Product 
Overview
Accept and review applications, communicate with applicants, and create reports – all in one place.
Simplify manual work
Drag-and-drop to create forms and automatically organize submissions.
Review collaboratively
Create custom, collaborative multi-round review workflows.
Report on impact
Craft reports on your program’s progress and impact.
Government
Manage grant, relief fund, and application-based programs of all sizes in a single secure platform.
Prevent fraud
Implement powerful authentication and identity verification tools.
Disburse relief funds
Track, manage, and disburse relief funds accurately and quickly.
Eliminate tedious work
Automate the review process to save hundreds of hours of work.
Foundations
Launch, manage, and measure your program from one grant management system to fulfill your mission.
Track funds
Trigger payments and report on your budget in one view.
Enact your mission
Launch your program in a matter of days, not weeks.
Measure your impact
Create and automate reports on your grant program’s progress and impact.
Corporations
Create and manage programs for volunteering, grantmaking, giving, and more in one platform.
Centralize your social impact
Run all your corporate social responsibility programs in one place.
Drive engagement in volunteer programs
Foster meaningful employee experiences that attract and retain talent.
Empower employees to give
Create donation programs with employee input and buy-in.
Solutions
Resources
Designed and built with security and privacy in mind
Submittable is proud to exceed industry standards when it comes to protecting the security and privacy of your organization’s data.
Compliance certifications and security features
Our team is committed to building a platform that helps you collect submissions and applications easily without compromising privacy or security. Your work, and your applicant’s data, is safe with us.
SOC 2 Type 2
System and Organization Controls (SOC) Reports
Submittable completes a third party SOC 2 Type 2 compliance audit every year. These reports demonstrate that our systems are set up to assure the security of customer data, and show how we operate those controls over an extended audit period.
Single Sign-On
Submittable supports Single Sign-on (SSO) with SAML. This allows you to authenticate users in your own systems without requiring them to enter additional login credentials.
HIPAA
Health Insurance Portability and Accountability Act
Submittable completes a third party audit every year to assure that we are HIPAA compliant. As part of our privacy controls, all employees undergo yearly HIPAA training.
GDPR
The General Data Protection Regulation
Submittable has implemented tools and processes to ensure our compliance with the latest requirements under the GDPR and to help our customers comply as well.
FERPA
Family Educational Rights and Privacy Act
Submittable complies with FERPA to protect the privacy of student education records.
PCI
Payment Card Industry Data Security Standard
Submittable does not directly store or process credit card data. Instead, we rely on Stripe to provide the industry’s best and most secure credit card processing. Stripe is certified to PCI Service Provider Level 1 standards. Our PCI SAQ document is available upon request.
Permissions
We enable multiple different permission levels to be set for your team. Permissions can be set to include or exclude information like platform settings, billing, and user data.
Frequently asked questions
In addition to the certification and security features listed above, here are some of the most common security-related questions we get asked.
Where is my data hosted?
Submittable stores data in the Amazon Web Services US East (N. Virginia) region. We use multiple availability zones within this region to ensure durability.
How is data protected or backed up?
Data is stored using Amazon RDS and is encrypted at rest using AES-256. RDS provides automated backups which are retained for 35 days to enable point-in-time restored for the last month. We regularly test these backups manually in addition to the automated verification provided by AWS RDS. File attachments are stored in Amazon S3 which is designed for high durability.
What is your product uptime?
We have an uptime of 99.0% or higher.
Are your employees trained on security?
Yes, all employees complete security awareness and HIPAA best practices training on an annual basis.
How are you prepared for phishing schemes or other attacks?
Our developers have established a baseline for normal system activity to assist in identifying suspicious activity. This means Submittable is prepared for known attacks, like phishing schemes, but also for new unknown threats. Alerts and intrusion detection tools let our team know if unauthorized access does occur, so that response and corrective action can occur quickly. Audit trails lead to the root cause of an attack quickly so we can make quick and informed decisions about how to respond.
Want to learn more about security?
If you have additional questions regarding security or requests for specific compliance documents, we are happy to answer them.
