Read the security briefing
Learn how we configure Supabase policies, manage keys, and handle incident response in detail.
Read briefingSecurity & GDPR hub
Grewp was designed for EU community teams that need friendly tooling and serious privacy controls. These notes summarise our technical commitments and link to deeper documentation.
Key protections
- Supabase row-level security enforced on every table with ownership checks.
- Managed encryption using pgcrypto for sensitive supporter data.
- EU-only hosting, backups, and observability with 24 hour incident response targets.
- Quarterly access reviews plus mandatory MFA for administrators.
Complete the DPIA
Copy our DPIA template and customise it for your organisation before rollout.
Use templateNeed more detail?
Contact privacy@grewp.app to schedule a security review call. We will walk through our Supabase configuration, logging strategy, and discuss data processing agreements tailored to your council or charity.