GraphCMS Security & Compliance

GraphCMS is an enterprise ready Headless CMS, well equipped to scale, compliant with regulations, and secure.

Security and Compliance measures

GraphCMS delivers on enterprise expectations, enabling teams to successfully take digital projects to market globally

Robust and scalable infrastructure

Your data will be securely hosted on ISO 27001 certified data centers. All content is encrypted by SSL in transit with 256 Bit (AES-256). Sensitive data is also encrypted by SSL at rest. Your project can be hosted in a region of your choice or on our shared clusters in Japan, the USA, Germany or the UK. EU-based customers can host their content exclusively in the EU. Dedicated private clusters will be set up for the customers with the most traffic-intensive projects.


Our cutting-edge infrastructure with features such as auto-scaling ensure optimal performance even in times of peak traffic like Black Friday! Your content is delivered to users at any place in the world blazingly fast thanks to the Global middle-layer CDN caching and Origin Shield. Service availability and performance is monitored by our support engineers 24/7. We offer a service level agreement for a guaranteed uptime of 99.9%.

Governance and Team Collaboration

Governance control features like SSO, custom deployment and write-access permissions, multiple development environments, audit logs and content versioning ensure that even the largest teams will collaborate in an efficient, secure and regulation-compliant way. Using the GraphCMS development environments ensures that changes are safely tested and reviewed before being committed to your production environment. Create and assign the appropriate custom roles and permissions to your team members. Manage access to GraphCMS through your preferred identity provider.

API Security Policies

Advanced per-project API security policies and firewall rules satisfy even the strictest compliance evaluations. Custom origin policies as well as country, IP and ASN firewalls can be enabled for your content. All GraphCMS API endpoints are secured with an https certificate.

Permanent Backups

Several backups options are provided to GraphCMS customers incl. Point-in-time-recovery backups, nightly and offsite backups that can be sent to your own preferred storage.

Privacy and Compliance

GraphCMS is compliant with GDPR and the EU-US Privacy Shield for 3rd party services used by the company. The privacy policy can be found here. All customer project data are encrypted in transition; all sensitive customer data (e.g. email, passwords) are encrypted both at rest, and in transition. If required, content can be hosted exclusively in the European Union.

It's Easy To Get Started

GraphCMS plans are flexibly suited to accommodate your growth. Get started for free, or request a demo to discuss larger projects with more complex needs