A plain-English summary. If you'd like the implementation detail, our Privacy principles page has it, and our full Terms and Privacy Policy land before public launch, counsel-reviewed.
Social Security numbers, account numbers, and credentials are designed to be encrypted with AES-256-GCM before they ever touch our database. Envelope-encryption with a rotating, KMS-backed key means a direct database breach yields only ciphertext.
Your data lives behind Postgres Row-Level Security policies scoped strictly to your authenticated user id. Even if an application bug asked for everyone's data, the database would return only yours. No policy can be bypassed by spoofing a cookie or metadata claim.
Sign-in uses Google OAuth or a one-time email link. We never handle a password, so we can never leak one. Session cookies are HTTP-only, Secure, SameSite-Lax, and server-validated on every page load.
Your DearGrove document stays in our systems. We share a SHA-256 hash of your email with Meta to measure ad performance (switchable off in your settings). If you opt in on the Find an Advisor page, we share contact info, never document content, with a vetted estate planner. The full list of sub-processors and your opt-outs are in our Privacy Policy.
When you share your DearGrove with a trusted person, the recipient receives a single-use URL backed by a hashed token we never store in plaintext. You pick the expiration (24 hours, 7 days, 30 days, or no expiration) and can revoke any link instantly from your settings. Every recipient access is logged for your audit.
One click deletes your account. The cascade runs through every table we keep your data in, your document, your share links, your authentication record. Backups purge within 30 days. No exit surveys, no dark patterns, no “Are you sure?” spam.
We take responsible disclosure seriously and respond within one business day. Please email us at support@deargrove.com before posting anywhere public. The full disclosure contact is also published at /.well-known/security.txt per RFC 9116.
We'll acknowledge receipt the same day and coordinate a disclosure timeline with you before publishing anything.
This page describes the security posture DearGrove ships with at public launch. We are pre-launch as of the date you are reading this, so some guarantees above, notably server-side encryption at rest, are engineered but not yet active for the pre-launch preview. No paying customers exist at this stage, and the preview stores data only in your browser.
Before any paying customer hits the product, encryption-at-rest, Row-Level Security, and the rest of the posture above are all activated and running against the production data path. The FAQ has the fullest picture if you want it.