GrantOps Trust & Security - Executive Summary

## Security as the Foundation

GrantOps AI operates at the convergence of proprietary R&D and corporate finance. Our Defense-in-Depth architecture protects your intellectual property with enterprise-grade controls aligned with NIST 800-53 and SOC 2 standards.

## Key Security Metrics

- **Encryption**: AES-256 at rest and in transit
- **Compliance**: SOC 2 Type I target Q1 2026
- **Data Residency**: Canada (Montreal & Toronto)
- **Uptime**: 99.99% last 30 days

## Core Security Pillars

### Zero-Retention AI
LLM providers are contractually prohibited from training on your data. All AI interactions use zero-retention enterprise APIs.

### Tenant Isolation
Strict Row-Level Security (RLS) ensures data never crosses client boundaries. Every query is filtered by tenant_id at the database level.

### Cloud Native Strategy
Full migration to Google Cloud eliminates third-party supply chain risks. All data processing occurs exclusively within Canadian Cloud regions.

## Executive Security Statement

Security at GrantOps is not a "feature"; it is the fundamental substrate of our platform. We have adopted a Defense-in-Depth architecture that layers security controls across physical, network, host, application, and data levels.

### Full Cloud Native Architecture
Complete migration of all relational database workloads to Cloud SQL (PostgreSQL), eliminating hybrid provider dependencies and third-party supply chain risks.

### Unified Security Perimeter
All client data resides within a single, unified security boundary governed by enterprise-grade IAM and protected by VPC Service Controls.

### Canadian Data Sovereignty
All data processing occurs exclusively within Canadian Cloud regions (Montreal & Toronto), ensuring compliance with data residency requirements.