Security is of utmost concern to us at Graph Story. Here are some of the policies we implement to keep your data secure.

Standard procedures and policies

  • All instances run an OS-level firewall that restricts incoming connections to a small set of ports required for operation
  • On hosting providers that support it, security rules additionally restrict incoming connections to a small set of ports required for operation
  • SSH access is not allowed except by the Graph Story team
  • All authentication is key-based
  • We do not access customer-owned data unless given the go-ahead by the customer, or absolutely required to address critical issues
  • Query logging is not enabled, and queries are not recorded, unless requested by the customer for addressing performance issues
  • All connections in and out of machines are made over encrypted connections using TLS or SSH
  • Intrusion detection and prevention tools monitor attempts to access systems and ban repeated attempts
  • Daily, weekly, and monthly backups are automatically created and stored
  • We use a variety of tools to track vulnerabilities, and proactively apply OS and application patches as needed
  • The Graph Story console supports multi-factor authentication

Optional procedures (on request)

  • We can store backups in a customer-controlled S3 bucket, with optional server-side encryption
  • Premium and Enterprise customers can request their own New Relic account to monitor system activity and set-up custom alerts
  • Enterprise customers can request logs be segregated from our standard log aggregation service, and stored separately
  • Enterprise customers can request the use of encrypted EBS volumes, if AWS is used as the hosting provider
  • For additional cost, customers can request their instances be hosted within an VPC or similar that they control
  • Premium and Enterprise customers can request custom network access rules, including limiting all access to a whitelist of IPs

Contact us if you'd like to discuss our security policies and procedures in more depth.

Did this answer your question?