Skip to main content
Grapevine is built with security and privacy as core principles. The platform is designed to keep every tenant’s data isolated, resilient against bad actors, and trusted by enterprise teams.

Security

Grapevine is built from the ground up around security. We maintain SOC 2 Type II certification and partner with an independent security firm for recurring audits and penetration testing.

Encryption everywhere

TLS 1.3 protects every request in transit, while AES-256 encryption keeps all data at rest secured. Secrets and credentials are isolated inside AWS Secrets Manager.

Tenant isolation by design

Dedicated compute per tenant group and signed tenant context on every request ensure data is never commingled. Cross-tenant access is structurally impossible.

External security firm auditing

Independent experts conduct recurring penetration tests and audits across our infrastructure, validating every control.

SOC 2 certified

We maintain SOC 2 Type II certification so you know our safeguards are independently verified and continuously monitored.
Have additional security questions? Reach out to our team.

Member roles

Grapevine supports two member roles to control access to administrative functions while maintaining data privacy:
  • Members can connect to the MCP to query and access data, but cannot access the admin UI
  • Admins can access both the admin UI and the MCP, with full administrative capabilities
Admins cannot access other members’ private data. All users are subject to the same permission-aware access controls that mirror source-level permissions.

Inviting users

You can invite additional users to your Grapevine organization through the Invitation panel.

Privacy

We never train on your data

We do not train models on your data. Your data is your own.

Permission-aware by default

Grapevine mirrors source-level permissions, so private docs stay private and results only reach authorized teammates.

Control is always in your hands

Disconnect sources, revoke tokens, or delete data at any time from the admin console—your changes take effect immediately.

Data handling

Grapevine only indexes the content and workspaces you explicitly connect.

Data deletion

Once you confirm deletion, Grapevine stops indexing new content right away and begins purging all stored data. In most cases the removal finishes within minutes.
1

Open Organization Settings

From the admin console, head to the Organization Settings page.
2

Click Delete Data

Click the “Delete Data” button to begin the deletion process.