Terms of ServicePrivacy PolicySecurity PolicySubscription & Billing PolicyCookie PolicyDMCA Copyright Policy

Security Policy

Effective Date: December 10, 2025 Version: 1.0

1. Infrastructure & Hosting

At Global Development Solutions Unlimited, Inc., the security of your data is our highest priority. We utilize industry-leading infrastructure and security practices to keep your grant data, strategies, and personal information safe.

Our services are hosted on cloud infrastructure provided by Supabase, which runs on Amazon Web Services (AWS).

  • Physical Security: Our infrastructure providers maintain ISO 27001 and SOC 2 Type II compliance.
  • Data Center Location: All data is stored in secure data centers located in the United States (unless otherwise specified for compliance).

2. Data Encryption

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using strict Transport Layer Security (TLS) 1.2 or higher. We employ HSTS (HTTP Strict Transport Security) to ensure browsers interact with our Service only over HTTPS.
  • Encryption at Rest: User data stored in our databases is encrypted at rest using AES-256 encryption standards.

3. Application Security & Access Control

  • Authentication: We use secure authentication provided by Supabase (supporting Email/Password, Google, and LinkedIn OAuth). We do not store plain-text passwords.
  • Row Level Security (RLS): We implement strict Row Level Security at the database level. This ensures that even if an application-level bug were to occur, a user can strictly only access rows of data tied to their specific user_id or company_id.
  • AI Isolation: Artificial Intelligence requests are sandboxed. Data sent to our AI models is ephemeral and scoped strictly to your current session and Company workspace.

4. Payment Security

We do not store, process, or transmit your credit card data on our servers.

  • PCI Compliance: All payments are processed by Stripe, which is a certified PCI Service Provider Level 1 (the most stringent level of certification available in the payments industry).

5. Employee Access

Access to customer data by our employees is strictly limited to necessary support and engineering staff.

  • Least Privilege: Access is granted on a principle of least privilege.
  • Audit Logs: We maintain logs of internal access to production systems for security auditing.

6. Vulnerability Reporting

If you believe you have found a security vulnerability in Grant Management Made Easy, please contact us immediately.

  • Contact: support@grantmanagementmadeeasy.com
  • Policy: We request that you do not publicly disclose the issue until we have had a reasonable timeframe to address it. We appreciate the help of the security community.

7. Backups and Reliability

  • Backups: We perform continuous backups of our database (Point-in-Time Recovery) to ensure data durability in the event of a catastrophic failure.
  • Availability: We strive for 99.9% uptime and utilize redundant infrastructure where possible.