Security & confidentiality

Your proposals stay in Europe. And yours.

The confidentiality of your data is our priority. We know your grant proposals hold confidential research strategies, budgets, consortium details and IP, so we keep them inside the EU, under EU jurisdiction, with no AI training on your content.

Hosted in the EU

Application, database and files in Germany

EU jurisdiction, end to end

EU-incorporated infrastructure, no US hyperscaler

No training on your data

Your proposals are never used to train AI models

Zero Data Retention

AI calls run stateless, nothing kept after the answer

Passwordless sign-in

Email magic-link, no passwords to steal

GDPR-compliant

DPA, audit trail and breach procedures in place

How your data is protected

01

Sovereign EU hosting

The whole platform (application, database, file storage, authentication) runs on a German-incorporated EU cloud operator (ISO 27001 at the data-center level), not on a US hyperscaler. Encryption at rest and in transit, EU jurisdiction end to end. The reproach made to most “EU-hosted” tools is that they sit on AWS or Azure and stay exposed to the US CLOUD Act regardless of region. Here, they do not.

02

Workspace audit trail

Every meaningful action (sign-in, edits, validations, invitations, exports) is recorded in a workspace audit log, alongside a separate log of every AI call (who, which project, which model). Admins export both as CSV on demand. No proposal content, budgets or partner names are ever stored in those logs, only structural metadata.

03

Pre-AI anonymization on import

When you import an existing proposal PDF, organisation names, person names, project codenames and emails are stripped and replaced with neutral tokens before any non-default AI provider sees the document. The token-to-name mapping never leaves EU infrastructure; real names are re-attached locally afterwards.

Where your content goes, and what happens to it

The difference is architectural, and verifiable.

SolutionWhere it's hostedAI processingCLOUD Act exposure
GrantForgeGermany (EU), on Hetzner. Not AWS / Azure / Google CloudMistral Cloud (EU), Zero Data Retention by default, or your own key (BYOK). Never trained on.No
ChatGPT uploadOpenAI servers (US)Stored in your thread historyYes
Microsoft CopilotMicrosoft tenant (Azure)Indexed in your tenantYes
SharePoint uploadMicrosoft tenant (Azure)Indexed in your tenantYes

AI that doesn't keep your data

Your proposals are processed by an EU-based language model under Zero Data Retention: calls run stateless, nothing is stored beyond the moment needed to produce the answer, and your content is never used to train models. Need your own provider? Workspaces can bring their own AI key (BYOK).

Need the paperwork?

A Data Processing Agreement (GDPR Art. 28), a Security Assurance Plan and a mutual NDA are available on request. Useful for your IT or DPO before a pilot.