This page explains the security practices we use to help protect Grab The Fund, including account access, data handling, monitoring, and incident response.

We continuously improve our protections as the platform grows.

1. Security Program

• We use administrative, technical, and organizational safeguards designed to protect platform data.
• Our controls are intended to reduce risk, but no system can be guaranteed to be completely secure.
• We review access and operational practices as the platform evolves.

2. Access Control

• Sensitive operations are restricted to authorized users and service accounts with least-privilege access.
• We use authentication and session controls to help protect accounts from unauthorized use.
• Access to production systems is limited and monitored where appropriate.

3. Data Protection

• We protect data in transit using transport-layer security where supported.
• We use secure storage practices and monitor critical data paths for misuse or degradation.
• Backups and recovery procedures are maintained to support service continuity.

4. Monitoring and Incident Response

• We monitor for suspicious behavior, service abuse, and operational anomalies.
• When we identify a potential incident, we investigate, contain, and remediate it as quickly as practical.
• If a material incident affects your data, we will notify impacted users as required by law.

5. Vulnerability Management

• We expect to patch and rotate infrastructure components as needed to keep dependencies current.
• We evaluate reported vulnerabilities and prioritize fixes based on impact and exposure.
• You can help by reporting security concerns promptly instead of publicly disclosing them first.

6. Third-Party Dependencies

• Some parts of the platform depend on third-party providers for hosting, authentication, analytics, or integrations.
• We assess those providers based on the role they play in the service and the data they process.
• Your use of those services may be governed by separate security and privacy terms.

7. How to Report a Security Concern

• If you believe you found a security issue, contact us with enough detail to reproduce and assess the problem safely.
• Please avoid destructive testing, public disclosure before remediation, or access beyond what is necessary to demonstrate the issue.
• We will review credible reports and work toward a timely resolution.