Graphly Data Security Statement (DSS)
Last Updated: June 2026
Overview
Graphly is committed to protecting the confidentiality, integrity, and availability of customer data.
This Data Security Statement describes the administrative, technical, and organizational safeguards Graphly maintains to protect customer information processed through the Graphly platform.
This Statement applies to Graphly-hosted software applications and services and is intended to provide customers, partners, and compliance reviewers with a high-level overview of Graphly’s security practices.
Security Program
Graphly maintains an ongoing information security program designed to identify, assess, and manage security risks across its systems, infrastructure, vendors, and operations.
Our security practices are periodically reviewed and updated to address evolving threats, regulatory requirements, and industry best practices.
Infrastructure Security
Graphly utilizes reputable cloud infrastructure providers to host and support its services.
Infrastructure providers are selected based on factors including:
- Security capabilities
- Reliability and availability
- Compliance commitments
- Operational maturity
- Data protection practices
Graphly evaluates third-party infrastructure and service providers as part of its vendor management process and maintains contractual protections designed to safeguard customer data.
Access Controls
Access to customer data is restricted to authorized personnel with a legitimate business need.
Graphly maintains access control practices that may include:
- Role-based access controls
- Least-privilege access principles
- Unique user credentials
- Strong password requirements
- Multi-factor authentication where applicable
- Periodic review of access permissions
Access rights are reviewed and modified as personnel responsibilities change.
Application Security
Graphly incorporates security considerations throughout the software development lifecycle.
Security practices may include:
- Secure coding practices
- Vulnerability monitoring
- Dependency and software package review
- Security testing and validation
- Timely remediation of identified vulnerabilities
- Logging and monitoring of system activity
Graphly works to address known security vulnerabilities within a commercially reasonable timeframe based on risk and severity.
Network Security
Graphly employs technical safeguards designed to protect systems and customer data, including:
- Network segmentation where appropriate
- Firewall protections
- Secure communication protocols
- Monitoring of network activity
- Detection of suspicious or unauthorized activity
Security events are reviewed and investigated as appropriate.
Encryption
Graphly utilizes encryption technologies designed to protect customer data during transmission across public networks.
Sensitive credentials and authentication-related information are stored using industry-standard cryptographic protections and secure hashing mechanisms.
Monitoring and Logging
Graphly maintains logging and monitoring capabilities designed to:
- Detect operational issues
- Identify potential security events
- Support troubleshooting activities
- Assist with incident investigations
Logs are retained in accordance with operational and security requirements.
Backup and Disaster Recovery
Graphly maintains backup and recovery procedures designed to support business continuity and service restoration.
Backup strategies may include:
- Automated backups
- Redundant storage mechanisms
- Recovery testing
- Infrastructure redundancy where appropriate
Graphly periodically reviews and updates its disaster recovery and business continuity procedures.
Vendor Risk Management
Graphly engages third-party service providers to support certain aspects of its operations and service delivery.
Before engaging providers that may process customer data, Graphly performs reasonable due diligence and seeks contractual commitments regarding:
- Confidentiality
- Security
- Privacy
- Data protection obligations
A current list of Graphly subprocessors is available at:
Personnel Security
Graphly maintains personnel security practices designed to reduce risk and promote data protection awareness.
These practices may include:
- Background screening where permitted by law
- Confidentiality obligations
- Security awareness training
- Privacy and data protection education
- Access revocation procedures upon termination or role change
Incident Response
Graphly maintains procedures for responding to security incidents and Personal Data Breaches.
These procedures are designed to:
- Identify and contain incidents
- Assess potential impact
- Remediate vulnerabilities
- Restore affected services
- Provide notifications where required by applicable law or contractual obligations
Where a Personal Data Breach involving customer data occurs, Graphly will provide notification consistent with its contractual commitments and applicable law.
Artificial Intelligence
Graphly does not use customer data to train publicly available artificial intelligence or machine learning models without customer authorization.
Graphly may utilize aggregated, anonymized, or de-identified information for service improvement, analytics, operational purposes, and security monitoring where permitted by applicable law and contractual commitments.
Compliance and Privacy
Graphly maintains policies, procedures, and contractual safeguards designed to support compliance with applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR) where applicable.
Additional information is available in Graphly’s:
- Privacy Policy
- Data Processing Addendum (DPA)
- GDPR Information Page
Contact Information
Questions regarding privacy, security, or data protection may be directed to:
Dustin Lunt
Data Protection Officer
dustin@graphly.io
For additional information regarding privacy and compliance, please visit: