Security & Compliance

Your data security is our top priority. We implement industry-standard security measures and comply with FERPA, COPPA, and state privacy laws.

Security Measures

SignUpGo employs multiple layers of security to protect your data and ensure the integrity of our platform. We follow industry best practices and continuously improve our security posture.

Encryption

All data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption. Your information is protected from the moment it leaves your device.

Secure Infrastructure

Our infrastructure is hosted on enterprise-grade cloud platforms (MongoDB Atlas, AWS) with redundant systems, regular backups, and 24/7 monitoring.

Access Controls

Role-based access controls ensure users only see data they're authorized to access. All access is logged and monitored for suspicious activity.

Regular Audits

We perform regular security audits, vulnerability assessments, and penetration testing to identify and address potential security issues proactively.

Breach Response

In the event of a security breach, we have an incident response plan. Affected schools will be notified within 72 hours, and we'll assist with required notifications.

Authentication

We use secure authentication methods including password hashing (bcrypt) and support for two-factor authentication (2FA) for admin accounts.

Compliance

SignUpGo is designed to comply with applicable privacy and security laws, including FERPA, COPPA, and state-specific student privacy laws.

FERPA Alignment

While FERPA primarily applies to educational institutions, SignUpGo aligns with FERPA principles:

  • We don't sell or share student data with third parties
  • All data is encrypted and securely stored
  • Schools retain full ownership of their data
  • We'll sign Data Processing Agreements (DPAs) with schools
  • Parents can access, correct, and delete their children's information

COPPA Compliance

SignUpGo complies with the Children's Online Privacy Protection Act (COPPA). Our platform is primarily used by parents, guardians, and school administrators - not directly by children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

State Privacy Laws

We comply with applicable state student privacy laws including:

  • California: SOPIPA (Student Online Personal Information Protection Act)
  • New York: Education Law ยง2-d
  • Colorado: Student Data Transparency and Security Act
  • Other States: We follow the strictest requirements to ensure compliance nationwide

Data Protection Practices

What We Protect

  • Student and family personal information
  • Event registration and attendance data
  • Communication records
  • Payment information (processed securely through Stripe)
  • School branding and configuration data

What We DON'T Collect

  • Student academic records (grades, transcripts)
  • Student behavioral or disciplinary records
  • Individualized Education Programs (IEPs)
  • Health records or medical information
  • Social Security Numbers

Data Storage and Processing

  • Location: All data is stored on US-based servers (MongoDB Atlas, AWS)
  • Backups: Regular automated backups with point-in-time recovery
  • Retention: Data retained only as long as needed, deleted upon account termination
  • Subprocessors: We use trusted service providers under strict data protection agreements

Security Best Practices for Schools

While we handle the technical security, schools can help protect data by:

  • Using strong, unique passwords for admin accounts
  • Enabling two-factor authentication when available
  • Regularly reviewing user access and removing inactive accounts
  • Training staff on data privacy and security
  • Obtaining necessary consents from parents/guardians
  • Not sharing account credentials

Data Processing Agreements

We are happy to sign Data Processing Agreements (DPAs) with schools that outline our security and privacy commitments. Our DPA includes:

  • Clear statement that schools own their data
  • Our commitments regarding data security and privacy
  • Prohibitions on selling or sharing data
  • Breach notification procedures
  • Data deletion procedures
  • Compliance with FERPA, COPPA, and state laws

To request a DPA, contact us at security@signupgo.com.

Questions About Security?

We're here to help. Contact our security team:

Email: security@signupgo.com

We're happy to answer questions, provide security documentation, or work with your IT department on specific security requirements.

Need a security document or questionnaire completed? Email security@signupgo.com and we will respond within one business day.