GrantalystLegal

Security

Last updated: May 19, 2026

Grantalyst is built with security at its core. We understand that your grant data and organization information are sensitive, and we take every measure to protect them.

Infrastructure

  • Cloud hosting: Our infrastructure runs on SOC 2 Type II certified providers with geographically redundant data centers.
  • Encryption in transit: All data transmitted between your browser and our servers is protected with TLS 1.3.
  • Encryption at rest: Database volumes and backups are encrypted using AES-256.

Authentication & Access

  • Supabase Auth: Enterprise-grade authentication with support for SSO (SAML 2.0 / OIDC) on Growth and Enterprise plans.
  • Multi-factor authentication (MFA): Available for all user accounts.
  • Role-based access control (RBAC): Organization admins control who can view, edit, or manage pipeline data.
  • Row-level security (RLS): Database policies enforce that users can only access data within their own organization tenant.

AI & Data Handling

  • No training on your data: We do not use your grant strategies, application drafts, or proprietary data to train third-party AI models.
  • Prompt isolation: AI provider interactions are scoped to your session and are not shared across organizations.
  • BYOM (Bring Your Own Model): Enterprise customers may configure their own AI provider credentials for complete control over data routing.

Compliance

  • SOC 2 Type II: In progress; targeted completion Q3 2026.
  • GDPR: We provide data processing agreements (DPAs) and support data subject requests for EU customers.
  • CCPA: California residents may request disclosure or deletion of personal information.

Incident Response

We maintain a 24/7 incident response plan with defined escalation paths. In the event of a security breach affecting your data, we will notify affected customers within 72 hours as required by applicable law.

Vulnerability Disclosure

We welcome responsible security research. If you believe you have discovered a vulnerability, please report it to security@grantalyst.com. We commit to acknowledging reports within 48 hours and resolving validated issues promptly.

Contact

For security inquiries or to request our latest SOC 2 report, contact security@grantalyst.com.