Privacy, security, and data protection are central to Tribe

Explore how we deploy state of the art practices to support the security objectives

Security framework

Data integrity

Ensuring customer information is always secure at any moment, during transit, and at rest.

Continuous defense

Minimizing any security risks through continuous penetration, vulnerability, and risk assessments.

Best practices

Ruthless implementation of security practices based on industry guidelines for cloud security.

Security initiatives

We’re committed to keeping our streak of 0 data breaches intact


We enable permission levels within the app to be set for your teammates.

SSO (Single Sign-On)

Authenticate teammates and users without requiring them to enter additional login credentials.

Password storage

A password complexity standard and credentials are stored using a PBKDF function (bcrypt).

Penetration test

Annual penetration test through third-party firms to investigate any missing vulnerabilities.

Bug bounty

A generous bug bounty program to reward security researchers for reporting valid vulnerabilities.

Uptime monitoring

Tribe monitors the service availability 24/7. Upgraded SLA notifies the client directly at the time of any incident.

Application security

A development process that enables immediate prioritization of critical updates and vulnerability remediations.

  • Every single user input goes through a validation layer that uses best practices to mitigate security vulnerabilities
  • Whether data is being transferred or stored, all customer data is secured with the latest encryption algorithms and technologies
  • All the access to production systems is logged and monitored by Tribe’s operations team.
  • All production database instances having streaming backups via database replicas in addition to daily full snapshots

Network security

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) to prevent unauthorized requests.

  • Protected by Cloudflare, which uses automated traffic scrubbing tools that monitor incoming traffic
  • Customer data is stored in multi-tenant datastores and logically separated
  • All data in our system are tagged by account and every request to our system requires account context
  • We use intrusion detection with a robust Security Information and Event Management (SIEM) system

Organizational security

Tribe’s security practices apply to all members of staff, third-party service providers, and physical data center security.

  • Tribe adheres to the principle of least privilege
  • Employees are given access only to the data that they must handle for their job responsibilities
  • Tribe establishes agreements with all third-party providers that require them to adhere to confidentiality commitments we make to our customers

Your data at Tribe

Tribe does not mine, store, or attempt to access any special or sensitive categories of personal data

  • Your organization is in control of all community and employee data at all times
  • You have the ability to set user permissions to limit access to data export, moderation, and other features
  • Tribe employees can access data after your permission as necessary for customer support
  • In the case of third-party integration, data scopes are limited to only the necessary information


Security practices and regulatory compliances are woven into everything we do at Tribe


Our data centers are SSAE16/ISAE 3204 Type II (SOC1 or SOC2) compliant. We follow strict protocols for security, availability, integrity, and confidentiality of data.


Tribe processes data in compliance with the EU’s General Data Protection Regulation (GDPR). Learn more about GDPR commitment here.

Annual Penetration Test

Tribe conducts annual security vulnerability and penetration testing using independent third-party auditors.

Get the datasheet