> ## Documentation Index
> Fetch the complete documentation index at: https://docs.graphext.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Privacy

> The FAQs about Graphext's privacy policies, GDPR, single-tenant options, etc

### FAQs about Graphext security and privacy policies

<AccordionGroup>
  <Accordion title="Do you store any data? If so, how is it stored?">
    As a data analysis software, the user needs to transfer the data they want to analyze.
    These data is stored [encrypted at rest in Google Cloud Storag](https://cloud.google.com/storage/docs/encryption).
    The user has absolute control over these copies and can remove them at any time.
  </Accordion>

  <Accordion title="Where are you hosted? What security policies are there?">
    Our platform is hosted on Google CPD in Europe, [Belgium](https://www.google.com/about/datacenters/locations/st-ghislain/).
    You can read more about the security policies [here](https://www.google.com/about/datacenters/data-security/).
  </Accordion>

  <Accordion title="How is the information transferred between your servers and the browser? What security policies are in place?">
    Our cluster is essentially disconnected from internet with the exception  of port 443 used to serve the webpage.
    All web traffic is served through secure SSL connections (non-secure connections on port 80 are always redirected to https on port 443).
    **Private key authentication** is required for managing our cluster.

    Background processes executed by our users to do their analysis are always executed on isolated machines on a different network, so that there is no direct access to our internal systems. Nevertheless, these DBs are protected with passwords.
    Datasets are stored in a private Google Cloud Storage bucket. When serving these files to an authenticated user, a signed url only valid for a very  brief period of time is used.
    All data is encrypted at rest.
    We use **Google Cloud Audit Logs** to monitor our infrastructure.
  </Accordion>

  <Accordion title="What's your GDPR policy?">
    We have successfully went through an [audit process to be compliant with GDPR](https://drive.google.com/file/d/1g2vlsWXPjSkNNDRgsEAgpuMSQZtb4sgr/view) , you can read more about our privacy policy [here](https://www.graphext.com/legal/privacy-policy).
  </Accordion>

  <Accordion title="Can your employees see my data?">
    Only after explicit consent from the user. The access to customer data through regulated interfaces is only granted to a select group of our trained employees. The primary reasons for this are to ensure effective customer support, identify and tackle security threats, troubleshoot prospective issues, and enhance data security.

    The access is allocated based on the employee's role and every request for access is recorded. Only a handful of specific employees are granted access to the infrastructure. All our employees undergo privacy and security training at the start of their employment and regularly thereafter as a mandatory condition of their continued employment.
  </Accordion>
</AccordionGroup>