GRADE™ ← Back to site
GRADE · Security

How we handle your data

Written for the IT, legal, and procurement people who evaluate vendors. Questions or security reviews: security@gradeltd.com — we answer questionnaires directly.

The short version

GRADE processes two kinds of customer content: published product documentation and inbound inquiry text. Each customer's data is isolated to that customer, is never used to serve or train for anyone else without written consent, and is returned or deleted within 30 days of exit. Every AI-drafted output requires explicit human approval before it goes anywhere.

Architecture choices that reduce risk

Operational controls

What we don't claim yet

We are an early-stage company and say so plainly: we do not yet hold SOC 2 or ISO 27001 certification — formal SOC 2 readiness is a funded item on our roadmap. Until then, this page states our actual posture, and we will walk your team through any of it, including our evaluation results, on request.

Reporting a vulnerability

Email security@gradeltd.com with details. We acknowledge promptly, investigate in good faith, and will not pursue action against good-faith research.

← Back to gradeltd.com