Current status
This page describes the security posture Dear Grove ships with at public launch. We are pre-launch as of the date you are reading this, so some guarantees above — notably server-side encryption at rest — are engineered but not yet active for the pre-launch preview. No paying customers exist at this stage, and the preview stores data only in your browser.
Before any paying customer hits the product, encryption-at-rest, Row-Level Security, and the rest of the posture above are all activated and running against the production data path. The FAQ has the fullest picture if you want it.