Security is of utmost concern to us at Graph Story. Here are some of the policies we implement to keep your data secure.

Standard procedures and policies

  • All instances run an OS-level firewall that restricts incoming connections to a small set of ports required for operation

  • On hosting providers that support it, security rules additionally restrict incoming connections to a small set of ports required for operation

  • SSH access is not allowed except by the Graph Story team

  • All authentication is key-based

  • We do not access customer-owned data unless given the go-ahead by the customer, or absolutely required to address critical issues

  • Query logging is not enabled, and queries are not recorded, unless requested by the customer for addressing performance issues

  • All connections in and out of machines are made over encrypted connections using TLS or SSH

  • Intrusion detection and prevention tools monitor attempts to access systems and ban repeated attempts

  • Daily, weekly, and monthly backups are automatically created and stored

  • We use a variety of tools to track vulnerabilities, and proactively apply OS and application patches as needed

  • The Graph Story console supports multi-factor authentication

Optional procedures (on request)

  • We can store backups in a customer-controlled S3 bucket, with optional server-side encryption

  • Premium and Enterprise customers can request their own New Relic account to monitor system activity and set-up custom alerts

  • Enterprise customers can request logs be segregated from our standard log aggregation service, and stored separately

  • Enterprise customers can request the use of encrypted EBS volumes, if AWS is used as the hosting provider

  • For additional cost, customers can request their instances be hosted within an VPC or similar that they control

  • Premium and Enterprise customers can request custom network access rules, including limiting all access to a whitelist of IPs

Contact us if you'd like to discuss our security policies and procedures in more depth.

Did this answer your question?