Trust

Security & Trust

How grāmatr℠ protects your intelligence layer. Last updated: April 8, 2026

Pre-launch posture. grāmatr℠ is in private beta. The security architecture described below was designed to meet enterprise standards from day one. Formal certifications (SOC 2 Type II, HIPAA) are on the roadmap and will be published as they complete. For enterprise security review, vendor assessments, or questionnaires, contact [email protected].

Architectural principles

  • Encrypted at every level. User, team, and enterprise data are encrypted in transit (TLS) and at rest. Per-user encryption keys isolate individual knowledge graphs.
  • Row-level security. Database access is enforced at the row level, not the application layer. A misconfigured service cannot leak another tenant's data.
  • Tiered governance. Intelligence is scoped by tier — system, enterprise, team, user, project — with row-level security enforced at the database level.
  • Least-privilege access. Operator access to production is limited, logged, and audited. No shared credentials.
  • Patent-pending pre-classification routing. Sensitive requests are classified and routed before any expensive model sees them, reducing exposure surface by design.

Data handling

  • Your data is yours. You own the content you submit to grāmatr. We do not sell it, rent it, or share it with advertisers.
  • Export on demand. Enterprise customers can export their organization's intelligence configurations, skill definitions, and training governance records at any time.
  • Deletion on cancellation. Upon cancellation, a full export is provided. After export confirmation, all customer data is permanently deleted from grāmatr systems within 30 days. A certificate of deletion is available on request.
  • Clean deletion. When you delete, your data is permanently removed — intelligence configurations, observations, and embeddings.

Infrastructure

  • Kubernetes-deployed with GitOps automation. Every production change flows through a reviewed, versioned, auditable pipeline.
  • Cloudflare-hosted edge. Global TLS termination, DDoS protection, and WAF at the edge.
  • Immutable builds, tagged releases. Every deployment corresponds to a signed, tagged release in source control.

Certifications and compliance

  • SOC 2 Type II: Architecture designed to meet control requirements. Formal audit on the roadmap.
  • HIPAA: Architecture designed to support BAA-covered workloads. Formal attestation on the roadmap.
  • GDPR / CCPA: See the Privacy Policy for rights and lawful bases.
  • Data residency: Regional deployment is on the roadmap. Talk to us about your requirements.

We are transparent about where we are in the certification process. We will not claim certifications we do not hold. Current status and target dates are available under NDA — contact [email protected].

Responsible disclosure

If you are a security researcher and you believe you have discovered a vulnerability in grāmatr or this website, we want to hear from you. Please email [email protected] with:

  • A clear description of the issue and its potential impact
  • Steps to reproduce
  • Any proof-of-concept code or screenshots
  • Your name or handle for credit (optional)

We commit to acknowledging reports within three business days, investigating in good faith, and keeping you informed as we remediate. We will not pursue legal action against researchers who act in good faith, avoid privacy violations and service disruption, and give us a reasonable opportunity to fix issues before public disclosure.

Contact

Security questions, vendor assessments, responsible disclosure: [email protected]

Legal and privacy: [email protected]

gramatr, LLC · Missouri, USA