Security You Can Trust

At Gridlines, data security isn't just a feature—it's the foundation of everything we build. We understand that you're trusting us with your most sensitive business information, and we take that responsibility seriously.

Enterprise-Grade Protection, Built-In

Your Data, Truly Isolated

True infrastructure-level separation. Each team's files are stored in completely separate, dedicated Google Cloud Storage buckets with unique encryption keys. This isn't just application-level access control—your data is physically isolated at the infrastructure layer, so even in the unlikely event of an application vulnerability, your data remains protected.

What this means for you: Your documents are never mixed with other customers' data, and infrastructure-enforced access controls ensure that only your team can access your files.

Security That Scales with Your Business

Defense in depth. We implement multiple layers of security working together:

  • Database row-level security policies that automatically filter data by team
  • Application-level access controls validated on every request
  • Infrastructure-level IAM policies restricting storage access
  • Comprehensive audit logging of every data access

SOC 2 Type II certified (in progress): We're implementing the same enterprise-grade security architecture used by GitHub, Slack, and Notion—companies trusted by the world's most security-conscious organizations.

Encryption at Every Step

Your data is always encrypted:

  • In transit: TLS 1.3 encryption for all data between your browser and our servers
  • At rest: AES-256 encryption for all stored files
  • Customer-managed keys: Each team has unique encryption keys through Google Cloud Key Management Service—your data is never encrypted with shared keys

Built on Google Cloud Platform

Enterprise infrastructure you can rely on:

  • 99.95% uptime SLA with global edge network
  • Redundant storage across multiple geographic regions
  • Automatic backups with point-in-time recovery
  • Same infrastructure powering Gmail, YouTube, and Fortune 500 enterprises

Your Data, Your Control

100% data ownership. We never:

  • Use your data to train AI models without explicit permission
  • Share your data with third parties for marketing
  • Access your data without your permission (except for support requests you initiate)
  • Retain your data after account deletion (30-day grace period, then permanent deletion)

Export anytime. Download all your data in standard formats whenever you want. No lock-in.

Trusted by Regulated Industries

Gridlines serves customers in finance, healthcare, government, and Fortune 500 enterprises. Our security architecture is designed to meet the requirements of the most security-conscious organizations:

  • Financial services: Built for banks and investment firms handling sensitive financial data
  • Healthcare: HIPAA-ready architecture for protecting patient information
  • Government: Meets requirements for government contractors and public sector organizations
  • Enterprise: Trusted by companies that demand the highest security standards

Continuous Monitoring & Transparency

Complete visibility. We maintain detailed audit logs of all data access and provide proactive monitoring for suspicious activity. Cross-team access attempts (which should never occur) trigger immediate alerts to our security team.

Third-party verified. Annual penetration testing by independent security firms, automated vulnerability scanning, and a responsible disclosure program for security researchers ensure our defenses stay strong.

Learn More

For security inquiries, vulnerability reports, or compliance documentation:

Enterprise customers: Contact us for detailed security documentation, compliance certifications, and custom security reviews.

Last updated: January 2026