Trust centre
Security & trust
GRChub is built on Microsoft Azure with Entra ID authentication. Customer data is isolated per tenant and stored in the region you choose.
Architecture
- Frontend — Azure Static Web Apps (global CDN, TLS 1.2+)
- API — Azure Functions (managed, serverless)
- Data — Azure Cosmos DB (per-customer database)
- Identity — Microsoft Entra ID (OIDC)
Access control
Every user signs in through your identity provider. The portal exposes only the applications your account is entitled to. Admin functions (access approval, customer configuration) are restricted to designated administrators.
Data handling
- GRC register data stays in your Cosmos DB — not used for advertising or model training
- Evidence is linked to source systems (SharePoint, DMS) where possible — not duplicated unnecessarily
- Backups and retention follow Azure platform defaults; custom RPO/RTO on Enterprise plans
Sub-processors
Primary sub-processors: Microsoft Azure (hosting, database, authentication). Request the full sub-processor register at hello@grchub.io.
Contact
Security questions or DPA requests: hello@grchub.io