Security at Fillout
This page describes the administrative, technical and physical safeguards in place at Fillout.
Fillout is specifically designed for intaking data securely. We follow industry best practices to keep your responses secure and let you backup responses to third-party services and databases.
If you have additional questions regarding security, please contact email@example.com and we will respond as soon as possible.
In addition to following industry best practices, Fillout offers a number of security-focused features as additional safeguards.
- Fillout offers an option to only store form responses in external databases, like Airtable, Notion, SmartSuite and others, instead of storing data in Fillout.
- Fillout offers the option to encrypt response data with your own public/private key pair.
- Fillout offers managed, dedicated instances to host your account in most geo-locations, using Amazon Web Services (AWS), Google Cloud and Microsoft Azure.
- Fillout offers an optional self-hostable agent to prevent customer form responses from passing through or being stored on Fillout servers.
- Fillout supports SSO providers, like Okta, Active Directory, or other SAML providers.
Security is a non-negotiable priority at Fillout. We take the following measures to keep your data and account secure.
Fillout is hosted on the Google Cloud Platform (GCP, via Render.com) and our GCP/Render servers are located in the United States and in the European Union (EU). EU servers are only used if requested by the customer. GCP data centers have state-of-the-art physical access controls, logical access controls, and frequent third-party independent audits. Google has published a detailed security whitepaper outlining these measures.
Fillout employees have as-needed access to infrastructure on Render. All employees have dedicated user accounts and access infrastructure via two-factor authentication.
data in transit is encryptedover HTTPS/TLS between you and Fillout's servers. All data is
encrypted at restand replicated for durability. We offer an optional feature to encrypt submission data with your own public/private key.
Fillout supports G Suite SSO, allowing customers to enforce that users sign in using customer-managed identity providers. Two-factor authentication for application login can be enforced at the identity provider level (e.g. by turning it on within G Suite).
Contact us to enable other SSO providers, like Okta, Active Directory, or other SAML providers.
Fillout keeps daily and point-in-time encrypted backups of data on render.com. While never expected, in the case of production data loss, we are able to restore customer data from these backups.
In the event of a region-wide outage, Fillout will bring up a duplicate environment in a different Google Cloud Platform region. Fillout infrastructure is designed to be portable and restorable under different regions.
You can email firstname.lastname@example.org with details on any security vulnerabilities you discover. Fillout operates a security bug bounty program. Security researchers around the world continuously test the security of the Fillout services, and report issues via the program.