Data Privacy & Security
We're serious about keeping your data safe. Our platform and how we work are set up to protect you and your information. We use strong security measures everywhere in our operations and always work to make them even better.
Graft is SOC 2 Type 2 Compliant
Data Hosting
Infrastructure:
Graft is a SaaS application hosted in Amazon Web Services.
Tenancy:
All customers receive their own data tenancy of the Graft Platform. Each tenant’s data is isolated and remains invisible to other tenants to prevent unauthorized access.
Training:
- Your data is yours. We don't use your data to train our models.
- Any models you train for your own app and use cases are only accessible by your team.
Employee Security Measures
All of Graft’s employees and contractors are under NDA. Additionally, Graft employees complete security training annually and may only access customer data in the context of a specific support request the customer has made, for example, to debug an issue or get help with the product. Customer data is not accessed as part of routine day-to-day operations of the company or development of the product (testing, releasing updates, etc).
Disk encryption and antivirus software are enabled across all Graft workstations.
Penetration Tests
Graft performs application-layer penetration tests annually.
Secure Software Development
Graft uses both automated and manual reviews to ensure a secure software development lifecycle.
Data Security
Data at rest is encrypted using AES-256 encryption; data in transit is encrypted with TLS 1.2.
How to Contact Us
Please reach out to support@graft.com if you have any questions or want to report any potential issues.
Reports Available Upon Request
- SOC 2 Type 2 (Enterprise tier only, NDA required)
- Pentest Report (Enterprise tier only, NDA required)
