Skip to content
Security

Security at GraphDefend

We hold our own platform to the standard we ask of our customers. This page covers how we protect GraphDefend and how to report a security issue.

Our security posture

GraphDefend connects to customer environments with scoped, read-only access by default and never moves customer data outside its tenant boundary. Enforcement actions are explicit, audited, and reversible.

  • Least-privilege, read-only connectors with per-tenant isolation
  • Encryption in transit and at rest
  • Continuous logging and audit trails for every action
  • SOC 2 Type II in progress — see our Trust page for current status

Responsible disclosure

If you believe you've found a security vulnerability in GraphDefend, we want to hear from you. Email security@graphdefend.com with the details and steps to reproduce. We aim to acknowledge reports within two business days.

Please give us a reasonable window to investigate and remediate before any public disclosure. We will not pursue legal action against researchers who act in good faith and follow this policy.

security.txt

Our machine-readable contact policy is published at /.well-known/security.txt. Security contact: security@graphdefend.com.