Trust and coverage

Security, coverage, and launch readiness

One trust packet for security, procurement, finance, and ops: encryption details, Okta SSO role mapping, processor boundaries, and the exact markets, methods, and entity types your first rollout covers.

Trust packetCoverage reviewProcurement alignment

Request the trust packet See policies

Review packet

Data handlingattached

Coverage fitattached

Control gatesattached

Launch assumptions visible before onboarding

Security

Data flow mapped

Coverage

Launch fit confirmed

Access

Role model attached

Procurement

Packet ready

Capabilities

Trust review built around your launch lane

Security packet ready on day one

Architecture diagram, encryption details, Okta role mapping, and data-flow boundaries assembled for your launch lane. Reviewers start from the same brief.

Coverage confirmed before you commit

Markets, entity types, payout methods, and currency corridors checked upfront. You see exactly what your first rollout covers.

KYB and verification gates listed during scoping

W-9, W-8BEN, sanctions screening, and identity checks listed before onboarding starts. No surprise document requests three weeks in.

One packet for security, procurement, finance, and ops

All four teams review from the same packet. Lanes split where needed. The workflow context stays shared across stakeholders.

US states covered

Via licensed partners

Day 1

Trust packet

Delivered under NDA

Audit-ready

Exports

Every transaction

Partner-regulated regions

US, EU, UK, AU

Six areas your security team reviews first

Encryption and storage

AES-256 at rest, TLS 1.3 in transit. PII sits in isolated vaults with TTL-based deletion. The trust packet lists exact retention windows.

Access controls via Okta or Azure AD

Role-based access tied to your IdP. Define who approves payouts, who exports journals to NetSuite, and who retries failures. Least-privilege enforced per endpoint.

Processor boundaries

Card numbers never touch Gruv servers. Payment data stays with PCI-certified processors. Gruv keeps the operational record your finance team exports.

Immutable audit trail

Every state change, approval, retry, and export logged with actor, timestamp, and IP. Pull the full event history for any transaction in one API call.

KYB and identity verification

W-9, W-8BEN, sanctions screening, and identity checks scoped to your exact launch lane. Requirements surface before onboarding starts.

Payout release controls

Four-eyes approval, velocity limits, and exception holds fire before the payout instruction goes out. Configure thresholds per corridor, entity type, or payout method.

Built for the rollout question

Trust evidence scoped to your launch lane

Evidence scoped to your workflow

Each artifact names the launch lane it covers. Reviewers see which controls apply to their data. Owners and methods documented before implementation starts.

Coverage confirmed with constraints upfront

Market map carries entity-type, W-8BEN/W-9, and method requirements. Currency and document rules surface during scoping. Approval requirements documented per market.

Security review tied to real operations

Okta role mapping, retry paths, and export controls reviewed alongside the workflow. Exception handling lives in the security packet so gaps surface early.

Capabilities

Coverage confirmed for your launch lane

Markets confirmed by name

Each launch lane lists the supported countries, currencies, and entity types. You see the exact coverage your first workflow depends on.

ACH, SEPA, Wire, and push-to-card mapped to your flow

Payout methods mapped to the specific corridor and workflow you are launching. Settlement speeds and method availability confirmed during scoping.

W-9, W-8BEN, and local docs listed per jurisdiction

Required tax forms, identity proofs, and registration documents listed per supported country before scoping freezes.

Approval chain documented per market

Four-eyes thresholds, dual-control requirements, and reviewer ownership documented per corridor so launches never surface rules late.

Review rollout

Run the review in the order your stakeholders expect

Define the launch lane first

Name your first workflow, markets, entity types, payout methods, and reviewer owners before collecting security questions.

Attach evidence to each question

Keep data-flow diagrams, processor boundaries, Okta role mappings, and NetSuite export samples tied to the reviewer ask they answer.

Close open assumptions before implementation

Track which items are approved, which need NDA materials, and which require follow-up. Resolve every blocker before engineering starts.

What each side brings to a faster review

From Gruv

What we share on day one

Architecture diagram: data flow, encryption boundaries, and storage regions
Access control model: Okta/Azure AD role mapping, least-privilege matrix
Processor boundary doc: what touches PCI-certified partners vs. Gruv servers
KYB checklist for your launch lane: documents, screening, and approval steps
Subprocessor list, data retention schedule, and DPA template
Sample exports: payout journal, reconciliation file, and webhook payloads

All materials shared under mutual NDA. Packet delivered within one business day of request.

From your team

What we need from your team

Launch markets, currencies, and entity types (e.g., US contractors in USD)
Primary flow: collections, payouts, or both
Preferred payout methods (bank, wallet, card push, USDT)
Your vendor questionnaire or security checklist (CAIQ, SIG, or custom)
Names of stakeholders across procurement, security, finance, and ops
Expansion plans for phase two (new markets, methods, or entity types)

Request the trust packet

Policies and deeper resources

Pages your procurement team opens next

Privacy policy

What data Gruv collects, where it lives, and how long it stays.

Sub-processors

Every third party that touches your data, listed by name, purpose, and region. 30-day change notice included.

Payment rails

Bank transfer, wallet, card push, and USDT coverage mapped by currency corridor and settlement speed.

Misclassification coverage

Policy-backed indemnity for contractor engagements with per-worker quotes and carrier opt-in.

HIPAA and PCI scope

Card numbers stay with PCI-certified processors. PHI exclusions and PCI-DSS boundaries fully documented.

Terms of service

Platform terms, liability boundaries, and acceptable-use responsibilities.

Integrations

REST APIs, Slack webhooks, Workday CSV imports, and NetSuite journal exports.

Payouts

Compliance-gated batch runs with four-eyes approval and audit trail export.

Virtual accounts

Dedicated account numbers for automated reconciliation by client or project.

Pricing

Per-transaction pricing. No platform fees, no minimums, volume tiers available.

Frequently Asked Questions

How do you confirm our launch markets are covered?+

Tell us your markets (e.g., US, UK, Germany), entity types (contractors, freelancers, vendors), and preferred payout methods. We confirm coverage, flag gaps, and return a scoped answer within one business day.

Can we get security and architecture docs during evaluation?+

Yes. We share the full trust packet under NDA on day one: architecture diagram, encryption details, Okta role-mapping matrix, subprocessor list, and sample exports. No waiting until contract signature.

Are KYB requirements the same for every customer?+

No. A US-only contractor program needs W-9 collection. A multi-country vendor payout adds W-8BEN and local bank verification. We scope requirements to your exact markets and list them before onboarding begins.

What should our team prepare before requesting the trust packet?+

Launch markets and currencies, payee types, preferred payout methods, your vendor questionnaire (CAIQ, SIG, or custom), and the names of stakeholders across security, procurement, finance, and ops.

Can we expand coverage after launch?+

Yes. Launch with US contractors in USD, then add EU freelancers in EUR next quarter. Each expansion gets its own coverage confirmation and onboarding checklist before it goes live.

Does this replace our procurement review?+

It makes procurement faster. The trust packet pre-answers 80% of a typical CAIQ or SIG questionnaire. Your procurement team still decides what evidence they need for final sign-off.

Get the trust packet and confirm coverage today

Request the trust packet under NDA, confirm your launch markets and methods are covered, and hand procurement a pre-filled questionnaire. Most teams get answers within one business day.

Book a demo Read the docs

We map your coverage scope before any contract is signed.