Security at Fillout
This page describes the administrative, technical and physical safeguards in place at Fillout.
Fillout is specifically designed for intaking data securely. We follow industry best practices to keep your responses secure and let you backup responses to third-party services and databases.
If you have additional questions regarding security, please contact security@fillout.com and we will respond as soon as possible.
Security features
In addition to following industry best practices, Fillout offers a number of security-focused features as additional safeguards.
- Fillout offers an option to only store form responses in external databases, like Airtable, Notion, SmartSuite and others, instead of storing data in Fillout.
- Fillout offers the option to encrypt response data with your own public/private key pair.
- Fillout offers managed, dedicated instances to host your account in most geo-locations, using Amazon Web Services (AWS), Google Cloud and Microsoft Azure.
- Fillout offers an optional self-hostable agent to prevent customer form responses from passing through or being stored on Fillout servers.
- Fillout supports SSO providers, like Okta, Active Directory, or other SAML providers.
Data we collect and store
See our privacy policy.
Infrastructure and network security
Security is a non-negotiable priority at Fillout. We take the following measures to keep your data and account secure.
Hosting
Fillout is hosted on the Google Cloud Platform (GCP, via Render.com) and our GCP/Render servers are located in the United States and in the European Union (EU). EU servers are only used if requested by the customer. GCP data centers have state-of-the-art physical access controls, logical access controls, and frequent third-party independent audits. Google has published a detailed security whitepaper outlining these measures.
Fillout employees have as-needed access to infrastructure on Render. All employees have dedicated user accounts and access infrastructure via two-factor authentication.
Encryption
All
data in transit is encrypted over HTTPS/TLS between you and Fillout's servers. All data is encrypted at rest and replicated for durability. We offer an optional feature to encrypt submission data with your own public/private key.Application security
Two-factor authentication and single sign-on
Fillout supports G Suite SSO, allowing customers to enforce that users sign in using customer-managed identity providers. Two-factor authentication for application login can be enforced at the identity provider level (e.g. by turning it on within G Suite).
Contact us to enable other SSO providers, like Okta, Active Directory, or other SAML providers.
Business continuity and disaster recovery
Business Continuity
Fillout keeps daily and point-in-time encrypted backups of data on render.com. While never expected, in the case of production data loss, we are able to restore customer data from these backups.
Disaster Recovery
In the event of a region-wide outage, Fillout will bring up a duplicate environment in a different Google Cloud Platform region. Fillout infrastructure is designed to be portable and restorable under different regions.
How to report vulnerabilities
You can email security@fillout.com with details on any security vulnerabilities you discover. Fillout operates a security bug bounty program. Security researchers around the world continuously test the security of the Fillout services, and report issues via the program.