Security
Details on Fillout's security practices.
Fillout is specifically designed for intaking customer data securely. We follow industry best practices to keep your responses secure and let you backup responses to third-party services and databases. We also offer an optional self-hostable agent to prevent customer form responses from ever passing through or being stored on Fillout servers.
Data we collect and store
See our privacy policy.
Infrastructure and network security
Security is a top priority for us and we take the following measures to keep your data and account secure.
Hosting
Fillout is hosted on Google Cloud Platform (GCP, via render.com) and our GCP/render.com servers are located in the United States and the European Union (EU). EU servers are only used if requested by the customer. GCP data centers have state-of-the-art physical access controls, logical access controls, and frequent third-party independent audits. Google has published a detailed security whitepaper outlining these measures.
Fillout.com employees have as-needed access to infrastructure on render.com. All employees have dedicated user accounts and access infrastructure via two-factor authentication.
Encryption
All data in transit is encrypted over HTTPS/TLS between you and Fillout.com's servers. All data is replicated for durability.
Application security
Two-factor authentication and single sign-on
Fillout.com supports G Suite SSO, allowing customers to enforce that users sign in using customer-managed identity providers. Two-factor authentication for application login can be enforced at the identity provider level (e.g. by turning it on within G Suite).
Contact us to enable other SSO providers, like Okta, Active Directory, or other SAML providers.
Business continuity and disaster recovery
Business Continuity
Fillout.com keeps daily and point-in-time encrypted backups of data on render.com. While never expected, in the case of production data loss, we are able to restore customer data from these backups.
Disaster Recovery
In the event of a region-wide outage, Fillout.com will bring up a duplicate environment in a different Google Cloud Platform region. Fillout.com infrastructure is designed to be portable and restorable under different regions.
How to report vulnerabilities
You can email security<@>fillout.com with details on any security vulnerabilities you discover.