Security & Compliance Controls safeguard client data while keeping access convenient. Configure policies that match your regulatory requirements without adding friction to the experience.
Security matched to sensitivity
Apply stricter controls to high-risk projects while keeping standard engagements streamlined.
Core Controls
- Domain restrictions ensure portals are only available via approved URLs or custom hostnames.
- Session policies define magic link expiry, password requirements, and idle timeouts.
- Access governance enforces approval flows for high-privilege actions.
Advanced Safeguards
| Control | Description | When to Use |
|---|---|---|
| Optional passcodes | Adds shared secret on top of magic links | Pre-launch programs, confidential projects |
| IP allowlists | Restricts access to trusted networks | Regulated industries, internal-only portals |
| Watermarked assets | Adds identifiers to downloads | Sensitive deliverables or compliance documentation |
| Data retention policies | Automate archival or deletion schedules | Align with GDPR, SOC 2, or internal mandates |
Compliance Toolkit
Configure Domain & Session Policies
Set allowed domains, link expiry times, and timeout durations from Security Settings.
Enable Enhanced Controls
Add passcodes, IP restrictions, or watermarking where sensitivity demands extra protection.
Define Retention Rules
Specify how long documents, transcripts, and logs should be stored before archival or deletion.
Monitor Audit Logs
Review permission changes, login activity, and automation triggers to maintain oversight.
Export Compliance Reports
Generate logs and consent records on demand for internal audits or regulatory reviews.
Best Practices
Trust through transparency
Share your security posture with clients using portal-banner updates or onboarding packets.
- Align policies with regional and industry-specific regulations.
- Pair permission reviews with security audits to catch scope creep.
- Document exceptions and approvals for future reference.
Combine these controls with Granular Permissions to deliver both flexibility and assurance.