🔒 Security & Privacy

Your data is protected at every step

We believe in complete transparency about how your data flows through our system. This page explains exactly what happens when you use Gridscope, which companies are involved, and how we keep your data secure.

Data Flow

What Happens to Your Data

When you upload a CSV file or connect a data source to Gridscope, here's the complete journey your data takes:

1. Upload & Storage

You upload your CSV file or connect your data source. All data is stored in our secure Neon Postgres database, hosted in the United States with enterprise-grade encryption.

2. AI Analysis

Your data is sent to Anthropic's Claude AI for analysis. Claude generates KPIs, detects anomalies, recommends visualizations, and creates insights. Data is processed but not stored permanently by Anthropic.

3. Results Stored

AI-generated dashboards, reports, and insights are stored back in our Neon Postgres database alongside your original data.

4. Displayed to You

Your dashboards and insights are served through our Render-hosted web application. Only you can access your data—completely isolated from other users.

Infrastructure Partners

Who Has Access & Why

Gridscope is built on best-in-class infrastructure providers. Here's exactly who handles your data and what they do:

Neon
Database Provider

Stores all uploaded data and generated reports. Serverless Postgres with automatic backups. US-hosted with SOC 2 Type II compliance.

Anthropic
AI Processing

Analyzes data to generate dashboards, KPIs, and insights. Data sent for processing only—not stored permanently by Anthropic. Industry-leading AI safety standards.

Render
Application Hosting

Hosts the Gridscope web application. US-based infrastructure with automatic TLS encryption and DDoS protection.

Polsia
Platform Orchestration

Manages deployment, infrastructure provisioning, and development tooling. No direct access to customer data—acts as infrastructure coordinator only.

Stripe
Payment Processing

Handles billing securely for Pro subscriptions. PCI DSS compliant. Gridscope never sees or stores full credit card details.

Security Measures

How We Protect Your Data

Multi-Tenant Isolation

  • Each user's data is completely isolated from other users
  • You can only access your own uploads, dashboards, and reports
  • Database-level access controls enforce strict tenant boundaries

Authentication & Access Control

  • Secure passwordless authentication via magic links
  • Session tokens with automatic expiration
  • All API endpoints protected by authentication middleware

Encryption & Transport

  • All data transmitted over HTTPS with TLS 1.3
  • Database connections encrypted in transit
  • Sensitive tokens stored with AES-256-GCM encryption

Fraud Detection (Payments)

  • 3-factor fraud scoring on all Pro subscription payments
  • Stripe Radar automatically blocks suspicious transactions
  • No payment data stored on Gridscope servers
Privacy Commitments

What We Do NOT Do

Your trust is paramount. Here are our firm commitments:

Compliance & Standards

Industry Certifications

Our infrastructure partners maintain the following certifications:

Contact

Questions About Security?

We're happy to answer any questions about how we protect your data. For security inquiries, vulnerability reports, or compliance documentation, contact us at:

Email: hello@gridscope.app

For security vulnerability reports, please include "[SECURITY]" in the subject line. We aim to respond within 24 hours.