GraphCMS Security & Compliance

GraphCMS is an enterprise-ready Headless CMS, well equipped to scale, compliant with regulations, and secure.

Security and Compliance measures

GraphCMS delivers on enterprise expectations, enabling teams to successfully take digital projects to market globally

View our regularly updated security report on Drata

Robust and scalable infrastructure

Your data will be securely hosted on ISO 27001 certified and SOC2 compliant data centers. All content is encrypted by SSL in transit with 256 Bit (AES-256). Sensitive data is also encrypted by SSL at rest. Your project can be hosted in a region of your choice or on our shared clusters in Japan, the USA, Germany, Canada, India, Brazil, Australia, or the UK. EU-based customers can host their content exclusively in the EU. Dedicated private clusters will be set up for the customers with the most traffic-intensive projects.

Performance

Our cutting-edge infrastructure with features such as auto-scaling ensures optimal performance even in times of peak traffic like Black Friday! Your content is delivered to users at any place in the world blazingly fast thanks to the Global middle-layer CDN caching. Service availability and performance are monitored by our support engineers 24/7. We offer a service level agreement for guaranteed uptime of up to 99.95%.

Governance and Team Collaboration

Governance control features like SSO, custom deployment and write-access permissions, multiple development environments, audit logs, and content versioning ensure that even the largest teams will collaborate in an efficient, secure, and regulation-compliant way. Using the GraphCMS development environments ensures that changes are safely tested and reviewed before being committed to your production environment. Create and assign the appropriate custom roles and permissions to your team members with the most Advanced Permission System in the market. Manage access to GraphCMS through your preferred Enterprise Identity Provider.

Permanent Backups

Several backups options are provided to GraphCMS customers incl. point-in-time-recovery backups that are replicated across several AWS regions and offsite backups that can be sent to your own preferred storage. Backup data is encrypted at rest using AES-256 encryption with keys provided by AWS KMS.

Privacy and Compliance

All customer project data are encrypted in transition; all sensitive customer data (e.g. email, passwords) are encrypted both at rest and in transition. If required, content can be hosted exclusively in the European Union.

It's Easy To Get Started

GraphCMS plans are flexibly suited to accommodate your growth. Get started for free, or request a demo to discuss larger projects with more complex needs