Selling doc + avoiding resale + customer privacy

Hello, I developed a doc for Freelancers to track their tasks, budget, finances, and other aspects of their work.

I want to be able to sell this document to customers and give them full access to edit as they like.

However, after I sell it, I would have to lose access to it since the customer won’t want me having access to their data (such as their clients, projects, budgets, etc.).

From what I understand, this can only be done if they copy the doc so they create a separate one to which I won’t have access. The problem with that is obvious: after they copied it, they will be able to share with anyone they want.

How do I solve this problem? Is there a way I can sell a document to a client with the “Copy” option disabled and then remove my access to it completely? Like, “I sent you the document, now I have no more access but you can’t copy it either”.

Please let me know if it is clear or if you need more information. Thanks!

Hey there!

Been down this road many times.

There’s no real way to do it right now. I’ve developed a custom pack that stores valid purchase emails, then, if the current users email isn’t in that list, every time they press buttons, etc, crazy stuff will happen in the doc

But as they are the owner of the doc, if they are good enough with coda, they can follow the chain of actions and disable these things.

So long story short - no way to do so now.

1 Like

Hey Scott, thanks for replying! I’ve actually read your answer on another post but I don’t quite understand custom packs.

To be honest, even if they disable that function, I think that at least having that option is already discouraging for some non-tech savvy users.

Could you please share some information about custom packs so I can learn how they work and try to implement them myself? Or maybe to how yours work?

Thank you very much!


So essentially the method I followed is as follows:

  1. Collect purchase details in a table in a separate doc, most importantly, an email. I specifically used stripe to collect payments and then configured webhooks in stripe to send purchase data automatically to my doc
  2. Made a separate pack called “ValidatedPurchase” - this pack used Codas api to check if the current users information (email) was in my purchase table and then simply returned a true/false value
  3. I then simply wrote a bunch of statements in formulas, automations, buttons, etc. so that IF the pack returned false the doc would just wreak havoc on itself.

Let me know if you need any more help! Ultimately I abandoned this and just decided to trust people

1 Like

Basically, ditto what Scott said.

Running into the same need myself.

There are two ways to distribute:

  1. I copy the doc myself and share it with the user but they can’t copy it. I stay the owner.
  2. I let the user copy the doc and become the owner, shutting me off.

Option 1 means you still have access to the doc — not what users might want. You may sorta sweeten this by creating some dedicated “service” Coda user that you pinky swear not to use — e.g. I have a or something like that for this purpose. This won’t applease all users who’ll see through this, but may be enough for some (plus, write a good privacy policy!)

Option 2 comes with the issues you outlined: once the doc is not yours, you cannot limit anything about it. The one and only way to make sure it’s not abused is to make it dependent on a pack that you control.

If that pack is for your own backend (e.g. I have a Doc as API pack in the works that uses my own backend as a proxy) then it’s easy — issue access tokens to your backend, make people install the pack with those tokens — anyone without the token will have a bricked doc that won’t work.

If the pack is for Coda API, you can try querying the doc info and checking whether the doc is created from your origin doc, or some other doc (GET /docs/docID and check the ). If it’s yours then let all the methods work; if it’s not then throw errors.

If the pack is for something you don’t control at all — three options, depending on how many customers you expect:

  • You can make the pack private and only share it with customers who purchased the template. This way if someone gets an illegal copy of the doc, they won’t be able to access that pack. This only works as long as you can manually share the pack with people, and this can’t be automated yet. Additionally, when you share a pack like this, you give these people the right to install it on any workspace they’re in — so they can, in fact, redistribute illegal doc copies as long as they stay owners of those further copies.

  • You can collect (if you by any chance can obtain) Doc IDs of the docs that your clients copied for themselves, and hardcode them in the pack’s code. Then on each invocation, check context.invocationLocation.docId for which doc this pack action or sync was triggered from, and compare to the whitelist of docs. That said, context.invocationLocation.docId is a deprecated property and one day it will be gone.

  • Or you can just make it paid. This won’t stop people from copying the doc, but those who get the copies will have to pay a subscription for the pack.

If your doc doesn’t require a pack, then you can deliberately make it require one :wink: Just move some of the most critical calculations to the pack instead of formulas, and use one of the methods above. Some people will be able to rebuild it but not many — and those who could would either a) appreciate your effort and pay for it, or b) just build that doc themselves in the first place.

Scott’s solution works as the last resort because if it’s not an essential pack (i.e. just a purchase validation checker) the user will just go and remove it everywhere before reselling the doc, plus it probably slows down the formulas it’s used in.

There are also further shadowy ways, e.g. including some analytics pixel somewhere in the doc that will report back the doc ID it’s used in. It’s against the Terms of Service though.

Finally, you can just trust people.

1 Like

Hey Paul! Thanks a lot for your reply. I’ll take a look into your suggestions.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.