2.11.2 Team Chat — Direct Messages — Private Chats
Direct Messages provide a private communication layer for one-to-one interaction between users within the same organization. Unlike Team Chat channels, Direct Messages are scoped strictly to two participants and are optimized for focused, confidential exchanges while maintaining the same reliability and audit guarantees as other internal communication features.
Scope and Privacy Model
A Direct Message thread is created implicitly when one user initiates a private conversation with another eligible user. Threads are uniquely bound to the participant pair and are not discoverable or accessible by third parties, administrators, or groups unless explicitly permitted by policy.
Privacy guarantees:
Only the two participants can access the thread
No implicit visibility through roles or teams
No cross-organization access
Threads cannot be converted into channels, preserving the private nature of the exchange.
Thread Identity and Persistence
Each Direct Message thread has a stable identifier derived from the participant set. This ensures that message history is preserved across sessions, devices, and reconnects without creating duplicate threads.
Example thread resolution logic:
$thread = DirectMessageThread::firstOrCreate([ 'user_a_id' => min($sender->id, $recipient->id), 'user_b_id' => max($sender->id, $recipient->id), ]);Message Model
Messages in Direct Messages follow the same immutable message model used elsewhere in Team Chat. Once persisted, messages cannot be silently altered or removed.
Message attributes include:
Author identifier
Message body
Attachments and metadata
Server-generated timestamp
Example message creation:
$thread->messages()->create([ 'author_id' => $sender->id, 'body' => $request->input('body'), ]);Read State and Delivery
Read state is tracked per participant and per thread. This enables accurate unread indicators without exposing reading behavior to non-participants.
Delivery guarantees:
Messages are delivered at least once
Duplicate deliveries are deduplicated client-side
Ordering is enforced by server timestamps
Presence indicators may be displayed but do not affect delivery semantics.
Attachments and Media
Attachments shared in Direct Messages follow the same storage, scanning, and access rules as other Media Center assets. Access to attachments is restricted to thread participants and expires according to tenant retention policies.
Moderation and Compliance
While Direct Messages are private, they remain subject to organizational policies and legal requirements. Metadata required for audit or incident investigation may be retained without exposing message content by default.
Actions such as message export or disclosure require explicit authorization and are logged.
Lifecycle and Retention
Direct Message threads persist until explicitly deleted by policy or user action where permitted. Deletion rules are deterministic and never partial; either the thread is retained in full or removed according to retention configuration.
Security and Isolation
All Direct Message data is tenant-scoped and encrypted at rest. Access checks are enforced on every read and write operation to prevent privilege escalation or data leakage.