Privacy and Security

Groopit takes data security very seriously. We use industry-leading practices to keep your data safe.

SOC 2 Type II Certified

Groopit is SOC 2 Type II certified, the industry standard certification for data security practices. Our certificate from an independent auditor is available upon request. Groopit is also continuously monitored by Drata, the industry leader in automated security compliance monitoring. 

Data Security

Groopit encrypts data at rest and in transit for all of our customers. All data is stored in Microsoft data centers. We use the security features and leading tools from Microsoft Azure to manage security and access controls, in line with industry best practices.

Cloud Security

Groopit operates entirely within Microsoft Azure virtual private cloud, and no user data leaves this virtual private cloud.

Policy Transparency

Groopit’s security and access control policies are available upon request.

Artificial Intelligence (AI) 

Groopit’s approach to AI is grounded in privacy, security, and control. Customer data is never used for to train AI models; data from one company is never comingled or stored with another company’s data; the AI models conform to Groopit’s data, privacy and security policies under Microsoft Azure; and Groopit administrators control the data that AI analyzes.

HIPAA Capabilities

Groopit can provide HIPAA enabled accounts, allowing organizations to collect data according to their HIPAA requirements and policies  If you are a healthcare provider, researcher, or similar organization, Groopit can be configured to enable HIPAA compliance, including electronically protected health information (e-PHI). 

Monetization Practices

Groopit does not sell user data to advertisers or to generate revenue from advertising. We believe that users own their data and it is not Groopit’s right to sell it. 

PCI Compliance

All credit card transactions are processed using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-Compliant network.

For more information, please review our Privacy Policy.

For privacy or security-related questions or issues, please contact us at

Frequently Asked Questions

Does Groopit encrypt all traffic in-transit to/from their solution?

Yes, all traffic to/from Groopit is encrypted with HTTPS.

Does Groopit have SSO capabilities?

Yes, Groopit supports SSO for AzureAD, Okta, OneLogin and other OIDC providers. Contact for more information on SSO support.

Does Groopit allow for RBAC-based user permissions?

No, Groopit does not allow for RBAC-based users permissions.

Does Groopit allow for auditing and collecting of access logs?

No, Groopit does not allow for auditing and collection of access logs.

Does Groopit encrypt data while stored at-rest?

Yes, Groopit encrypts all customer data while stored at-rest.

Does Groopit provide a method of contacting for security questions or concerns post-sale?

Yes, customers can email for security questions or concerns post-sale.