Security First

Data Security & Protection

Your data belongs to you — and only you. FundRobin is built on a foundation of transparency, privacy, and enterprise-grade security. We're committed to protecting your information and being clear about how it's used.

1. Your Data, Your Control

We believe your organization's data should remain exclusively yours. Here's our commitment:

organization-Level Isolation

Your data is only visible to authorised users within your organization. No one else can access it.

Complete Data Segregation

Each organization's data is logically separated and protected with strict access controls.

No Cross-organization Access

Users from other organisations cannot see, access, or interact with your data — ever.

Admin Controls

Your organization's administrators have full control over who can access what within your team.

2. AI & Machine Learning Commitment

Your data will NEVER be used to train AI or Large Language Models (LLMs).

We use AI to help you find grants and draft proposals — but your data stays yours. Here's exactly how we handle it:

  • Processing Only: AI is used solely to process your requests in real-time — matching grants, generating proposals, and answering questions.
  • No Training Data: Your proposals, organization details, and interactions are never fed into model training datasets.
  • No Data Retention for AI: Prompts and AI outputs are not stored or used to improve models.
  • Third-Party AI Providers: Any AI providers we work with are contractually bound to the same strict data protection standards.

3. Enterprise-Grade Security

FundRobin is built for organisations that demand the highest security standards:

Industry-Standard Practices

We follow security best practices aligned with leading industry frameworks and standards.

Regular Security Audits

Our systems undergo regular third-party security assessments and penetration testing.

Enterprise-Ready Infrastructure

Built on secure, scalable cloud infrastructure with redundancy and high availability.

Data Retention Controls

Customisable data retention policies to meet your organization's compliance requirements.

4. Data Encryption

Encryption at Rest

  • AES-256 encryption for all stored data
  • Encrypted database storage with automatic key management
  • Secure backup encryption with geographically distributed storage
  • All data encrypted at the storage layer by default

Encryption in Transit

  • TLS 1.2/1.3 encryption for all data transmission
  • Secure API endpoints with enforced HTTPS
  • Secure WebSocket connections for real-time features
  • Certificate management handled automatically

5. Infrastructure Security

Powered by SOC 2 Type II Compliant Infrastructure: Our data is hosted on Supabase, which undergoes regular third-party security audits and maintains SOC 2 Type II compliance.

Cloud Security

  • Hosted on enterprise-grade, SOC 2 Type II compliant infrastructure
  • Network segmentation and firewall protection
  • DDoS protection and intrusion detection systems
  • Regular security patches and vulnerability assessments
  • Row Level Security (RLS) ensuring data isolation at the database level

Access Controls

  • Multi-factor authentication (MFA) for all system access
  • Role-based access control (RBAC) with principle of least privilege
  • Automated account provisioning and de-provisioning
  • Regular access reviews and permissions auditing
  • Platform audit logs for security monitoring and compliance

6. Data Privacy & Minimisation

  • Data minimisation - we only collect what's necessary for our services
  • Pseudonymisation and anonymisation techniques where applicable
  • Regular data retention policy reviews and automated deletion
  • Privacy by design approach in all system development
  • Data processing impact assessments for new features

7. Monitoring & Incident Response

24/7 Monitoring

  • Real-time security event monitoring and alerting
  • Automated threat detection and response systems
  • Security Information and Event Management (SIEM)
  • Regular penetration testing and vulnerability scans

Incident Response

  • Documented incident response procedures and playbooks
  • Dedicated security incident response team
  • Breach notification procedures compliant with GDPR requirements
  • Regular incident response drills and testing

8. Employee Security & Training

  • Comprehensive security background checks for all staff
  • Regular security awareness training and phishing simulations
  • Confidentiality agreements and data handling policies
  • Secure development lifecycle (SDLC) training
  • Code review processes and security testing protocols

9. Data Backup & Recovery

Backup Strategy

  • Automated daily backups with 30-day retention
  • Encrypted backups stored in geographically separate locations
  • Point-in-time recovery capabilities
  • Regular backup integrity testing and validation

Business Continuity

  • Disaster recovery plan with defined RTO/RPO objectives
  • Redundant infrastructure across multiple availability zones
  • Regular disaster recovery testing and simulations
  • 99.9% uptime SLA with failover capabilities

10. Security Contact

Security Issues:

security@fundrobin.com

Data Protection:

privacy@fundrobin.com

We take security seriously. If you discover a security vulnerability, please report it responsibly through our dedicated security contact. We appreciate responsible disclosure and will work with you to address any issues promptly.