Grimoire

Security at Grimoire

Last Updated: February 8, 2026

How we protect your data and maintain trust

At Grimoire, security is not just a feature — it's a fundamental pillar of our platform. We are committed to protecting your data, maintaining your trust, and ensuring the highest standards of security across all aspects of our service. Our comprehensive security program encompasses infrastructure, application, and operational security to safeguard your information at every level.

Data Encryption

We employ industry-leading encryption standards to protect your data both at rest and in transit:

  • AES-256 encryption for all data at rest, ensuring maximum protection for stored information
  • TLS 1.3 protocol for all data in transit, securing communications between your systems and our platform
  • End-to-end encryption for sensitive data including API keys and credentials

Infrastructure Security

Our infrastructure is built on enterprise-grade cloud services with multiple layers of protection:

  • Hosted on enterprise-grade cloud infrastructure with 99.9%+ uptime SLA
  • Regular security audits and penetration testing by third-party security experts
  • Geographic redundancy and automated backups to ensure data availability and disaster recovery

Access Control

We implement strict access controls to ensure only authorized users can access your data:

  • Role-based access control (RBAC) to manage permissions and minimize privilege escalation risks
  • Multi-factor authentication (MFA) support for enhanced account security
  • Comprehensive API key rotation and management tools to maintain secure integrations

Compliance Roadmap

We are committed to meeting and exceeding industry compliance standards:

  • SOC 2 Type II certification (currently in progress)
  • GDPR compliant with robust data protection and privacy controls
  • Data Processing Agreements (DPA) available for enterprise customers

Responsible Disclosure

We value the security research community and welcome responsible disclosure of potential vulnerabilities:

  • Bug bounty program for eligible security vulnerabilities with rewards based on severity and impact
  • Security issues can be reported to security@grimoire.tech
  • Commitment to acknowledge all reports within 48 hours and provide timely updates on remediation

Best Practices for Users

While we implement robust security measures, we recommend following these best practices to maximize your account security:

  • Use strong, unique passwords for your Grimoire account
  • Enable multi-factor authentication (MFA) on your account
  • Rotate API keys regularly and revoke unused or compromised keys immediately
  • Use Bring Your Own Key (BYOK) for sensitive workloads requiring additional control

Have security questions? Our security team is here to help address your concerns. Contact us at security@grimoire.tech.