No files are stored on Grackle systems which are hosted on GCP. Temporary files are created and immediately deleted upon completion and therefore only reside on a system for a few seconds.
The systems that perform these conversions and host temporary files can only be accessed by authorized system administrators. Access to all systems is tracked and logged. All Access logs (audit logs) are pushed to DataDog which Grackle utilizes for several Security capabilities including Application Security (Intrusion Detection and Prevention), Posture Management, Workload Security and Cloud SIEM.
Grackle also has a third party Penetration Test performed by HackerOne.