You trust us with sensitive documents — tax returns, IDs, financials, and business records. Here’s exactly how we keep them safe, in plain language.
Everything is protected by TLS in transit and encrypted at rest. On top of that, your most sensitive identifiers — like EIN, tax, and bank numbers — get an extra layer of AES-256-GCM field-level encryption with a key kept separate from the database. A database leak alone can't expose them.
Documents live in a private, per-account vault that is never public. Files are namespaced to your account and can only be opened through short-lived, signed links generated after we confirm the file is yours. Your driver's license, tax returns, and bank statements aren't sitting on a public URL.
Row-level security is enforced on every table, so your records are technically walled off from every other account — not just hidden in the UI. Our team works under least-privilege access with multi-factor authentication, and no one casually browses your files.
Your data is used only to serve your account — we never sell it. You can export a copy or permanently delete your account and documents at any time from Settings, and we honor retention limits and deletion requests.
The app ships with a strict Content-Security-Policy, clickjacking and HSTS protections, rate limiting on sensitive endpoints, upload size and type checks, and audit logging of approvals and account actions. We also run a responsible-disclosure program for security researchers.
We never sell or rent your personal information. We never take custody of your grant funds. We never submit an application or share your information without your explicit approval. You stay the applicant of record, always.
We welcome reports from security researchers. Email security@grantofficerai.com — please don’t test against other people’s data. See our security.txt.
No system is perfectly secure, and we don’t claim to be. We combine strong technical controls with clear operating practices and continuously improve them.