The main highlight is the ability to run self-hosted on your own infrastructure (again, this was done to allow use in government setting where there are usually tight restrictions on who can handle data). This is always recommended when privacy and security is improtant for you (not just with our tools but with anything that processes sensitive data in general). Also, it is open source so anyone can check that we are not doing anything fishy.
As for workspaces hosted by us, everything is hosted in the EU with strict GDPR data protection laws. The user always controls their data, who it is shared with, etc. When you delete something, it is actually deleted. We use minimum intermediaries (currently just our hosting provider, otherwise we process everything ourselves and do not involve any other cloud-based services in data handling), do not share any data with third parties (like most cloud services do) or do anything else with it that is not directly required in order to provide the service to the user.