Security is of utmost concern to us at Graph Story. Here are some of the policies we implement to keep your data secure.
Standard procedures and policies
All instances run an OS-level firewall that restricts incoming connections to a small set of ports required for operation
On hosting providers that support it, security rules additionally restrict incoming connections to a small set of ports required for operation
SSH access is not allowed except by the Graph Story team
All authentication is key-based
We do not access customer-owned data unless given the go-ahead by the customer, or absolutely required to address critical issues
Query logging is not enabled, and queries are not recorded, unless requested by the customer for addressing performance issues
All connections in and out of machines are made over encrypted connections using TLS or SSH
Intrusion detection and prevention tools monitor attempts to access systems and ban repeated attempts
Daily, weekly, and monthly backups are automatically created and stored
We use a variety of tools to track vulnerabilities, and proactively apply OS and application patches as needed
The Graph Story console supports multi-factor authentication
Optional procedures (on request)
We can store backups in a customer-controlled S3 bucket, with optional server-side encryption
Premium and Enterprise customers can request their own New Relic account to monitor system activity and set-up custom alerts
Enterprise customers can request logs be segregated from our standard log aggregation service, and stored separately
Enterprise customers can request the use of encrypted EBS volumes, if AWS is used as the hosting provider
For additional cost, customers can request their instances be hosted within an VPC or similar that they control
Premium and Enterprise customers can request custom network access rules, including limiting all access to a whitelist of IPs
Contact us if you'd like to discuss our security policies and procedures in more depth.