Security, Governance, and Backups

How are backups performed? What is the backup frequency?

Structural information (metadata) is backed up daily via a snapshot for all plans starting from our Professional plan. The content databases support point-in-time recovery (PiTR). Point-in-time recovery allows restoring a database into a state it was at any point in time.

You can also create your own backups with a periodic frequency defined by you, and proceed to query all your content to be stored in your own S3 bucket or another service.

We also support offsite backups, for which you currently need to get in touch with the team to establish how you prefer these to be set up. This is available as an optional upgrade on our Enterprise plans.

Do you provide Offsite backups?

Nightly copies of your content can be sent to your own Amazon S3 buckets.

You currently need to get in touch with the team to establish how you wish to configure such backups. This is available as an optional upgrade on our Enterprise plans.

Do you provide Audit/Activity Logs?

Yes, they allow you to monitor schema and content changes.

What are Custom Roles?

With custom roles you have the ability to define customized permissions for collaborators.

Will my project be hosted on a shared or dedicated infrastructure?

Your project will either be hosted in your chosen shared cluster (US East, US West, EU, or Asia) or you will be provided your own dedicated database and API server for compliance and best possible performance. For a dedicated infrastructure, get in touch with our team.

Do you offer Service Level Agreements?

Yes. GraphCMS offers enterprise-grade service level agreements. We offer service uptime guarantees of up to 99.95%. Our support response time guarantees can be for as low as 30 minutes for critical issues. Reach out to our sales team for details.

What is a Development Environment?

For improved team collaboration and a more efficient and secure development workflow, you can build your project with multiple development environments. Development environments reflect changes to your project schema but not to your content (see Content Staging).

What are System Tokens?

System tokens can have different grants meant for internal tools e.g. for scripts periodically dumping data, for connecting a legacy CMS, or for importing/exporting data.

Do you provide a reversibility plan for your clients’ data?

Using a headless CMS means having a content exit strategy in place all the time. As any content can be fetched via the API in a JSON format, you can pull out your data at any time. There is no vendor lock-in with GraphCMS.

Is it possible to connect GraphCMS to a company’s SSO and manage several roles with different permission levels?

Yes, this can be configured. Our user authentication system Auth0 is able to handle this. Auth0 supports the main industry standards such as SAML, WS-Fed, and OAuth 2.0 (OpenID Connect is based on OAuth 2.0) so you can hook any third-party application that you need.

Is the content exposed through my GraphCMS project API secured?

All endpoints of projects have an SSL certificate issued and are kept renewed.

It's Easy To Get Started

GraphCMS plans are flexibly suited to accommodate your growth. Get started for free, or reach out to our sales team to discuss larger projects with more complex needs