Quick Setup Checklist
Use this checklist to confirm your security posture and the approved ways data moves in and out of RapidPro.
- Confirm hosting and encryption expectations (AWS, at-rest encryption, encrypted access).
- Decide whether Contact Information Anonymization is required (permanent).
- Validate your data transfer method (Imports, Channels, Webhooks, API).
- Review common constraints (US-only hosting, anonymization can’t be undone).
RapidPro is hosted on Amazon Web Services (AWS). Key security measures include:
- All data is stored exclusively in the United States
- Servers are protected by firewalls
- All server access occurs via encrypted channels
- Encryption standards are FIPS-140-2 compliant
- All data is encrypted at rest
Some use cases require contact data to be handled with extra care. RapidPro supports Contact Information Anonymization, which permanently removes identifying details.
What anonymization does
- Contact names are replaced with random codes
- Contact addresses are removed (phone numbers, Facebook IDs, Telegram IDs)
- UUIDs, groups, language preferences, and custom fields remain available
- All exports (contacts, flows, messages) are anonymized
- New contacts are anonymized automatically
Note: None is displayed for empty custom contact fields.
Important considerations
- Anonymization is permanent (cannot be undone)
- It applies only to the workspace where it is enabled
- Parent or child accounts are not affected
- The feature must be enabled by support
To enable anonymization, contact support via the widget in the bottom-right corner of your browser.
Data can move into or out of RapidPro in four approved ways:
1) Contact imports
- Upload spreadsheets containing names, phone numbers, and custom fields
- Used for bulk onboarding or updates
2) Messaging channels
- Contacts interact via connected channels (SMS, WhatsApp, Facebook, etc.)
- Messages sent and received are securely stored
3) Webhooks
- Fetch data from external systems during a flow
- Send flow-collected data to external systems
- Data is exchanged securely as structured payloads
4) API access
- Programmatic integration with your systems
- Common use cases: creating/updating contacts, starting flows, sending messages
- Enables two-way data synchronization
- Enable anonymization only after validating reporting and operational needs
- Export any required identifiers before enabling anonymization
- Use Webhooks or the API for controlled external data access
- Limit custom fields to only what is operationally necessary
Common Issues & Fixes
I need data stored outside the United States
Explanation: All RapidPro data is currently hosted in the United States.
Next step: Contact support to discuss regulatory or compliance requirements.
I anonymized contacts and need phone numbers back
Explanation: Anonymization is irreversible.
Fix: There is no recovery option once anonymization is enabled.
I don’t see anonymization settings
Cause: Anonymization is enabled only by support.
Fix: Contact support via the in-app widget to request activation.