Security & Compliance
Enterprise-grade security for your signup forms and data protection
Our Security Commitment
Grasshopper Signup is built with security as a foundational principle, not an afterthought. We implement industry-leading security practices to protect your data and ensure your forms are safe from threats.
AWS Infrastructure
Hosted on Amazon Web Services with enterprise-grade security and 99.9% uptime
Data Encryption
All data encrypted in transit (TLS/SSL) and at rest using AWS encryption standards
Secure Authentication
Passwordless magic links and OAuth integration eliminate password vulnerabilities
Regular Audits
Continuous security monitoring and automated vulnerability scanning
Security & Compliance FAQ
Yes, Grasshopper Signup implements industry-standard security measures to protect sensitive information:
- AWS Infrastructure: Built on Amazon Web Services with enterprise-grade security
- Encryption: All data encrypted in transit (HTTPS/TLS) and at rest
- Secure Storage: Database hosted on AWS with automatic backups
- Access Controls: Role-based permissions and authentication requirements
- Security Monitoring: 24/7 automated monitoring and threat detection
While we implement robust security measures, we recommend not collecting highly sensitive data like social security numbers or credit card information through any online form builder.
We protect user data through multiple security layers:
- Encryption: HTTPS/TLS for all data transmission, encryption at rest for stored data
- Secure Databases: AWS with built-in security and redundancy
- Access Logging: All access attempts logged with IP addresses for security monitoring
- No Data Selling: We never sell or share user data with third parties
- Privacy Controls: Users control form sharing, response visibility, and data deletion
- Regular Updates: Continuous security patches and updates
We implement privacy-focused practices for all user data:
- Data Minimization: We only collect data necessary for form functionality
- User Control: Form creators can delete their forms and all associated data at any time
- Transparency: Clear privacy policy explaining what data we collect and how it's used
- Purpose Limitation: Data is used only for providing form services
- Data Deletion: Users can delete their forms which permanently removes all data
- Data Export: Export responses in CSV format for your records
For data deletion requests or privacy questions, please contact our support team.
We offer multiple secure authentication methods to fit different use cases:
- Magic Link Authentication: Passwordless login via secure email links with 6-digit verification codes
- OAuth Integration: Sign in with Google or Microsoft accounts for enterprise users
- Generated Passwords: Secure, auto-generated passwords for shared team access (e.g., PTA coordinators)
- Session Management: Secure session handling with automatic timeout
- Bcrypt Hashing: All generated passwords are encrypted using industry-standard bcrypt hashing
These methods provide robust security while accommodating both individual users and collaborative teams.
Payment processing is handled through Stripe, a PCI-DSS Level 1 certified payment processor:
- No Card Storage: Grasshopper never stores credit card information
- PCI Compliance: Stripe meets the highest payment security standards
- Encrypted Transactions: All payment data encrypted end-to-end
- Fraud Detection: Advanced fraud prevention by Stripe
- Secure Checkout: Payment forms hosted on Stripe's secure infrastructure
Yes, you have complete control over form access and visibility:
- Private by Default: Only you can access responses unless you share
- Team Sharing: Share with specific team members by email
- Private Response Links: Generate secure links for specific people
- Public Response Option: Enable/disable public response viewing
- Incognito Mode: Hide respondent identities when needed
- Password Protection: Add password protection to forms
Form deletion affects access but preserves respondent control:
- Form Removed: The form itself and settings are permanently deleted
- Creator Access Revoked: You lose access to view responses
- Respondent Control: People who submitted responses can still access and delete their own data via confirmation links
- Team Access Revoked: All shared team member access is automatically removed
- No Recovery: Form deletion cannot be undone
For complete data removal, export your data before deleting the form, and respondents can delete their individual responses through their confirmation emails.
We maintain continuous security monitoring and improvement:
- Automated Scanning: Regular vulnerability scans of our codebase
- Code Reviews: Security-focused code review for all changes
- Dependency Updates: Regular updates to security patches
- Penetration Testing: Periodic security testing of critical systems
- Incident Response: 24/7 monitoring and rapid response protocols
- Security Tools: Automated security tools including Semgrep and others
Multiple layers of protection prevent spam and malicious activity:
- Bot Detection: User agent analysis and behavior patterns
- Honeypot Fields: Hidden form fields to catch automated submissions
- Rate Limiting: Prevent rapid-fire submissions from single sources
- IP Monitoring: Track and block suspicious IP addresses
- Request Verification: Signature validation for form submissions
- Automated Alerts: Slack notifications for suspicious activity
AWS Databases provide enterprise-grade data protection:
- Automatic Backups: Continuous backup of all data
- Multi-AZ Replication: Data replicated across multiple availability zones
- Point-in-Time Recovery: Ability to restore data to any point in time
- 99.99% Durability: AWS guarantees on data durability
- Disaster Recovery: Automated failover and recovery procedures
File uploads undergo rigorous security validation:
- File Type Validation: Whitelist of allowed file extensions
- Content Scanning: Check file headers for malicious signatures
- Size Limits: Enforce maximum file size restrictions
- Filename Sanitization: Remove dangerous characters and patterns
- Secure Storage: Files stored on AWS S3 with access controls
- Virus Scanning: Automated malware detection for uploads
We use industry-standard encryption protocols:
- TLS/SSL: All data transmission encrypted with TLS 1.2 or higher
- HTTPS Everywhere: All pages and API endpoints use HTTPS
- AWS Encryption: Data at rest encrypted using AWS encryption standards
- Secure Cookies: Session cookies encrypted and HTTP-only
- Key Management: Secure key rotation and management practices
Security Certifications & Standards
AWS Infrastructure
Built on Amazon Web Services, SOC 2 compliant infrastructure
Payment Security
PCI-DSS Level 1 compliant payment processing via Stripe
Privacy-First Design
Data minimization and user control over information