Tensor AnalyticsTM
Legal

Security & Trust Center

How GrepEye protects your operational data, enforces access controls, and maintains auditability for enterprise manufacturing teams.

Last updated: July 10, 2026

Overview

Tensor Analytics builds GrepEye for mid-market manufacturers and distributors who cannot afford planning data leaks, unaudited changes, or compliance gaps. Security is structural, not a feature toggle.

This Trust Center summarises how we protect customer data, enforce access controls, and maintain auditability across the planning lifecycle.

Architecture & isolation

  • Multi-workspace isolation: Each customer or business unit operates in a separate workspace. Data does not cross workspace boundaries.
  • Role-based access control (RBAC): Permissions are scoped to datasets, forecasting, demand, supply, IBP cycles, scenarios, audit logs, and admin functions. Roles are assigned per user per workspace.
  • Human-in-the-loop AI: AI agents propose actions; planners approve or reject. Every write action requires explicit human approval.

Audit trail & ledger

  • Full audit trail: Every create, update, delete, and approve action is logged with actor, timestamp, resource ID, and event type.
  • Append-only ledger: Operationally significant events post ledger entries with idempotency keys for reconciliation and investigation.
  • Exportable logs: Audit logs are queryable and exportable for compliance review and board packs.

Encryption & data handling

  • In transit: TLS 1.2+ for all connections between clients and services.
  • At rest: Data encrypted at rest using AES-256 (cloud provider managed).
  • Data residency: Workspace-level residency controls available for regional compliance requirements.
  • Retention: Configurable data retention policies per workspace via config packs.
  • Connector health: Sync failure rates are monitored; high failure rates surface as supply risk exceptions before data goes stale.

Compliance roadmap

GrepEye is designed for regulated industries including pharma, medical devices, and food & beverage manufacturing. Our compliance posture:

  • DPDP Act (India): Privacy practices aligned with India's Digital Personal Data Protection Act. Grievance contact: info@tensoranalytics.ai
  • GDPR / ePrivacy: Cookie consent with analytics opt-in; data processing agreements available on request.
  • CCPA / CPRA: California privacy rights supported. See our Privacy Policy.
  • EU AI Act readiness: Human-in-the-loop controls and audit trails support high-risk AI system governance requirements.
  • SOC 2 Type II: On our compliance roadmap for enterprise pilots. Contact teams@tensoranalytics.ai for current status.

Subprocessors

We use the following categories of subprocessors to operate tensoranalytics.ai and GrepEye:

  • Cloud hosting: Vercel (application hosting, US/EU regions)
  • Analytics: Google Analytics 4 (consent-gated, anonymised IP)
  • Form processing: Google Sheets API (lead capture, service account scoped)

A full subprocessor list and DPA are available on request for enterprise customers.

Vulnerability disclosure

If you discover a security vulnerability, please report it to info@tensoranalytics.ai with the subject line "Security Disclosure". We aim to acknowledge reports within 2 business days.

Questions about this policy?

Contact our privacy team. We respond within one working day.