Graphory logo

Graphory

Trust and Operations

Published operational specifications. Real numbers, not hedged marketing copy. Everything on this page is implemented in production code and measurable against the running service.

Last updated: 2026-04-22.

Rate limits

Enforced per IP for unauthenticated requests and per API key for authenticated requests. The limiter uses a token-bucket algorithm: each request consumes one token, tokens refill continuously at the per-minute rate, and short bursts are allowed up to the burst ceiling.

CallerSustainedBurstIdentifier
Unauthenticated120 req/min20client IP
Authenticated (gs_ak_ key)600 req/min (~10 req/sec)20API key
AdminUnlimited-admin scope

When a caller exceeds its bucket, the server returns HTTP 429 Too Many Requests with a Retry-After header in seconds. Clients should respect the header and back off before retrying.

Retention and soft-delete

When an org is deleted, it enters a 90-day grace period during which the owner can restore it in full. No data is removed during the grace window - nodes, edges, source files, and connections remain intact.

ActionEffectWindow
Owner soft-deletes the orgOrg flagged deleted, all access blockedImmediate
Owner calls POST /org/{id}/restoreOrg restored, all access re-enabledAny time within 90 days
90 days elapseNightly purge job hard-deletes the graph, all edges, all source .md filesPermanent, not recoverable

The grace period is 90 days by default and configurable per deployment via the GRAPHORY_PURGE_GRACE_DAYS environment variable. Graphory cloud uses the default.

Individual record deletion (specific nodes or edges) applies immediately and does not enter the grace queue.

Data export

Owners can export the full state of their org at any time through the API. Export is asynchronous: submit the job, poll for completion, download from a signed URL.

FormatContentsUse case
zipAll raw source .md files with YAML frontmatterSource-of-truth portability, re-ingest anywhere
graph-jsonFull graph state as JSON-LD: every node, every edge, every property, provenanceLoad into any other graph store, build your own index

Flow:

  1. GET /org/{org_id}/export?format=zip (or graph-json) returns 202 Accepted with an export_id.
  2. GET /org/{org_id}/export/{export_id} returns the job status (pending, running, ready, failed).
  3. When ready, the response includes a signed download URL valid for 24 hours.

What is included: all nodes, all edges, all properties, full provenance metadata (source, confidence, authority, timestamps).

What is excluded: third-party credentials, the internal review queue, audit logs, and cross-customer ontology rules. Credentials are your property and stay in the vault; internal system state is not part of the data contract.

Export is owner-only. Member roles cannot initiate an export.

Backup and disaster recovery

PropertyValue
Snapshot cadenceDaily at 03:00 server time
Snapshot formatFull graph-store .rdb dump
Local retention7 days on the application host
Offsite copyB2 object storage (encrypted at rest, separate region)
Restore targetManual restore in under 4 hours from the most recent dump

Backup and restore targets above are operational policy, not contractual guarantees. A public status page with real measured uptime and restore-drill results is on the 2026 roadmap. Enterprise customers can negotiate contractual RPO/RTO commitments.

SLA targets

Uptime targets per plan. These are policy commitments from Graphory, not contractual terms except on Enterprise. Measurement is the fraction of minutes in a calendar month during which the Graph API responds with 2xx to a health check from an external region.

PlanUptime targetAllowed downtime/monthContractual
FreeBest effortNo targetNo
Pro99.5%~3.6 hoursPolicy
Business99.9%~44 minutesPolicy
EnterpriseCustomContract-definedYes

A public status page with live measurement is coming. Until then, incident history is shared on request to support@graphory.io.

Security

Compliance posture

Plain-English where we stand today:

Need data to stay in your own infrastructure?

For customers in regulated industries, air-gapped environments, or anyone who needs zero SaaS dependency, a self-hostable community edition is on the roadmap. See Self-Hosted for the model, timeline, and what is included.

Contact