application under the logged‑in user's account. It inherits your firm's existing file permissions, BitLocker encryption, and network policies. No separate user database or remote access channel is created.

No hidden persistence

The tool does not install background services, kernel drivers, or auto‑migrate data. Uninstall removes all application files (user outputs remain untouched).

Support data and optional telemetry

Support engagements: When you contact our support team, you decide what to share. We may ask for log files or anonymised sample exports, but you control the data. We never remotely access your machine or evidence folders.

Telemetry (placeholder – subject to firm agreement): ChatFormats may include optional, aggregate telemetry (e.g., feature usage counts, crash reports) that contains no message content, filenames, or participant names. Telemetry is disabled by default in sensitive environments (Enterprise/firm license). Exact scope to be confirmed during implementation and legal review.

📋 For firms requiring absolute data isolation, we offer an Enterprise configuration with telemetry fully removed and offline license validation.

Bring your IT and security team to the demo

We invite your information security or compliance leads to join a technical walkthrough. Ask about offline architecture, deployment in air‑gapped environments, and integration with your existing security stack.

📅 Schedule a security‑focused demo 📄 Request security questionnaire

We can provide a detailed security addendum, GDPR/DPA addendum, and answer custom compliance questionnaires.