How we protect the data you bring to Groundskeeper
Groundskeeper is a project-management platform built for consultants, fractional leaders, and advisory firms running complex client work. The data you bring in — engagement notes, client context, decisions, and plans — is sensitive. This overview explains how we protect it, where it lives, and how long we keep it.
A small, deliberately chosen foundation
Groundskeeper runs on a short list of enterprise infrastructure providers. Each holds an independently audited SOC 2 Type II report, so the foundation our service runs on is held to a recognized security and operational standard.
We maintain a current subprocessor list and keep a data-processing agreement (DPA) on file with each provider. An updated subprocessor list is available to customers on request.
Protected end to end
All traffic to and within Groundskeeper is protected with industry-standard TLS encryption.
Data is encrypted at the storage layer by our database provider. Sensitive fields receive an additional application-layer encryption step before they are written, so they are protected independently of the underlying infrastructure.
Least privilege by default
Every customer's data lives behind row-level security — access is scoped to the owning workspace and enforced at the data layer, not merely in application code.
Internal and external users receive least-privilege access for their role. External collaborators see only the engagements they are assigned to, and production access is limited to authorized personnel.
How AI processing is handled
Groundskeeper uses AI to help your team capture, organize, and surface project work. That processing is performed by Anthropic, a SOC 2 Type II provider, under a commercial agreement that includes a data-processing agreement.
Under our agreement with Anthropic, customer content is never used to train or improve any model.
Content processed by our AI provider is retained for up to 30 days, then handled per the provider's standard policy.
This retention window is integral to how Groundskeeper works — the assistant relies on durable, stateful project context to do its job, so it is a functional requirement of the product rather than an optional setting. We have evaluated zero-retention configurations and they are incompatible with this core functionality. Customers may request deletion of their workspace data, including AI session history and stored project context; we action these requests manually and confirm completion.
Every change, with a reason
Status-changing actions — closing, approving, rejecting, or completing items — require an accompanying note, so the record shows not just what changed but why.
Managed and backed up
Groundskeeper runs on managed cloud infrastructure with automated database backups. Hosting and database providers each operate to a SOC 2 Type II standard for availability.
Yours to control
We maintain a privacy policy and, for customers acting as data controllers, are prepared to enter into a DPA as your processor.
Reporting a security issue
If you believe you've found a security vulnerability, email security@groundskeeperpm.com. We welcome good-faith research, acknowledge reports we receive, and ask that you give us a reasonable opportunity to investigate and remediate before any public disclosure. Please don't access or modify data that isn't yours while testing.
This overview reflects Groundskeeper's practices as of the date of publication and is provided for informational purposes. It does not constitute a certification or a contractual commitment except where incorporated into a signed agreement.