Skip to content

Trust · Last updated July 5, 2026

Trust & Security

Groundwork's security posture is structural, not aspirational: the boundaries below are enforced in code, tested in the connector's suite, and monitored in production. This page states them plainly so you can evaluate them before connecting anything.

What leaves your systems, and what never does

The boundary, enforced

What requires a human

Monitoring and incident posture

Production errors, cron failures, kill-switch trips, and provisioning failures raise alerts (Sentry) that page the operator in a channel read daily; a scheduled smoke rail exercises the public and authenticated paths end to end every day. Alerts carry incident metadata, never tokens or client content. If an incident affects your data, you hear from us directly by email with what happened and what changed.

Scope, honestly

We are a small firm; there is no SOC 2 report yet, and we will not imply otherwise. What we offer instead is a short, inspectable surface: a read-only connector, structural tenant isolation, and a written account of every boundary on this page. Security questions or disclosures: joseph.scott@rarefied.earth. Subprocessors are listed in the privacy policy; procurement material (W-9, insurance, MSA/SOW process, the professional-engineering boundary) is on the vendor packet page.