Skip to content
Platform

Security and Data Protection

Security is built into how the platform is operated, not added on. This section summarizes the platform’s security posture. The binding obligations are set out in the Privacy Annex, the Privacy Data Sheet, and the Service Terms.

At a glance

In transit
TLS 1.2 or higher
At rest
AES-256
Tenancy
Logical isolation; no cross-tenant access
Data roles
Customer is data controller; Netgraph is data processor
Assurance
ISMS aligned to ISO/IEC 27001; certification planned mid-2026
  • Encryption in transit. All data in transit is protected with TLS 1.2 or higher.
  • Encryption at rest. Personal data at rest is encrypted using AES-256.
  • Tenant isolation. The platform is multi-tenant and enforces logical isolation between organizations. There is no cross-tenant access.

Access is governed by role-based access control with least privilege, across the organization and context scopes described in Roles and Administration Levels. Administrator and self-service sign-in are separate, and single sign-on and multi-factor options are available; see Identity and Authentication.

Monitoring, resilience, and incident response

Section titled “Monitoring, resilience, and incident response”

The platform is continuously monitored and is distributed across multiple availability zones for resilience. Administrative and authentication activity is centrally logged for traceability. Netgraph maintains incident response procedures and notifies affected customers of a personal-data breach without undue delay, with the information needed to assess and respond.

The customer is the data controller for the personal data processed through the services, and Netgraph acts as a data processor (or sub-processor) on the customer’s documented instructions. The customer is responsible for the lawful basis of processing, for informing data subjects, for configuring retention, and for handling data subject requests. Netgraph is responsible for the secure operation of the platform and the technical and organizational measures that protect the data. The full allocation is in the Privacy Annex.

Netgraph operates an information security management system aligned with ISO/IEC 27001 and ISO/IEC 27002. ISO/IEC 27001:2022 certification is planned for completion in mid-2026.

Next