Security is the way the software is built — not a checkbox.
Because the institution holds its own data, the most sensitive information never leaves the building. Everything else is engineered to the same standard.
Customer-controlled storage
Portfolio data lives in the institution's own environment with on-device restore points. Granite Hall holds licensing and billing metadata only — never your book.
Encrypted local storage
Data on the device is encrypted at rest, so a lost or stolen machine does not become a disclosed portfolio.
Code-signed installers
Desktop builds are code-signed, so IT can verify exactly what they are installing and where it came from.
Hardened headers
The web surface ships with a hardened header policy — strict transport security, content-type and frame protections, and a tight content-security policy.
Least-privilege access
Internal access follows least privilege: the minimum each role needs, and no standing access to customer environments.
Immutable audit trail
An append-only audit trail records changes inside the product, giving examiners and controllers a defensible record.
Found something? Tell us.
We welcome reports from security researchers and customers. If you believe you have found a vulnerability in a Granite Hall product or surface, contact us directly and we will respond.
security@granitehallsolutions.com
Please include affected product, version, and steps to reproduce. Do not include live customer data in your report.
Granite Hall Solutions is an early-stage company and does not yet hold third-party attestations such as SOC 2. We're glad to walk through our architecture and controls and to complete security questionnaires directly — write to hello@granitehallsolutions.com.
We are built to answer them.
Vendor assessments, architecture questions, data-residency confirmation — reach out and we will walk you through it.