Security First

Data Security & Protection

Your data belongs to you — and only you. FundRobin is built on a foundation of transparency, privacy, and enterprise-grade security. We're committed to protecting your information and being clear about how it's used.

1. Your Data, Your Control

We believe your organisation's data should remain exclusively yours. Here's our commitment:

Organisation-Level Isolation

Your data is only visible to authorised users within your organisation. No one else can access it.

Complete Data Segregation

Each organisation's data is logically separated and protected with strict access controls.

No Cross-Organisation Access

Users from other organisations cannot see, access, or interact with your data — ever.

Admin Controls

Your organisation's administrators have full control over who can access what within your team.

2. AI & Machine Learning Commitment

Your data will NEVER be used to train AI or Large Language Models (LLMs).

We use AI to help you find grants and draft proposals — but your data stays yours. Here's exactly how we handle it:

  • Processing Only: AI is used solely to process your requests in real-time — matching grants, generating proposals, and answering questions.
  • No Training Data: Your proposals, organisation details, and interactions are never fed into model training datasets.
  • No Data Retention for AI: Prompts and AI outputs are not stored or used to improve models.
  • Third-Party AI Providers: Any AI providers we work with are contractually bound to the same strict data protection standards.

3. Enterprise-Grade Security

FundRobin is built for organisations that demand the highest security standards:

Industry-Standard Practices

We follow security best practices aligned with leading industry frameworks and standards.

Regular Security Audits

Our systems undergo regular third-party security assessments and penetration testing.

Enterprise-Ready Infrastructure

Built on secure, scalable cloud infrastructure with redundancy and high availability.

Data Retention Controls

Customisable data retention policies to meet your organisation's compliance requirements.

4. Data Encryption

Encryption at Rest

  • Provider-backed encryption at rest for stored application data
  • Encrypted database storage with managed key handling
  • Secure backup encryption with geographically distributed storage
  • All data encrypted at the storage layer by default

Encryption in Transit

  • TLS 1.2/1.3 encryption for all data transmission
  • Secure API endpoints with enforced HTTPS
  • Secure WebSocket connections for real-time features
  • Certificate management handled automatically

5. Infrastructure Security

Managed infrastructure security: FundRobin uses established cloud and database providers that publish their own security controls and compliance documentation.

Cloud Security

  • Hosted on managed cloud and database infrastructure
  • Network segmentation and firewall protection
  • DDoS protection and intrusion detection systems
  • Regular security patches and vulnerability assessments
  • Row Level Security (RLS) ensuring data isolation at the database level

Access Controls

  • Multi-factor authentication (MFA) for all system access
  • Role-based access control (RBAC) with principle of least privilege
  • Automated account provisioning and de-provisioning
  • Regular access reviews and permissions auditing
  • Platform audit logs for security monitoring and compliance

6. Data Privacy & Minimisation

  • Data minimisation - we only collect what's necessary for our services
  • Pseudonymisation and anonymisation techniques where applicable
  • Regular data retention policy reviews and automated deletion
  • Privacy by design approach in all system development
  • Data processing impact assessments for new features

7. Monitoring & Incident Response

24/7 Monitoring

  • Real-time security event monitoring and alerting
  • Automated threat detection and response systems
  • Security Information and Event Management (SIEM)
  • Regular penetration testing and vulnerability scans

Incident Response

  • Documented incident response procedures and playbooks
  • Dedicated security incident response team
  • Breach notification procedures compliant with GDPR requirements
  • Regular incident response drills and testing

8. Employee Security & Training

  • Comprehensive security background checks for all staff
  • Regular security awareness training and phishing simulations
  • Confidentiality agreements and data handling policies
  • Secure development lifecycle (SDLC) training
  • Code review processes and security testing protocols

9. Data Backup & Recovery

Backup Strategy

  • Managed backups and recovery controls provided by the hosting stack
  • Encrypted backups stored in geographically separate locations
  • Point-in-time recovery capabilities
  • Regular backup integrity testing and validation

Business Continuity

  • Disaster recovery plan with defined RTO/RPO objectives
  • Redundant infrastructure across multiple availability zones
  • Regular disaster recovery testing and simulations
  • Availability monitoring and provider-backed recovery processes

10. Security Contact

Security Issues:

security@fundrobin.com

Data Protection:

privacy@fundrobin.com

We take security seriously. If you discover a security vulnerability, please report it responsibly through our dedicated security contact. We appreciate responsible disclosure and will work with you to address any issues promptly.