What is Tightknit?

Tightknit is a platform designed to help Slack communities thrive. We provide tools for community engagement, event management, content discovery, and gamification—all while ensuring user data remains secure. Our mission is to help organizations build stronger, safer communities directly within Slack.

What data does Tightknit store?

When users create an account, we collect personal information such as email address, full name, and a profile photo (if provided via Slack authentication). While using the services, authorized users can view community data including Slack messages, events, user interactions, and engagement metrics. Messages may include uploaded content such as text, images, videos, or files shared within Tightknit-powered community spaces.

What are Tightknit’s security features?

Authentication & SSO

Tightknit offers multiple authentication options:
  • OAuth-based authentication via Slack
  • SSO support for Enterprise customers
  • Custom authentication settings for Enterprise organizations requiring specific login requirements

Sharing & Access Controls

Tightknit provides granular role-based access controls (RBAC) to manage permissions within your community. You can:
  • Assign user roles with different levels of access
  • Restrict content visibility based on permissions
  • Limit external access through domain allow-listing

Embedding

Tightknit protects your site from unauthorized internal embeds by forcing restricted frame sources to strictly the navigation URLs admins provide.

Compliance & Certifications

Security, reliability, privacy, and compliance is at the heart of everything we do at Tightknit. Ensuring the safety and privacy of your data is baked into everyday processes throughout our organization.

SOC 2

Tightknit undergoes annual SOC 2 audits to ensure security, availability, and confidentiality controls meet industry standards. Tightknit has received a SOC 2 report demonstrating that Tightknit has the appropriate controls in place to mitigate the risks related to security, availability and confidentiality. A SOC 2 report is designed to meet the needs of customers who need assurance about the effectiveness of controls of a software vendor, like Tightknit. The report is the outcome of an audit performed by an independent third-party firm certified by the American Institute of CPAs (AICPA). The engagement was performed by Accorp Partners. Tightknit was assessed against the AICPA’s Trust Service Criteria of:
  • Security (also known as Common Criteria)
  • Availability
  • Confidentiality
Tightknit is committed to carrying out an annual SOC 2 audit.

Penetration Testing

The testing follows a consistent and structured approach, and represents a point in time assessment of the nature and extent of potential or existing exposures that may lead to a compromise of the environment. Testing is based on best practice methodologies, such as the Open Web Application Security Project (OWASP) guides and CWE/SANS Top 25 Most Dangerous Software Errors, in combination with other in-house developed processes and methodologies. Tightknit has engaged Riversys Technologies Pvt Ltd cybersecurity consultants to perform web application penetration testing on an ongoing basis.

PCI DSS Compliance

All payments made to Tightknit are securely processed via Stripe. Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.

Where does Tightknit store data?

Tightknit is powered by Cloudflare and Supabase, ensuring high availability and performance. Our primary data storage locations include:
  • United States (Supabase infrastructure)
  • Additional regional support available for Enterprise customers
While workspace data is stored within these regions, some operational data (e.g., logs, analytics, and billing information) may be processed in the United States.

Will my data be secure if I use Tightknit’s AI features?

We understand messaging data can contain a lot of personal information or commercially sensitive information, and participants trust you to keep it safe. That’s why we are committed to keeping this data secure and confidential. We employ a number of technical and organizational measures to protect your data when you use Tightknit, and your use of our AI features is no exception. For example, we limit the number of sub-processors we use, and many of our AI features are powered by tailored AI infrastructure on top of Cloudflare.

Do you fill out security assessments?

We understand that many organizations have vendor risk management processes in place, and we want to be transparent in how we operate, secure, and manage our services at Tightknit. This is why we have published detailed information on topics such as product security features, infrastructure and network security, data security and privacy, business continuity and disaster recovery, corporate security, compliance, and more. We have provided this information to assist organizations in conducting their own due diligence on the security and operation of the Tightknit service, without delay or the need for your teams to work through our lengthy questionnaire responses.

Custom questionnaires

If your organization has non-standard, bespoke requirements or custom questionnaires that you want us to complete, please note that we only offer this service for those purchasing an Enterprise workspace. Please contact [email protected] if you would like to learn more.