Seedwork
Technical brief · For IT & security

A real platform that fits into your environment.

Seedwork is an AI-native platform for nonprofits. This brief covers the questions your IT team will ask: how identity works, how your data is isolated, how it connects to the tools you already run, and why this is meaningfully different from a general-purpose AI chatbot.

01Platform posture

Built like enterprise software, from day one.

The architecture choices were made with your IT review in mind, not after.

Multi-tenant by design

Every customer has an isolated tenant inside a single Postgres database. Row-level security enforces the boundary at the data layer, not at the API. There is no path to another organization's data, even by mistake.

SOC 2 in progress

SOC 2 Type I is in progress, targeting completion in advance of public launch. We are happy to share progress detail and our compliance roadmap under NDA with your security team.

Encrypted, monitored, backed up

TLS 1.2+ in transit. Encryption at rest in Postgres and managed storage. Sensitive credentials encrypted with AES-256-GCM. Daily backups with point-in-time recovery. Real-time error monitoring with on-call alerting.

Audit trails

Every grant status change, document upload, AI draft, and admin action is logged with user, timestamp, and context. Activity logs are scoped to your organization and visible to your admins.

Role-based access control

Four roles (admin, manager, member, viewer) enforced server-side, not just hidden in the UI. Admins manage roles, invitations, and removals through a built-in admin console.

Tested on every change

Automated tests run on every code change before it ships: API contract tests, organization isolation tests, end-to-end browser tests across all four user roles. Nothing reaches production without passing.

None of this is unusual for enterprise SaaS. It is unusual for software built for the nonprofit middle market, where the alternatives are either heavyweight legacy systems with implementation consultants attached, or lightweight tools that never thought about security at all. Seedwork is built to the standard your IT team would expect from any modern B2B platform.

02Identity & access

Security and control, in your hands.

Your staff sign in with the providers you already run. Your admins decide who can do what. Both pieces are built into the product, not bolted on behind a vendor back-end.

Single sign-on

Sign in with the providers you already run.

Your staff use their existing work accounts. We never store passwords for them. Sessions are 30-day rolling, HTTPS-only, and configurable per organization.

  • Microsoft Entra ID (Azure AD)
    Multi-tenant Microsoft 365. Organizational and personal accounts.
    Live
  • Google Workspace
    Google OAuth for organizations on Workspace.
    Live
  • SAML 2.0
    Okta, OneLogin, Azure AD in SAML mode, and similar.
    Coming soon
  • Magic-link fallback
    For accounts without an SSO-eligible address. Disable per org.
    Live
Role-based access

Your admins decide who can do what.

Four roles, enforced server-side, not just hidden in the UI. The admin console is a built-in product surface inside the app, not a back-end the vendor controls.

  • AdminOrg, users, billing, exports
  • ManagerPipeline, drafts, team members
  • MemberDraft and edit assigned grants
  • ViewerRead-only access
  • Invite, change roles, and remove members in-app
  • Enforcement at the API, not the UI
  • Every admin action logged with user, timestamp, and context
03Why this isn't a chatbot

Purpose-built AI is a different product than a chatbot.

Loading documents into a chat project is storage, not context management. Seedwork is built on a different premise: the model should never see a blank page. One prompt pulls in pages of the right organizational context, automatically.

Generic AI

A chat prompt, and a model.

Input

Help me write the project narrative for our workforce development expansion grant…

What it adds · generic web research, in a generic register

Model

Model

Output

Our organization is committed to advancing economic opportunity through evidence-based workforce development programs that address the diverse needs of low-income job seekers. By leveraging proven models and best practices from across the field, we will deliver comprehensive wrap-around supports that improve measurable outcomes for participants…

A plausible paragraph. Could be any nonprofit.

Seedwork

Pages of your context, assembled per prompt.

Input

Help me write the project narrative for our workforce development expansion grant…

Enrichment

  • Voice rules
  • Grant strategy
  • Snippets
  • Knowledge chunks
  • Section rubric
  • Anti-patterns

Model

Modelsame step. context is the difference.

Output

Our workforce model places case-managed cohorts into paid apprenticeships within 30 days of intake — the speed of placement, not the length of training, is what holds people through. Across the last three cohorts, 78% of participants remained employed at 12 months, with a median wage gain of $7.40 per hour. The proposed expansion will scale this model to three additional sites in adjacent counties, building on our regional impact study and the workforce board's published priorities for the coming biennium…
SnippetChunkModel prose

Generic AI, versus Seedwork.

Same task, two architectures. Row by row, what changes.

Context per request

Generic AI

Whatever you paste, or whatever sits in a project folder you curate by hand. The tool does not decide what is relevant.

Seedwork

Pages of structured context, assembled automatically: voice rules, canonical snippets, relevant passages, funder research, financials, relationship history.

Source material

Generic AI

Training data, plus whatever you upload. You manage the library and the searching.

Seedwork

Your own documents, searchable and ranked. The system finds the relevant passages so your staff do not have to.

Voice anchoring

Generic AI

None. Every session starts blank, drifts toward a consultant-flavored register.

Seedwork

Your team's own canonical paragraphs retrieved by category and similarity, placed in every draft alongside voice rules and anti-patterns.

Model selection

Generic AI

One model per conversation, picked by the user.

Seedwork

Multiple frontier models routed automatically by task, tuned for quality and cost.

Data handling

Generic AI

Varies by tier. Enterprise plans usually do not train on your data, consumer plans may, and your team has to track which is which.

Seedwork

Your data stays in your tenant. Never used to train models, never shared with the AI provider for training. Configurable retention.

Workflow

Generic AI

Free-form chat. The user is the orchestrator.

Seedwork

A real workflow: pipeline tracking, deadline orchestration, version history, exports, audit trails. Chat is one feature, not the whole product.

Permissions

Generic AI

Per account.

Seedwork

Per organization, with role-based access control. An admin controls who can do what.

04What being a build partner means

A two-way relationship, not a sales pitch.

From you

  • 01

    Real usage and honest feedback

    We need your team to use the product on real grants and tell us what is broken, confusing, or missing. The kind of feedback you would give a peer organization that built a tool you find useful.

  • 02

    An IT champion

    One person on your team willing to be the security and integrations point of contact. We want to make sure the platform fits your environment, not the other way around.

From us

  • 01

    Direct access to the team

    A private channel with the engineering and product team. Bug fixes typically ship same-day or next-day. Feature requests are evaluated on the actual roadmap, not slotted into a queue.

  • 02

    Roadmap influence

    A meaningful voice in the product roadmap during the period when that voice moves the product the most.

05Transparency

What we're not pretending to have yet.

If we don't tell your IT team what's still in flight, they will reasonably assume we are hiding something. Here is the current state, plainly.

  • SOC 2

    Type I is in progress, targeting completion ahead of public launch. We are happy to share our compliance roadmap and current control inventory under NDA.

  • Third-party pentest

    Not yet completed. Planned ahead of public launch. We have internal isolation tests that run on every code change, but an external assessment is the right next step and we know it.

  • SAML 2.0

    Not yet live. Microsoft Entra and Google OAuth cover the majority of nonprofit IdP setups today. SAML support is queued. Build partners with this requirement get prioritized.

  • Storage integrations

    SharePoint and Google Drive sync are roadmap items, not shipped. Today, document upload is direct into Seedwork's encrypted storage. Build partners get a vote in which integration ships first.

  • Cohort size

    We are early. Joining as a build partner means joining a small group, with the access and influence that implies.

For your IT lead

See it on your own grants.

Book a 30-minute working session with the team and bring your IT lead. We will walk the security posture, the integrations that matter to you, and the parts still in flight.

Book a working session