GrantOps AI
Comprehensive Security & Compliance Architecture Report
Comprehensive Security & Compliance Architecture Report
GrantOps AI operates at the convergence of proprietary R&D intelligence, corporate finance, and government compliance. We understand that the data we process - R&D technical narratives, payroll ledgers, financial projections, and strategic roadmaps - constitutes the core intellectual property and competitive advantage of our clients.
Security at GrantOps is not a "feature"; it is the fundamental substrate of our platform. We have adopted a Defense-in-Depth architecture that layers security controls across physical, network, host, application, and data levels.
To satisfy the rigorous audit requirements of enterprise partners, GrantOps AI has executed a definitive consolidation of its infrastructure:
Complete migration of all relational database workloads to Cloud SQL (PostgreSQL), eliminating hybrid provider dependencies and third-party supply chain risks.
All client data resides within a single, unified security boundary governed by enterprise-grade IAM and protected by VPC Service Controls.
GrantOps utilizes datacenters in the USA and Canada by default. The option is available for all data processing to occur exclusively within Canadian Cloud regions (Montreal & Toronto), ensuring compliance with data residency requirements.
GrantOps AI is an autonomous grant application platform that orchestrates the entire funding lifecycle - from opportunity discovery through application submission and post-award management.
Zero Public IP Addresses on databases. All data stores reside within a private VPC, accessible only through authorized service accounts and Cloud SQL Proxy connections. This architecture eliminates direct internet-based attacks on our data layer.
Client uploads documents (PDFs, Excel, Word) via HTTPS (TLS 1.3) web portal. Files are scanned for malware using Cloud DLP and stored in Canadian Cloud Storage buckets with AES-256 encryption at rest.
Automated DLP (Data Loss Prevention) scans classify sensitive data (PII, financial records, technical IP). Tenant ID is permanently embedded as metadata to enforce logical isolation.
Documents are parsed, chunked, and embedded using secure embedding models. Vector representations are stored in tenant-isolated namespaces within the vector database.
When generating applications, agents retrieve only tenant-specific vectors and structured data via Row-Level Security (RLS) policies. Context windows are constructed dynamically and cleared after each session.
Assembled context is sent to LLM providers (OpenAI Azure, Gemini) via enterprise APIs with contractual guarantees: client data is NEVER used for model training or retained after inference. The option is available for containerized models for inference and isolated instances, providing enhanced data isolation and control for clients with stringent security requirements.
Generated grant application is stored in Cloud SQL with audit logs. Client reviews and approves final version through authenticated web portal.
Final application exported as encrypted PDF with digital signatures. Client submits directly to government portals - GrantOps never auto-submits without explicit user authorization.
The most significant security concern in AI-powered grant platforms is the risk of data leakage between clients. If Client A's proprietary R&D plans could influence or appear in Client B's application, the platform would be fundamentally compromised.
OpenAI Azure Enterprise: SOC 2 Type II certified. Data submitted via API is not used for model training, improvement, or retention beyond the inference session.
Google Gemini: Enterprise privacy controls. No data logging or model fine-tuning using customer prompts.
Anthropic Claude: Commercial Terms of Service explicitly prohibit training on customer data.
Containerized Models & Isolated Instances (Available Option): For clients with stringent security requirements, the option is available for containerized models for inference and isolated instances, providing enhanced data isolation and control beyond standard enterprise API guarantees.
Every table in Cloud SQL implements PostgreSQL Row-Level Security (RLS) policies rooted in tenant_id. It is mathematically impossible for a query authenticated as Client A to return records belonging to Client B.
Example RLS Policy:
CREATE POLICY tenant_isolation ON applications
FOR ALL
TO authenticated_users
USING (tenant_id = current_setting('app.current_tenant')::uuid);
AI agents maintain zero persistent memory between sessions. Generating Client A's application, the agent's context window is not shared with other clients or core models. The next invocation for Client B starts with a fresh, isolated context containing only Client B's data.
Document embeddings are stored in tenant-specific namespaces within our vector database. Similarity searches are scoped exclusively to the requesting tenant's namespace, preventing cross-tenant semantic retrieval.
Third-party penetration testing (scheduled Q1 2026) will attempt to extract Client A's data while authenticated as Client B. Expected result: Zero data leakage across 10,000+ simulated attack vectors.
Implementation In Progress
AC, IA, SI, CM, SC Controls
Target: Q1 2026
Design of Controls
Target: Q1, Q2 2026
6-Month Operating Effectiveness
Compliant
Canadian Privacy Law
| Control Family | Control ID | Implementation | Evidence |
|---|---|---|---|
| Access Control | AC-2, AC-6 | Least Privilege RBAC, Quarterly Access Reviews, Break Glass Protocol | IAM Audit Logs, Access Review Reports |
| Identity & Authentication | IA-2, IA-5 | MFA Mandatory (Google Workspace, Cloud Console), Passwordless Options | MFA Enforcement Policies |
| System Integrity | SI-2, SI-4 | Automated Vulnerability Scanning (SAST, Dependency Scanning), Security Command Center Monitoring | Scan Reports, Alert Configurations |
| Change Management | CM-3, CM-2 | Peer-Reviewed PRs, Branch Protection, Immutable Deployments | GitHub Audit Logs, Change Records |
| System & Comms Protection | SC-8, SC-28 | TLS 1.3 in Transit, AES-256 at Rest, Cloud KMS Key Management | Encryption Audit Reports |
| Incident Response | IR-4, IR-6 | 24/7 Monitoring, Automated Alerting, 5-Day RCA Documentation | Incident Response Plan, Historical Incident Reports |
| Contingency Planning | CP-9, CP-10 | Daily Automated Backups, Geo-Replication, Annual DR Testing | Backup Logs, DR Test Documentation |
Risk: Employee accesses sensitive client financial data without authorization.
Likelihood: Low
Mitigation:
Risk: External database provider compromised, exposing client data.
Likelihood: Low
Mitigation:
Risk: Client A's R&D plans regurgitated by AI to Client B.
Likelihood: Low
Mitigation:
Risk: Malicious encryption or accidental deletion of client data.
Likelihood: Low
Mitigation:
Risk: Service disruption preventing grant application submissions.
Likelihood: Medium
Mitigation:
Risk: AI generates factually incorrect or "hallucinated" grant content.
Likelihood: Low
Mitigation:
Risk: Employee intentionally exfiltrates client data.
Likelihood: Very Low
Mitigation:
GrantOps adheres to the principle of Data Minimization - we collect only what is strictly necessary to generate grant applications.
| Data Category | Examples | Purpose | Storage Location | Retention |
|---|---|---|---|---|
| Entity Information | Legal Business Name, Business Number, Incorporation Date | Eligibility verification | Cloud SQL (Canada) | 7 years (tax compliance) |
| Financial Data | Payroll ledgers, Balance Sheets, R&D Expenditures | Grant calculation & Tax Credit estimation | Cloud SQL (Canada) | 7 years (audit requirements) |
| Technical Data | R&D Project Descriptions, Technical Obstacles, Experimental Protocols | Generating technical narratives for SR&ED | Cloud Storage / Vector DB (Canada) | Duration of engagement + 2 years |
| User Data | Name, Email, Role | Authentication & Audit trails | Cloud SQL / Auth Provider (Canada) | Active users only |
Default Configuration: GrantOps utilizes datacenters in the USA and Canada by default for optimal performance and redundancy.
Canadian Residency Option: The option is available for all processing to occur in northamerica-northeast1 (Montreal) and northamerica-northeast2 (Toronto) regions. When selected, databases and object storage buckets are configured with location constraints preventing data replication outside Canada.
Backups: Disaster recovery backups are geo-replicated between regions. When Canadian residency is selected, backups remain within Canadian regions (Montreal ↔ Toronto).
Exception: LLM API calls to US-based providers (OpenAI Azure, Anthropic) transmit only the minimum context required for inference. No data is retained by providers post-inference per enterprise agreements.
GrantOps complies with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA):
Components: HTTPS Load Balancer, Cloud CDN, Cloud Armor WAF
Protection: DDoS mitigation, Rate limiting, Geo-blocking, SSL/TLS termination
Allowed Traffic: Only HTTPS (443) from verified clients
Components: GKE Clusters, Cloud Run Services, API Gateways
Protection: No public IPs, VPC firewall rules, Service accounts only
Allowed Traffic: Ingress from Load Balancer only, Egress to Data Zone and approved external APIs
Components: Cloud SQL, Cloud Storage, Vector Database, Secret Manager
Protection: Zero public IPs, Private Service Connect, VPC Service Controls, CMEK encryption
Allowed Traffic: Ingress from Application Zone service accounts ONLY via Cloud SQL Proxy / Private IPs
Components: Cloud Console Access, Identity-Aware Proxy (IAP), Audit Logging
Protection: MFA required, IP whitelisting, Time-based access, All actions logged
Allowed Traffic: Authenticated administrators only via IAP tunnels
GrantOps implements a Zero Trust network model. No implicit trust is granted based on network location. Every request - whether from internet users or internal services - is authenticated, authorized, and encrypted.
Automated alerts from Security Command Center, Cloud Monitoring, and application logs. Security team triages incidents within 15 minutes for P1 (Critical) events.
Severity Levels:
Short-term: Isolate affected containers, revoke compromised API keys, disable user accounts
Long-term: Deploy patches, implement additional monitoring, preserve forensic evidence
Remove malicious artifacts, patch vulnerabilities, update firewall rules, rotate credentials
Restore services from clean backups, verify system integrity, gradual return to normal operations with enhanced monitoring
Root Cause Analysis (RCA) report within 5 business days. Identify systemic failures, implement preventive controls, update runbooks and incident response procedures.
Database Backups: Automated daily full snapshots + continuous point-in-time recovery (PITR) via write-ahead logs. Retention: 30 days.
File Storage Backups: Object versioning enabled on Cloud Storage buckets. Deleted files recoverable for 30 days.
Geo-Redundancy: Critical backups replicated to secondary Canadian region (Montreal ↔ Toronto) to survive regional disasters.
RPO (Recovery Point Objective): 24 hours maximum data loss
RTO (Recovery Time Objective): 4 hours maximum downtime for core services
Testing: Annual disaster recovery drills simulating complete regional failure, with documented evidence and lessons learned.
Retention: 1 year for forensic analysis | Immutable storage
| Event Category | Detection Method | Alert Threshold | Response |
|---|---|---|---|
| Failed Authentication | Cloud IAM Audit Logs | 5 failed attempts in 5 minutes | Account lockout, Security team notified |
| Privileged Access | IAM Policy Changes | Any change to admin roles | Immediate CTO notification, Change review |
| Data Exfiltration | DLP, Egress Traffic Analysis | Unusual data download volumes | Session termination, Investigation triggered |
| Malware Detection | File Upload Scanning | Any malicious signature match | File quarantine, User notification |
| SQL Injection Attempt | WAF (Cloud Armor), App Logs | Malicious patterns in requests | Request blocked, IP temporarily banned |
| Impossible Travel | Geo-location Analysis | Login from 2 distant locations within 1 hour | MFA re-challenge, Security review |
GrantOps minimizes supply chain risk through careful vendor selection and continuous monitoring. All critical vendors undergo security assessments before integration.
| Vendor | Function | Compliance Status | Data Access | Risk Mitigation |
|---|---|---|---|---|
| Google Cloud Platform | Core Infrastructure | SOC 2 Type II, ISO 27001, FedRAMP | All client data | Native Cloud security controls, VPC Service Controls, CMEK |
| OpenAI (Azure) | LLM Inference | SOC 2 Type II, GDPR | Contextual data only (inference) | Enterprise API with Zero-Retention guarantee, No training on data |
| Anthropic Claude | LLM Inference | SOC 2 Type II | Contextual data only (inference) | Commercial Terms prohibit training on customer data |
| Google Gemini | Embeddings & LLM | SOC 2 Type II, ISO 27001 | Contextual data only | Native Cloud service, Enterprise privacy controls |
| Stripe | Payment Processing | PCI-DSS Level 1 | Payment metadata only | Tokenized payments, Zero card data storage on our systems |
| GitHub | Source Code Control | SOC 2 Type II | Source code only (no client data) | MFA enforcement, Branch protection, Private repositories |
All new vendors processing sensitive data undergo a comprehensive security questionnaire covering data handling practices, compliance certifications, breach history, and incident response capabilities. Annual re-assessments ensure continued compliance.
GrantOps maintains a comprehensive audit evidence repository to facilitate rapid due diligence and compliance verification:
| Reference ID | Document | Control Objective | Availability |
|---|---|---|---|
| 1.1.1 | Organizational Chart | Define Reporting Lines & Segregation of Duties | ✓ Quarterly |
| 1.1.3 | System-Generated Employee List | Workforce Management | ✓ Quarterly |
| 1.4.1 | New Hire List (Audit Period) | Competence & Training | ✓ Quarterly |
| 7.1.4 | Vulnerability Scan Reports (External) | Vulnerability Management | ✓ Quarterly |
| 7.2.1 | Incident Management Policy | Incident Response | ✓ Quarterly |
| 7.2.3 | Firewall & Antivirus Alert Configurations | Monitoring | ✓ Quarterly |
| 7.5.2 | Critical Systems Recovery Plan | Disaster Recovery | ✓ Quarterly |
| 8.1.2 | System Change Log | Change Management | ✓ Real-time |
| 8.1.7 | High Severity Incident Log | Incident Tracking | ✓ Real-time |
GrantOps AI recognizes that security and privacy are not mere compliance checkboxes - they are fundamental enablers of client trust and business success. Our Cloud Native architecture, combined with defense-in-depth controls and AI-specific safeguards, creates a fortress around our clients' most sensitive intellectual property.
This report accurately reflects the security posture of GrantOps AI as of December 2025. We commit to continuous improvement of our security controls and transparent communication with our enterprise partners.
Prepared by: GrantOps AI Security & Compliance Team
For security inquiries or audit requests:
Website: grantops.ai
Contact Our Team: info@grantops.ai