Governance, Security, and Backups

How are backups performed? What is the backup frequency?

Structural information (metadata) is backuped daily via a snapshot for all plans starting from Standard. The content databases support point-in-time recovery (PiTR). Point-in-time recovery allows to restore a database into a state it was in any point of time.

Data can also be exported with the GraphCMS Import/Export feature and backed-up manually at any time.

Enterprise plans can also have nightly and offsite backups.

Offsite backups

Nightly copies of your content can be sent to your own Amazon S3 buckets. Available in the GraphCMS enterprise plans.

What are the possible API permission levels?

You can set the access rights to your API to either Read, Write, Open, or Protected.

Are audit logs available in GraphCMS?

Internal Audit logs allow you to monitor any content schema changes. Advanced audit logs are coming up soon.

What Service Level Agreements do you offer?

GraphCMS offers enterprise-grade service level agreements for availability and support. We offer service uptime guarantees of up to 99.9% uptime. Our support response time can be as low as one hour for critical issues. Reach out to our sales team for details.

What infrastructure options does GraphCMS provide?

Your project will either be hosted on a shared server, or you will be provided with your own dedicated server infrastructure within one of the data-centres we work with.

What are System Tokens?

System tokens can have different grants meant for internal tools e.g. for scripts periodically dumping data into GraphCMS, for connecting a legacy CMS, or for a one-time import/export of large amounts data.

Do you provide a reversibility plan for user's data?

Using a headless CMS means having a content exit strategy in place at all times. As any content can be fetched via the API in a JSON format, you can pull out your data at any time. There is no vendor lock-in with GraphCMS. GraphCMS also provides several content backup options.

Is it possible to connect GraphCMS to an organization's single sign-on (SSO) provider?

Yes, our user authentication system auth0 is able to handle this. Auth0 supports the main industry standards such as SAML, WS-Fed, and OAuth 2.0 (OpenID Connect is based on OAuth 2.0), so you can hook any third-party application that you need.

How are my GraphCMS API endpoints secured?

All endpoints of your projects have an SSL certificate.

How can I restrict the access to my content?

You can set your endpoint permissions scope from Public to Protected, Read-only or Write-only (Mutations) in your Project Settings. Using a permanent auth token – also generated in your Settings – allows you to only authorize a specific client to access your Project.