Privacy Policy

Granite is a permanent vault for the documents that matter to you. We built it on the assumption that your archive should outlive the company holding it, and that you should be able to take everything with you at any time.

This policy explains exactly what we collect, why we collect it, and how we protect it.

What we collect

Account data. When you create an account we collect your email address and (optionally) your name. We never sell, rent, or advertise against this data.

Documents you upload. Every file you upload is encrypted with per-upload envelope encryption on our servers and stored as ciphertext in our blob storage. We extract structured metadata (document type, dates, vendor names, key values) so the vault can be searched — that metadata is also stored encrypted at rest in our database, with the exception of a full-text index, vector embeddings, and a sort key required to power search and library ordering (see security for details).

Usage telemetry. We log technical events (uploads, searches, errors) so we can keep the service running. User-typed strings that could reconstruct private content — including search queries, magic-link and password-reset tokens — are redacted from request logs before they are written.

How we encrypt your archive

Every uploaded file is wrapped with per-upload envelope encryption using AES-256-GCM. The data-encryption key (DEK) is itself wrapped with a per-user key-encryption key (KEK) derived from a master KEK held only in our infrastructure. The bytes stored in object storage are always ciphertext. Decryption happens on our servers, only for requests authenticated as you.

Subprocessors

Granite uses a small number of third-party services to operate. Each one is bound by a data-processing agreement.

• Hosting & background jobs — Railway (compute), Cloudflare R2 (encrypted blob storage)
• Database — Neon (managed Postgres)
• Document understanding — Google Vertex AI (Gemini, for OCR, classification, and extraction of structured metadata)
• Title & summary generation — Anthropic (Claude, for short titles and document summaries)
• Semantic search — Voyage AI (vector embeddings and rerank)
• Email delivery — Resend (transactional email)
• Error monitoring — Sentry (errors only, no document content)

Each of the AI providers above receives only the data needed for their specific call (raw PDF bytes, extracted page text, or a generated summary); we do not opt them into model training, and we cache their responses encrypted at rest in our database so we don't re-send the same content. When this list changes, we update this page. (We will publish a dedicated subprocessors page with versioned history before launch.)

How long we keep it

Your documents are retained for as long as your account is active. When you delete a document it is removed from search immediately and purged from cold storage on a regular schedule. When you delete your account every byte we hold about you is purged within thirty days.

Your rights

You can export your entire archive — original files plus extracted metadata — at any time. You can delete any document or your whole account at any time. If you are in the EU, UK, or California you have additional rights to access, correct, or restrict the processing of your personal data; email us and we will help.

Contact

For any privacy question, write to privacy@granite.co.