Privacy, security, and data protection are central to Tribe

Explore how we deploy state of the art practices to support the security objectives

Security framework

Data integrity

Ensuring customer information is always secure at any moment, during transit, and at rest.

Continuous defense

Minimizing any security risks through continuous penetration, vulnerability, and risk assessments.

Best practices

Ruthless implementation of security practices based on industry guidelines for cloud security.

Security initiatives

We're committed to keeping our streak of 0 data breaches intact
  • Permissions

    We enable permission levels within the app to be set for your teammates.

  • SSO (Single Sign-On)

    Authenticate teammates and users without requiring them to enter additional login credentials.

  • Password storage

    A password complexity standard and credentials are stored using a PBKDF function (bcrypt).

  • Penetration test

    Annual penetration test through third-party firms to investigate any missing vulnerabilities.

  • Bug bounty

    A generous bug bounty program to reward security researchers for reporting valid vulnerabilities.

  • Uptime monitoring

    Tribe monitors the service availability 24/7. Upgraded SLA notifies the client directly at the time of any incident.

aplication security

Application security

A development process that enables immediate prioritization of critical updates and vulnerability remediations.
  • Every single user input goes through a validation layer that uses best practices to mitigate security vulnerabilities
  • Whether data is being transferred or stored, all customer data is secured with the latest encryption algorithms and technologies
  • All the access to production systems is logged and monitored by Tribe’s operations team.
  • All production database instances having streaming backups via database replicas in addition to daily full snapshots
network security

Network security

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) to prevent unauthorized requests.
  • Protected by Cloudflare, which uses automated traffic scrubbing tools that monitor incoming traffic
  • Customer data is stored in multi-tenant datastores and logically separated
  • All data in our system are tagged by account and every request to our system requires account context
  • We use intrusion detection with a robust Security Information and Event Management (SIEM) system
organizational security

Organizational security

Tribe's security practices apply to all members of staff, third-party service providers, and physical data center security.
  • Tribe adheres to the principle of least privilege
  • Employees are given access only to the data that they must handle for their job responsibilities
  • Tribe establishes agreements with all third-party providers that require them to adhere to confidentiality commitments we make to our customers
  • Tribe infrastructure is hosted on DigitalOcean data centers that are equipped with physical barriers such as alarms, access cards, video surveillance, etc.
your data at Tribe

Your data at Tribe

Tribe does not mine, store, or attempt to access any special or sensitive categories of personal data
  • Your organization is in control of all community and employee data at all times
  • You have the ability to set user permissions to limit access to data export, moderation, and other features
  • Tribe employees can access data after your permission as necessary for customer support
  • In the case of third-party integration, data scopes are limited to only the necessary information


Security practices and regulatory compliances are woven into everything we do at Tribe
  • SOC II

    Our data centers are SSAE16/ISAE 3204 Type II (SOC1 or SOC2) compliant. We follow strict protocols for security, availability, integrity, and confidentiality of data.

  • GDPR

    Tribe processes data in compliance with the EU's General Data Protection Regulation (GDPR). You can more about GDPR commitment here.


    We are bound by the Canadian privacy and information law known as PIPEDA (The Personal Information Protection and Electronic Documents Act).

  • EU SCCs

    Our DPA includes EU Standard Contractual Clauses (SCCs) to enable our European clients to comply with GDPR.

  • Annual Penetration Test

    Tribe conducts annual security vulnerability and penetration testing using independent third-party auditors.

  • Audit Trails

    Tribe audits and logs users activity. This allows our customers to monitor the actions taken by their admins and moderators.

Join the discussion

During transit, either externally or internally between Tribe services, data is encrypted using TLS 1.2 with AES 256 bit encryption to ensure data protection at all times. Tribe SSL certificates are issued through Let's Encrypt...

Updated 3 days ago
Join the Discussion

As we are committed to protecting users' privacy, Tribe will not share any personally identifiable information (PII) data with Google Analytics. This means we don't send the user's username or name to Google Analytics as the UserID or custom dimension...

Answered by Mo
Join the Discussion

From what I gather broadly you have the following features for GDPR: ✓ Cookie consent ✓ Ability to delete members (and associated data) ✓ Ability to export member-specific data ✓ Linking to the privacy policy Here is a detailed post on how to use each of these...

Answered by Adrian
Join the Discussion

You can add extensions by going to Admin Panel > Settings > Security. To add an extension, you need to add the file type with a . before it. For example, to add pdf, you need to add .pdf and then add application/pdf...

Updated an hour ago
Join the Discussion

Get the datasheet