Collabora Online provides comprehensive security controls, data sovereignty, and compliance features designed for the most demanding enterprise environments. Host on-premises, in a local cloud, or as a hybrid model, maintain full data control, and ensure regulatory compliance with our open-source collaborative office suite.
Unlike other cloud-based solutions, Collabora Online prevents your documents from leavingr your infrastructure. Deploy on-premises to maintain complete control over sensitive data and meet the strictest compliance requirements. Documents are processed in memory only, in a per-task silo and automatically cleaned up when sessions end.
Collabora takes security extremely seriously from design and architecture through our development process to implementation and support. We provide a flexible and powerful set of configuration options to allow systems to be locked-down and deployed safely on-premise. We provide timely updates to our customers to keep their deployments secure.
Please subscribe to our low-traffic security newsletter, if you would like to receive security related announcements with regards to Collabora Office and Collabora Online.
Collabora Productivity have achieved ISO 9001 and 27001 certification. This recognises our commitment to providing high-quality products and services while maintaining the highest levels of security and data protection. Our customers can trust that we adhere to the strictest standards in quality and information security.
We participate in LibreOffice’s security process, however customers can also file security concerns through Collabora’s normal support channels.
Collabora Online provides multiple layers of security protection, from document-level encryption to infrastructure-level isolation and fine-grained user controls. Additionally – unlike other document editors, our access control features are performed server-side, in compliance with OWASP best-practice regulations.
Get in touch for a quote, ask a question or sign up to the newsletter so you don’t miss out on all the latest news.
Discover compelling success stories, innovative new business ventures and how Collabora Online can maximise your return on investments.
Empower your users with powerful document editing capabilities, easily integrated into your existing platform.
Collabora Online Development Edition can be set up On-Premise via virtual appliance, Docker, Linux package, etc.
A: No, Collabora Online processes documents in memory only during active editing sessions. Documents are automatically cleaned from memory when sessions end, ensuring no persistent data storage on Collabora Online servers.
A: Each document runs in its own isolated Kit process within a chroot jail with a randomly generated directory name. Processes run as the non-privileged ‘cool’ user with dropped capabilities and optional security filtering for system calls.
A: Collabora Online provides an admin console for real-time session monitoring, Prometheus-compatible metrics, and a WebSocket protocol for programmatic integration with monitoring systems. Server audit features can be enabled or disabled as needed.
A: Authentication is handled through the WOPI protocol integration. Your application generates access tokens that are verified by your WOPI host. Collabora Online also supports Bearer token headers for OAuth compatibility.
A: Yes, Collabora Online supports configurable SSL settings including custom cipher lists, SSL termination mode for reverse proxies, and can run in HTTP-only mode for testing (not recommended for production).
A: Collabora Online uses NSS (Mozilla’s Network Security Services) for digital signature validation. You can import custom trusted root CAs and configure certificate databases for signature verification.
SSL/TLS encryption with configurable cipher lists for transit. Document data stays on your infrastructure – no cloud storage. Supports integration with end-to-end encryption solutions such as Proton Drive’s E2E encryption.
Use WOPI proof signatures. Generate keypairs with coolconfig generate-proof-key, then verify X-WOPI-Proof headers using the public key from discovery XML to authenticate requests.
Implement proper access token validation in CheckFileInfo, use HTTPS-only, configure allowed WOPI hosts in coolwsd.xml, set short token TTL, and validate user permissions before serving documents.
Supports GDPR compliance through on-premise deployment, data sovereignty controls, and privacy-first architecture. No built-in certifications, but architecture enables SOC2, ISO27001 compliance when properly deployed.
Get in touch for a quote, ask a question or sign up to the newsletter so you don’t miss out on all the latest news.
Collabora Productivity Ltd © 2025 All Rights Reserved.
