Help Center
Help Center

🔒 Security and access control

Suggest Edits

Time to complete: 20-45 minutes
Prerequisites: You've designed your Trust Center in Design and setup and know what content needs protection

Not all your security documentation should be public. Pen test results, detailed architecture diagrams, customer lists—this is sensitive stuff that needs legal protection before you share it.

This section covers how to control access to your Trust Center: NDAs (legal agreements before viewing content) and access groups (showing different content to different customer types).

Do this before you start sharing your Trust Center. It's much easier to set up access rules now than to revoke access later.

What's in this section

Non-Disclosure Agreements

NDAs let you share sensitive content while protecting yourself legally. You can require NDAs for everything, just for specific documents, or skip them entirely if your content is already public.

Inside the NDA section:

  • Setting up clickwrap NDAs
  • Using DocuSign for formal NDA workflows
  • Configuring global NDA requirements
  • Managing document-specific NDAs
  • Viewing and tracking signed agreements

Access Groups

Show different content to different customer types. Enterprise customers might see everything, while prospects only see basic information.

Common use cases:

  • Different content for prospects vs. customers
  • Tiered access based on deal size or customer tier
  • Partner-specific documentation separate from customer docs
  • Regional content variations

Common questions

What happens if I skip this section?
All your Trust Center content will be treated the same - either all public or all gated behind a basic access request. No NDAs, no tiered access - and for some companies, that's fine!

Can I change this after going live?
Yes, but it's easier to set up access rules before you share with customers. Revoking access or adding NDAs after the fact creates friction.

Do I need a lawyer to set this up?
For clickwrap NDAs, probably not - they're standard though you will want to make sure that the messaging is verified by your organization or legal team. For DocuSign or custom agreements and customer negotiations, check with your legal team to make sure the language is right.

What's the difference between NDAs and access groups?
NDAs = legal protection (they have to sign an agreement before viewing).
Access groups = content visibility (Customer A sees pages 1-10, Customer B sees pages 1-5).
You can use one, both, or neither.

What if a customer refuses to sign our NDA?
You can either negotiate a mutual NDA, use their NDA instead (if acceptable to your legal team), or decline to share that content. See Redlining DocuSign NDAs for handling negotiations in Conveyor.

What's next?

  • Decide your protection strategy: Start by reviewing what content should be public vs. gated. Think about what requires legal agreements (NDAs) and what might vary by audience.
  • Set up NDAs first: Configure Non-disclosure agreements to legally protect sensitive content before sharing it externally.
  • Layer on access groups: Use Access groups to tailor visibility for different customer types if required.
  • Test end-to-end: Once rules are in place, test your Trust Center experience to make sure the right people see the right content, under the right terms.
  • Refine over time: If you're unsure where to draw the lines at first, start with a simple structure — you can always add more granularity later.

Need help? If something isn’t working as expected, start with our Troubleshooting Guide. Still stuck? Email [email protected] and we’ll take a look

Updated 3 days ago