Security Policy
Last Updated: July 06, 2026
At GRAP Solutions, security is fundamental to our enterprise AI operations. Because we ingest, annotate, and process high-volume, proprietary data for global AI teams, we enforce rigorous cybersecurity frameworks to safeguard data confidentiality, maintain integrity, and ensure high availability.
1. Data Encryption
We mandate encryption for all information flow:
- Data in Transit: All data sent to or from our servers is encrypted using Transport Layer Security (TLS 1.3) protocols.
- Data at Rest: Ingested training datasets, client metadata, and candidate credentials are encrypted using Advanced Encryption Standard (AES-256) block encryption keys.
2. Network & Infrastructure Security
Our operational platform runs within fully segregated cloud network topologies:
- VPC Isolation: Core databases and annotation processing engines are located in private subnets behind restrictive firewalls. Egress traffic is heavily restricted.
- Isolated Workspaces: For clients requiring maximum security (e.g., medical clinical data annotation), we provision separate Virtual Private Clouds (VPCs) that prevent any cross-client data contamination.
3. Access Controls
We enforce the Principle of Least Privilege:
- Access to databases and client file storage is restricted to authorized personnel who require it to perform client services.
- Multi-factor authentication (MFA) is strictly enforced for all developer, architect, and manager logins.
- Activity logs are maintained and audited for any administrative commands or database accesses.
4. Contributor Platform Security
Linguistic experts, RLHF annotators, and evaluation partners accessing the Sourcing Vendor Portal operate under safe-workspace conditions. Our UI does not allow download actions on raw datasets, and it relies on secure web rendering to keep assets localized inside the browser memory segment.
5. Vulnerability Management
We execute periodic automated vulnerability scans across our repositories and dependency trees. If you believe you have discovered a vulnerability, please report it to our security desk at production@grap-solutions.com. We will investigate the issue and implement necessary patches promptly.
6. Contact Us
If you have questions about our infrastructure security, audit certificates, or compliance frameworks, please contact our security architecture group at production@grap-solutions.com.