Security and Data Handling Overview

Grantable is built on SOC 2 Type 2–certified systems and practices, ensuring your organization’s data is protected through independently audited security, availability, and confidentiality controls.

Written By Philip Deng

Last updated 4 months ago

Purpose

This article explains how Grantable handles, protects, and processes your information in compliance with SOC 2 Type 2 standards. It also clarifies how our AI functionality interacts with third-party large language model (LLM) APIs and what those providers guarantee under their own terms.

🔗 View our full Trust Portal: grantable.trust.delve.co

💡 Grantable’s guiding principle: you own your data, and we protect it through secure architecture, transparent policies, and verified third-party standards.

SOC 2 Type 2 Certification

Grantable maintains SOC 2 Type 2 certification, which means our systems, policies, and operations have been independently audited for:

  • Security — protection against unauthorized access.

  • Availability — consistent uptime and reliability.

  • Confidentiality — strict control of sensitive information.

Our certification covers both our internal operations and the infrastructure that supports Grantable’s platform. You can review audit results, uptime history, and vendor management practices anytime at our Trust Portal.

💡 SOC 2 Type 2 provides assurance that Grantable continuously enforces tested, auditable controls across every system that handles your data.

Data Storage and Encryption

  • All data is stored in secure, cloud-based infrastructure with encryption in transit (TLS 1.2+) and encryption at rest (AES-256).

  • Each organization’s workspace is logically isolated, ensuring data separation between customers.

  • Access to production environments is strictly limited under least-privilege principles and continuously monitored.

💡 Every workspace operates as a sealed environment: only authorized members can access its data.

How Grantable’s AI Works with Your Data

When you interact with the AI Assistant, your content is processed securely and temporarily to generate a response.

Here’s how that works:

  • Prompts and contextual data (like attached files or text excerpts) are sent to large language model (LLM) APIs for real-time generation.

  • These models are provided by industry leaders — OpenAI, Anthropic, and Google Gemini.

  • None of your data is stored or reused by Grantable’s internal systems outside your workspace context.

  • According to each provider’s policies, data sent via their API endpoints is not used for model training and is processed only to generate the immediate response.

🔗 Review each provider’s data policy:

💡 Grantable does not train AI models, nor do we permit our vendors to use your data for that purpose. All LLM usage occurs through enterprise-grade, API-only access, governed by the above agreements.

Integrations and External Connections

  • When you connect services like Google Drive, Grantable requests read-only OAuth permissions.

  • Imported files are stored securely within your workspace and never altered or deleted from Drive.

  • All integrations are reviewed and managed under Grantable’s SOC 2 Type 2 vendor risk and compliance framework.

💡 You maintain control — integrations expand convenience, not exposure.

Data Retention and Deletion

  • You can delete any file, record, or document at any time.

  • Deleted data is permanently removed from active systems and purged from backups after a short retention period.

  • When your organization closes its account, all associated data is deleted following a verified, auditable process.

💡 Grantable does not sell, rent, or share user data for marketing, analytics, or AI training.

Monitoring and Incident Response

  • Grantable’s systems include 24/7 monitoring, intrusion detection, and anomaly alerts.

  • Security incidents trigger a formal incident response process, tested and audited under SOC 2 Type 2.

  • We meet or exceed requirements for GDPR, CCPA, and data privacy expectations across nonprofit and education sectors.

💡 Every event is logged, traceable, and governed by least-access principles.

Staying Secure as a User

You can help keep your workspace safe by:

  • Enabling 2FA through your email provider.

  • Reviewing your Settings → Team list regularly.

  • Avoiding unnecessary uploads of sensitive personal or financial data.

💡 Security is shared: Grantable protects the system; your team protects its credentials.

Key takeaway: Grantable’s SOC 2 Type 2 certification confirms that your data is encrypted, isolated, and processed securely. AI features rely on trusted third-party LLM APIs (OpenAI, Anthropic, and Google Gemini), all of which prohibit model training on customer data. You can review our security posture and audit history anytime at the Grantable Trust Portal.