Privacy and Security

Keep data private and secure with Groopit

Privacy and security are of the utmost importance at Groopit.  This is reflected in the privacy controls, technical implementation, HIPAA capabilities, and monetiziation practices. 

Groopit privacy controls

Groopit organizer controls make it easy to hide confidential or sensitive data.  Organizers control what data members see and what they do not see through the set-up of real-time data collection forms. Simply mark data as hidden so that confidential or sensitive information is only visible to the contributor and the organizer. 

Groopit technical implementation

Groopit technical implementation follows privacy and security best practices. For example, Groopit encrypts data at rest and data in transit for all of our customers using industry standard encryption. Groopit is built on Microsoft’s Azure platform, all data is stored in Microsoft data centers, uses Microsoft’s security features and abides by Microsoft standards.  We value Microsoft’s commitment to security and building Groopit on their platform reflects our commitment as well.

  • Built on Microsoft Azure
  • Operating in Microsoft data centers
  • Using Microsoft security features
  • Abiding by Microsoft security standards
  • Encrypting data at rest and in transit

SOC 2 compliance

Groopit has undergone a Service Organization Controls audit (SOC 2 type 1). Please contact to request Groopit’s most recent report.

Groopit HIPAA capabilities

Groopit HIPAA capabilities allow organizations to collect data according to their HIPAA requirements and internal policies with a HIPAA enabled Groopit account.  If you are a healthcare provider, researcher, or similar organization, Groopit can be configured to enable HIPAA compliance, including electronically protected health information (e-PHI). Learn more about Groopit and HIPAA here.

Groopit monetiziation practice

Groopit monetization practice does not sell user data.  For example, Groopit does not sell user data to advertisers or to generate revenue from advertising. We believe that users own their data and it is not Groopit’s right to sell it. Instead, Groopit is a subscription service and is not monetized through advertising so your user data is not sold to advertisers.

All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant network.

For more information, please review our Privacy Policy.

For privacy or security-related questions or issues, please contact us at

Frequently Asked Questions

Does Groopit encrypt all traffic in-transit to/from their solution?

Yes, all traffic to/from Groopit is encrypted with HTTPS.

Does Groopit have SSO capabilities?

Yes, Groopit supports SSO for AzureAD, Okta, OneLogin and other OIDC providers. Contact for more information on SSO support.

Does Groopit allow for RBAC-based user permissions?

No, Groopit does not allow for RBAC-based users permissions.

Does Groopit allow for auditing and collecting of access logs?

No, Groopit does not allow for auditing and collection of access logs.

Does Groopit encrypt data while stored at-rest?

Yes, Groopit encrypts all customer data while stored at-rest.

Does Groopit provide a method of contacting for security questions or concerns post-sale?

Yes, customers can email for security questions or concerns post-sale.