Security & Privacy
The FAQs about Graphext’s privacy policies, GDPR, single-tenant options, etc
FAQs about Graphext security and privacy policies
Do you store any data? If so, how is it stored?
Do you store any data? If so, how is it stored?
As a data analysis software, the user needs to transfer the data they want to analyze. These data is stored encrypted at rest in Google Cloud Storag. The user has absolute control over these copies and can remove them at any time.
Where are you hosted? What security policies are there?
Where are you hosted? What security policies are there?
How is the information transferred between your servers and the browser? What security policies are in place?
How is the information transferred between your servers and the browser? What security policies are in place?
Our cluster is essentially disconnected from internet with the exception of port 443 used to serve the webpage. All web traffic is served through secure SSL connections (non-secure connections on port 80 are always redirected to https on port 443). Private key authentication is required for managing our cluster.
Background processes executed by our users to do their analysis are always executed on isolated machines on a different network, so that there is no direct access to our internal systems. Nevertheless, these DBs are protected with passwords. Datasets are stored in a private Google Cloud Storage bucket. When serving these files to an authenticated user, a signed url only valid for a very brief period of time is used. All data is encrypted at rest. We use Google Cloud Audit Logs to monitor our infrastructure.
What's your GDPR policy?
What's your GDPR policy?
We have successfully went through an audit process to be compliant with GDPR , you can read more about our privacy policy here.
Can your employees see my data?
Can your employees see my data?
Only after explicit consent from the user. The access to customer data through regulated interfaces is only granted to a select group of our trained employees. The primary reasons for this are to ensure effective customer support, identify and tackle security threats, troubleshoot prospective issues, and enhance data security.
The access is allocated based on the employee’s role and every request for access is recorded. Only a handful of specific employees are granted access to the infrastructure. All our employees undergo privacy and security training at the start of their employment and regularly thereafter as a mandatory condition of their continued employment.