Security
Last updated 5 June 2026
Hosting & infrastructure
[Vercel; region — confirm]
Encryption in transit and at rest
[confirm specifics — do not claim standards Grace does not meet]
Access control & authentication
[confirm]
Audit trail
Grace's hash-chained audit trail on sensitive actions [real product feature per the PDD; confirm scope before claiming on the public site]. [Reviewed legal wording required.]
Payments security
Card data handled by PCI-DSS-compliant processors; Grace does not store card numbers [confirm wording against the actual payment rail].
Backups & resilience
[confirm]
Data protection by design
[Reviewed legal wording required.] See also the GDPR page.
Responsible disclosure
How to report a vulnerability: [security contact email]