A plain-English summary. If you'd like the implementation detail, our Privacy principles page has it — and our full Terms and Privacy Policy land before public launch, counsel-reviewed.
Social Security numbers, account numbers, and credentials are designed to be encrypted with AES-256-GCM before they ever touch our database. Envelope-encryption with a rotating, KMS-backed key means a direct database breach yields only ciphertext.
Your data lives behind Postgres Row-Level Security policies scoped strictly to your authenticated user id. Even if an application bug asked for everyone's data, the database would return only yours. No policy can be bypassed by spoofing a cookie or metadata claim.
Sign-in uses Google OAuth or a one-time email link. We never handle a password, so we can never leak one. Session cookies are HTTP-only, Secure, SameSite-Lax, and server-validated on every page load.
We don't sell anything. You pay once, and that's the whole business model. We don't share your information with advertisers, analytics companies that profile users, or resellers. The complete list of third parties we work with is in our Privacy Policy.
When you share your Dear Grove with a trusted person, the recipient receives a single-use URL backed by a hashed token we never store in plaintext. You pick the expiration (24 hours, 7 days, 30 days, or no expiration) and can revoke any link instantly from your settings. Every recipient access is logged for your audit.
One click deletes your account. The cascade runs through every table we keep your data in — your document, your share links, your authentication record. Backups purge within 30 days. No exit surveys, no dark patterns, no “Are you sure?” spam.
We take responsible disclosure seriously and respond within one business day. Please email us at security@deargrove.com before posting anywhere public. The full disclosure contact is also published at /.well-known/security.txt per RFC 9116.
We'll acknowledge receipt the same day and coordinate a disclosure timeline with you before publishing anything.
This page describes the security posture Dear Grove ships with at public launch. We are pre-launch as of the date you are reading this, so some guarantees above — notably server-side encryption at rest — are engineered but not yet active for the pre-launch preview. No paying customers exist at this stage, and the preview stores data only in your browser.
Before any paying customer hits the product, encryption-at-rest, Row-Level Security, and the rest of the posture above are all activated and running against the production data path. The FAQ has the fullest picture if you want it.