Certifications
SOC 2 Type II Certified
Groopit is SOC 2 Type II certified, the industry standard certification for data security practices. Our certificate from an independent auditor is available upon request. Groopit is also continuously monitored by Drata, the industry leader in automated security compliance monitoring.Â
Security
Data Security
Groopit encrypts data at rest and in transit for all of our customers. All data is stored in Microsoft data centers. We use the security features and leading tools from Microsoft Azure to manage security and access controls, in line with industry best practices.
Cloud Security
Groopit operates entirely within Microsoft Azure virtual private cloud, and no user data leaves this virtual private cloud.
Artificial Intelligence (AI)
Groopit’s approach to AI is grounded in privacy, security, and control. Customer data is never used to train AI models; data from one company is never comingled or stored with another company’s data; the AI models conform to Groopit’s data, privacy and security policies under Microsoft Azure; and Groopit administrators control the data that AI analyzes.
Monetization Practices
Groopit does not sell user data to advertisers or to generate revenue from advertising. We believe that users own their data and it is not Groopit’s right to sell it.
Identity & Permissions
Single Sign-on (SSO)
For enhanced security and streamlined sign-in experience, Groopit also provides Single Sign-On (SSO) capabilities for enterprises. This requires an organization to onboard their identity provider with Groopit, after which all email accounts from their domain will be directed to sign in with the organization’s identity provider rather than requiring a separate Groopit password. Groopit supports the OpenID Connect standard as well as enhanced integration with Azure Active Directory and Okta.
Built-in Authentication
Groopit supports a standard email/password authentication system. A minimum password complexity is enforced (at least six characters, one number and one uppercase letter) and all passwords are stored salted, hashed, and encrypted using industry standard best practices. Before sharing in any group, a user must verify their email address by clicking on a link that is sent to that address when they sign up.
Compliance
HIPAA Capabilities
Groopit can provide HIPAA enabled accounts, allowing organizations to collect data according to their HIPAA requirements and policies If you are a healthcare provider, researcher, or similar organization, Groopit can be configured to enable HIPAA compliance, including electronically protected health information (e-PHI).
PCI Compliance
All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant network.
Policy Transparency
Groopit’s security and access control policies are available upon request.
For more information, please review our Privacy Policy.
For privacy or security-related questions or issues, please contact us at security@groopit.co.
Frequently Asked Questions
Does Groopit encrypt all traffic in-transit to/from their solution?
Yes, all traffic to/from Groopit is encrypted with HTTPS.
Does Groopit have SSO capabilities?
Yes, Groopit supports SSO for AzureAD, Okta, OneLogin and other OIDC providers. Contact hello@groopit.co for more information on SSO support.
Does Groopit allow for RBAC-based user permissions?
No, Groopit does not allow for RBAC-based users permissions.
Does Groopit allow for auditing and collecting of access logs?
No, Groopit does not allow for auditing and collection of access logs.
Does Groopit encrypt data while stored at-rest?
Yes, Groopit encrypts all customer data while stored at-rest.
Does Groopit provide a method of contacting for security questions or concerns post-sale?
Yes, customers can email security@groopit.co for security questions or concerns post-sale.Â
