Security and compliance

Communities are built on trust.
We are, too.

The only thing more critical than protecting your organization’s information is protecting your community’s. Both are top priorities for us.

Security and privacy

  • Data encryption in-transit and at-rest
    We work with external partners to independently audit our security architecture and controls. We engage regularly with a penetration testing firm to provide independent assurance that we stay up-to-date with security best practices.
  • The Right to be forgotten API
    We adhere to GDPR and CCPA regulations and provide a programmatic integration to remove all personally identifiable information.
  • Fine-grained authentication and authorization
    We support Single Sign-On and Role-Based Access Control, plus support for SAML and SCIM via multiple identity providers such as Okta, Microsoft Azure Active Directory, and more.


  • 99% uptime SLA
    We support communities with over 1.5 million members and offer a 99% uptime SLA with 24/7 uptime monitoring.
  • Natively-built integrations
    All of our integrations are through official APIs and conform to the terms of service of the 3rd party providers, so you never need to worry about compromising data quality or privacy.


  • GDPR
    We comply with the General Data Protection Regulation, which is a regulation in EU law on data protection and data subject rights for EU residents.
  • CCPA
    We adhere to the California Consumer Privacy Act, which upholds privacy rights and consumer protection for California residents.
  • SOC 2 Type 1 and Type 2
    Our SOC 2 Type I report shows we understand the necessary security procedures to safely handle customer data, and our Type II report shows we have upheld these standards over a set period of time.

We’re proud to be trusted by leading organizations of all sizes.

Ready to get started? Join thousands of communities powered by Common Room.