What access controls does Dataroom support?

Email verification (magic link or one-time code), password gates, domain and IP allow-lists, expiry windows, max-view counts, download disable, screen-share blockers, and on-the-fly revoke. All controls are per-link, per-room, or per-recipient. SOC 2 Type II, GDPR, HIPAA. Customer-managed KMS keys available on Enterprise.

Log inStart free trial

Loading…

Log inStart free trial

Access control

Setthebar.Lettherestin.

Email verification, passwords, domain & IP allow-lists, expiry windows, max-view counts, screen-share blockers, and on-the-fly revoke. Every control is one toggle away — applied per link, per room, per recipient.

Start free trial See security

sendmint.com/share/lk_2j9hf2/settings

Email verificationRequired · magic link

Password gateOff

NDA click-throughMutual NDA v2

Domain allow-list@summit.vc, @northwind.capital

WatermarkRecipient email burned

Forwarding alertsSlack + email

Expiryin 60-days

Disable downloadsView-only

ChatGPT Claude Perplexity Gemini Grok

Email verify Password gate Domain allow-list IP allow-list Expiry windows Revoke on the fly

Capabilities

Everything you'd expect — and what was missing.

Email verification

Recipient confirms ownership via magic link before content unlocks. One-time codes optional for high-stakes shares.

Password gates

Optional password per link. Strength rules enforceable workspace-wide. Reset-on-leak in one click.

Domain & IP allow-lists

Allow @summit.vc, deny everyone else. Office IP-only on the legal vault. Combine to taste.

Expiry & view limits

Auto-expire in 7 days. Cap at 5 views. Revoke at any time without re-sending.

Anti-leak controls

Disable downloads, disable copy, disable right-click, disable screen-share. Watermark every page.

Per-recipient policy

Same room, different access levels per recipient. Lead investor sees everything; analyst sees the public deck.

Built for compliance

What your security team asked you to never share by email.

Court-grade audit trail on every action — view, download, search, sign, revoke. Exportable as CSV or streamed to your SIEM. Optional customer-managed encryption keys.

SOC 2 Type II, GDPR, HIPAA BAA
EU or US data residency at workspace creation
Per-tenant key isolation on Enterprise
Streaming audit log to Splunk / Datadog / Elastic
Customer-managed retention & deletion
Coordinated disclosure program with bounty

Data residencyEU · Frankfurt

Encryption keysCustomer-managed (KMS)

Audit log streamDatadog · Splunk

Retention90 days · custom

SSOOkta SAML · enforced

CoverageSOC 2 · GDPR · HIPAA

“Replaced three different access-control tools. Same controls, one toggle each, audit trail my SOC can actually export.”

BBilal HassanDirector of Security, Foundry

FAQ

Quick answers.

Can recipients still screenshot the doc?

We can't physically stop a camera at someone's screen — but we can disable copy, disable screen-share APIs, watermark every page with the recipient's email, and alert on suspicious activity.

How does revoke work?

Instant. Toggle off and the link 410s on the next request. We also support per-recipient revoke inside a shared room.

Is there an SSO requirement?

Optional — recommended for Enterprise. We support Okta, Azure AD, Google, JumpCloud, and OneLogin via SAML, with SCIM provisioning.

Adjacent

Pieces that snap into this one.

Data rooms Document sharing Electronic signature Analytics Security & compliance Enterprise

Lock down what you share.

60-day trial. SOC 2 from day one. SSO available on Enterprise.

Start free trial See pricing

Loading…

Access control

Setthebar.Lettherestin.

Start free trial See security

sendmint.com/share/lk_2j9hf2/settings

Email verificationRequired · magic link

Password gateOff

NDA click-throughMutual NDA v2

Domain allow-list@summit.vc, @northwind.capital

WatermarkRecipient email burned

Forwarding alertsSlack + email

Expiryin 60-days

Disable downloadsView-only

ChatGPT Claude Perplexity Gemini Grok

Email verify Password gate Domain allow-list IP allow-list Expiry windows Revoke on the fly

Capabilities

Everything you'd expect — and what was missing.

Email verification

Recipient confirms ownership via magic link before content unlocks. One-time codes optional for high-stakes shares.

Password gates

Optional password per link. Strength rules enforceable workspace-wide. Reset-on-leak in one click.

Domain & IP allow-lists

Allow @summit.vc, deny everyone else. Office IP-only on the legal vault. Combine to taste.

Expiry & view limits

Auto-expire in 7 days. Cap at 5 views. Revoke at any time without re-sending.

Anti-leak controls

Disable downloads, disable copy, disable right-click, disable screen-share. Watermark every page.

Per-recipient policy

Same room, different access levels per recipient. Lead investor sees everything; analyst sees the public deck.

Built for compliance

What your security team asked you to never share by email.

Court-grade audit trail on every action — view, download, search, sign, revoke. Exportable as CSV or streamed to your SIEM. Optional customer-managed encryption keys.

SOC 2 Type II, GDPR, HIPAA BAA
EU or US data residency at workspace creation
Per-tenant key isolation on Enterprise
Streaming audit log to Splunk / Datadog / Elastic
Customer-managed retention & deletion
Coordinated disclosure program with bounty

Data residencyEU · Frankfurt

Encryption keysCustomer-managed (KMS)

Audit log streamDatadog · Splunk

Retention90 days · custom

SSOOkta SAML · enforced

CoverageSOC 2 · GDPR · HIPAA

“Replaced three different access-control tools. Same controls, one toggle each, audit trail my SOC can actually export.”

BBilal HassanDirector of Security, Foundry

FAQ

Quick answers.

Can recipients still screenshot the doc?

We can't physically stop a camera at someone's screen — but we can disable copy, disable screen-share APIs, watermark every page with the recipient's email, and alert on suspicious activity.

How does revoke work?

Instant. Toggle off and the link 410s on the next request. We also support per-recipient revoke inside a shared room.

Is there an SSO requirement?

Optional — recommended for Enterprise. We support Okta, Azure AD, Google, JumpCloud, and OneLogin via SAML, with SCIM provisioning.

Adjacent

Pieces that snap into this one.

Data rooms Document sharing Electronic signature Analytics Security & compliance Enterprise

Lock down what you share.

60-day trial. SOC 2 from day one. SSO available on Enterprise.

Start free trial See pricing

Access control — Dataroom · Dataroom

Setthebar.Lettherestin.

Everything you'd expect — and what was missing.

Email verification

Password gates

Domain &amp; IP allow-lists

Expiry &amp; view limits

Anti-leak controls

Per-recipient policy

What your security team asked you to never share by email.

Quick answers.

Pieces that snap into this one.

Lock down what you share.

Setthebar.Lettherestin.

Everything you'd expect — and what was missing.

Email verification

Password gates

Domain &amp; IP allow-lists

Expiry &amp; view limits

Anti-leak controls

Per-recipient policy

What your security team asked you to never share by email.

Quick answers.

Pieces that snap into this one.

Lock down what you share.

Domain & IP allow-lists

Expiry & view limits

Domain & IP allow-lists

Expiry & view limits