As an European company we take privacy and security as our #1 priority. Our servers are located in Falkenstein in Germany.
Our code is internal reviewed, not only for correctness but also for security flaws. Additionally We periodically let external reviewers audit our systems with access to our code (white box audit). The last full audit took place at the end of July 2015.
No security by obscurity. We only use peer-reviewed encryption algorithms and implementations. Permissions to access parts of our code and infrastructure are only given to trusted developers, when needed. We instantly react to possible security problems.
All communications with our servers (this includes the homepage and chat server) are encrypted with 256-bit Secured Socket Layer (SSL). Our servers deny unencrypted HTTP or Websocket traffic. We also encrypt communication between our servers in our datacenter. This means you can use Grape in any network (even Starbucks) without worrying. You can check out our SSL rating at Qualys SSL Test.
Chats cannot be accessed by other people, nor indexed by search engines or robots, regardless of your account level.
All of our systems are protected by multiple firewalls and special access control on the network level.
The backend is built using the well known Django framework which has a track record of being very secure and reacting to vulnerabilites quickly and professionally. Django makes it hard for developers to build insecure applications. Passwords are securely stored using PBKDF2.
We backup your data every 3 hours at multiple off site locations to safeguard against an unforeseeable catastrophe.
Backups can only be accessed by two people in the company and the decryption key is stored offline in a physically secure place.