Skip to main content

Documentation Index

Fetch the complete documentation index at: https://grantmaster.dev/llms.txt

Use this file to discover all available pages before exploring further.

Geographic Compliance

As a platform serving NGOs worldwide, GrantMaster must adhere to strict regional data protection laws (GDPR, CCPA, etc.). This document details how we handle data residency and regional compliance.

🏗️ Regional Routing Visual

🌍 Data Residency Policy

By default, all GrantMaster data is stored in GCP Multi-Region (US). However, for organizations requiring data stay within specific borders (e.g., EU-only), we offer Managed Location Overrides:
  • Regional Clusters:
    • US Tier: Default multi-region for global performance.
    • EU Tier: Data is routed to europe-west3 (Frankfurt) for Firestore and Cloud Storage.
  • API Routing: Feature requests (like AI processing) are routed to regional endpoints where possible to avoid data crossing continental borders.

🛡️ Regulatory Framework Alignment

🇪🇺 GDPR (General Data Protection Regulation)

We provide standard DPA (Data Processing Agreements) for all EU-based tenants.
  • Right to Access: Users can export their entire tenant data as a JSON/CSV archive via the SuperAdmin panel.
  • Right to be Forgotten: See Data Retention and Offboarding.

🇺🇸 CCPA (California Consumer Privacy Act)

California-based organizations have clear opt-out rights for data sharing.
  • We do not “sell” data to third parties.
  • AI processing uses strict “Zero Data Retention” (ZDR) policies with providers where available.

🔍 PII Sanitization Logic

Before any data is sent to external LLMs (OpenAI/Anthropic), it passes through our Privacy Shield middleware:
  1. Detection: Regex and NER (Named Entity Recognition) identify names, emails, and phone numbers.
  2. Redaction: PII is replaced with placeholders (e.g., [PERSON_1], [EMAIL_1]).
  3. Re-hydration: After the AI responds, the placeholders are swapped back for the original values before being displayed to the user.

⚖️ Compliance Audits

GrantMaster undergoes quarterly internal privacy reviews. SuperAdmins can view the “Compliance Health” dashboard to monitor:
  • Encryption-at-rest status across all buckets.
  • Audit logs for PII access.
  • Status of pending data deletion requests.