See all posts

4 min read

Trust comes first: Keeping your community data secure and compliant
Jul 7th, 2022

Keeping your community data secure and compliant

Communities are built on trust, and Common Room is, too. The only thing more critical than protecting your organization’s information is protecting your community’s. Both are top priorities for us.

To that end, we’ve made significant investments in our platform’s security and compliance, including SOC 2 Type II certification, GDPR and CCPA compliance, and support for Single Sign-On (SSO), Role-Based Access Control (RBAC), and SCIM. Looking forward, we will continue to make these critical investments in protecting our customers and their communities’ data.

The importance of maintaining security and compliance for your community’s data

Modern online communities invite their members to join from all around the world and foster discussions across multiple communication platforms like Slack, Discord, Discourse, MeetUp, Twitter, and more. An intelligent community growth platform must therefore offer reliability, security, and compliance across all of these jurisdictions, now and in the future, in order to truly be trusted.

Common Room was built to meet these requirements from day one, and we maintain a regular release and certification cadence as both regulations and our customers’ needs evolve.

How Common Room keeps your community data secure and compliant

Customer community data in Common Room is always encrypted, in transit and at rest. But don’t just take our word for it: we work with external partners to independently audit our security architecture and controls. We engage regularly with a penetration testing firm to provide independent assurance that we stay up-to-date with security best practices.

Building on this secure foundation, we’re also committed to protecting the privacy of your data and ensuring that your Common Room implementation meets your own compliance requirements. We adhere to GDPR and CCPA regulations, including offering a Right To Be Forgotten API for programmatic integration with your internal systems’ data governance.

After securing SOC 2 Type I certification in early 2021, Common Room is now SOC 2 Type II compliant. A SOC 2 Type I report proves that a company understands the necessary security measures to safely handle customer data, and a Type II report demonstrates that a company has upheld these standards over a set period of time.


These certifications mean you can be confident that your data is in good (and secure) hands with Common Room. That means you can focus on what matters most—building relationships with community members and growing your community.

Common Room also supports secure, fine-grained authentication and authorization through Single Sign-On and Role-Based Access Control. This includes support for SAML and SCIM via multiple identity providers such as Okta, Microsoft Azure Active Directory, and more. These features and capabilities make it easier to protect member information and build trust within your community.

  • Single Sign-On provides streamlined authentication through your choice of identity providers. We currently offer SSO through Google GSuite, GitHub, or your Microsoft account (personal or AAD).
  • Role-Based Access Control allows for fine-grained management of access to Common Room data (viewer, editor, or owner roles).
  • In addition to broad support for SAML and SCIM across identity providers, our Okta-approved SAML and SCIM integration is now available through the Okta Integration Network. This means that administrators can manage access to Common Room through Okta, assigning each user an appropriate role in Common Room (owner, editor, or viewer). Users can launch Common Room from their Okta portal, and when they leave the organization their seat is automatically de-provisioned in Common Room.

Last but not least, Common Room is reliable. We offer a 99% uptime SLA and already support communities of over 1.5 million members. By keeping Common Room running smoothly at enterprise and web3 scale, we ensure you can do the same for your community.

Trust matters

The best community leaders show up reliably for their communities, and Common Room strives to do the same. We’re proud to be trusted by leading organizations of all sizes, including Asana, Atlassian, Confluent, dbt Labs, Grafana Labs, Figma, and Notion.

Through sustained investments in reliability, security, and compliance, backed by independent certification, Common Room has and will continue to build community trust in how we handle customer data.

To learn more about what we’ve been building, check out the Common Room blog. If you’re new to Common Room, get started for free or request a demo to see the platform in action.