close menu

Pricing

Designed and built with security in mind

We take security seriously, and we are proud to exceed the industry standard when it comes to protecting your organization.

Compliance certifications and security features

Our team is committed to building a platform that helps you collect submissions and applications easily without compromising privacy or security. Your work is safe with us.

SOC 2 Type 1logo

SOC 2 Type 1

System and Organization Controls (SOC) Reports

Submittable has completed a SOC 2 Type 1 assessment for the common criteria and security trust services principles. Our report is available upon request.

Learn More

Single Sign-Onlogo

Single Sign-On

Submittable supports Single Sign-on (SSO) with SAML. This allows you to authenticate users in your own systems without requiring them to enter additional login credentials.

Learn More

HIPAAlogo

HIPAA

Health Insurance Portability and Accountability Act

Submittable has undergone an audit to assure we meet HIPAA compliance standards. All employees undergo yearly HIPAA training.

Learn More

GDPRlogo

GDPR

The General Data Protection Regulation

Submittable has introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.

Learn more

FERPAlogo

FERPA

Family Educational Rights and Privacy Act

Submittable complies with FERPA to protect the privacy of student education records.

PCIlogo

PCI

Payment Card Industry Data Security Standard

Submittable does not directly store or process credit card data. We rely on Stripe to provide the industry’s best and most secure credit card processing. Stripe is certified to PCI Service Provider Level 1 standards. Our PCI SAQ document is available upon request.

Permissionslogo

Permissions

We enable multiple different permission levels to be set for your team. Permissions can be set to include or exclude information like platform settings, billing, and user data.

Frequently asked questions

In addition to the certification and security features listed above, here are some of the most common security-related questions we get asked.

Where physically is the data hosted?

chevron

Submittable stores data in the Amazon Web Services US East (N. Virginia) region. We use multiple availability zones within this region to ensure durability.

How is data protected or backed up?

chevron

Data is stored using Amazon RDS. RDS provides automated backups which are retained for 35 days to enable point-in-time restores for the last month. We regularly test these backups manually in addition to the automated verification provided by AWS RDS. File attachments are stored in Amazon S3 which is designed for high durability.

What is your product uptime?

chevron

We have uptime of 99.9% or higher.

Are your employees trained on security?

chevron

Yes, all employees complete information security and HIPAA training on an annual basis.

How are you prepared for phishing schemes or other attacks?

chevron

Our developers have established a baseline for normal system activity to assist in identifying suspicious activity. This means Submittable is prepared for known attacks, like phishing schemes, but also for new, unknown threats. Alerts and intrusion detection tools let our team know if unauthorized access does occur, so that response and corrective action can occur quickly. Audit trails lead to the root cause of an attack quickly so we can make quick and informed decisions about how to respond.

Want to learn more about security?

If you have additional questions regarding security or requests for specific compliance documents, we are happy to answer them.

Contact Us About Security