Document updated on Feb 3, 2014.
Grapple uses Microsoft Azure platform to host the application, database, and emails. Here is the link to the document on Microsoft Azure security straight from MS website:
All the data transmitted to our servers is written to multiple disks and is backed up on a daily basis. Files uploaded within the application are stored on servers that use precautions for bottle necks, points of failure, and unauthorized access.
Grapple uses SSL for all the user interaction with the application, so the information in transit between your computer and our servers is encrypted and sent using HTTPS.
Grapple uses Paypal to acquire, store, and process your billing information. Paypal passes Grapple the only information needed by our systems – whether the payment went through!
Your credit card information is transmitted, stored, and processed (by Paypal) securely on a PCI-Compliant network.
Grapple uses redundant servers on Microsoft Azure to make sure that you have access to your content and data in case of server failure.
Every Grapple employee signs a Data Access Policy that binds them to the terms of our data confidentiality policies. Access rights are based on employee’s need to access the data for the purpose of maintaining Grapple service to its users.
Our customer support personnel don’t have access to your content and data. They only have access to your signup and subscription information. For this reason, they will ask you to provide complete details and screen shots of problems that you are facing to diagnose the problem.
Grapple lets each user decide the access to the portfolios, projects and tasks created by them.
For each user interaction with the application, Grapple authenticates the user access to the resource being asked for, including user interaction with specific tasks via emails.