Security of Data within Coda

Hi, I am creating some pages within Coda for Foodbank colleagues to store, manage and share (within the volunteer team) information re Foodbank clients and the information we can provide to point the clients (by phone - not in Coda) towards sources of support. I have been challenged regarding how I can guarantee the privacy and security of the information we store in Coda. Can anyone point me to details/summary of the security functionality that will ensure the data cannot be accessed by others - please? Thanks.

Hi @Saltash_Foodbank :blush: ! … and welcome back to the Community :grin: !

I can point you to the Security page :blush:


I would also add about data security on doc level.

  1. You must understand that a Coda doc is shared in its entirety, regardless of what’s visible or hidden, locked or filtered out. Assume that whenever you share the doc with someone (even in View Only mode) they can read all data from it. That’s because the whole file is loaded on the client and at the client side it’s encoded (precisely, the way the data is encoded is easy to reverse-engineer)

    See this topic as well:
    Privacy laws and data protection - #2 by Paul_Danyliuk

  2. Cross-doc and forms allow to set up some sort of access control to pieces of data in a doc but there are gotchas. With cross-doc you must ensure that you’re not using a connection that has access to more data than should be shared (i.e. you have to create individual views for each and every link, and not reuse connection tokens in general). With forms you have to be careful not to leak private data through a shard (a subset of tables and rows that gets loaded along the form to support formulas and lookup values)

    [Lesson] Cross-Doc Best Practices
    Security of personal data in published forms - #7 by Paul_Danyliuk


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.