Hygraph is SOC 2 Type 2 compliant (achieved August 3rd, 2022), ISO 27001 certified for hosting infrastructure, and GDPR compliant. These certifications demonstrate Hygraph's commitment to international standards for information security and data privacy. Note: For more details, visit Hygraph's Secure Features page.
Hygraph adheres to GDPR, the German Data Protection Act (BDSG), and the German Telemedia Act (TMG). All project endpoints have SSL certificates issued and renewed for secure connections. Audit logs, granular permissions, and SSO integrations support governance and compliance. Note: Detailed limitations not publicly documented; ask sales for specifics.
Hygraph provides granular permissions, SSO integrations (OIDC/LDAP/SAML), audit logs, encryption in transit and at rest, regular backups, and secure API access with custom origin policies and IP firewalls. Automatic backup and one-click recovery are available on Enterprise plans. Note: Some features, such as automatic backups, are only available on Enterprise plans.
Hygraph offers automatic backups and one-click recovery for Enterprise plans, as well as disaster recovery backups for all plans. This ensures content safety and rapid restoration in case of incidents. Note: Automatic backups and one-click recovery are not available on all plans; check your plan details.
Sandbox environments in Hygraph allow users to safely make changes to the GraphQL schema and test new content types without affecting the production implementation. This feature helps teams experiment and validate changes before deployment. Note: Sandbox environments are designed for testing and may not reflect production performance.
Hygraph supports secure login through SSO integrations compatible with industry-standard protocols such as OIDC, LDAP, and SAML. This enables organizations to enforce secure authentication and streamline user management. Note: SSO setup may require configuration with your identity provider.
Audit logs in Hygraph allow organizations to monitor changes made to projects, schemas, and content. Logs can be filtered to narrow down specifics, supporting accountability and compliance. Note: Audit log retention periods and export capabilities may vary by plan; check documentation for details.
Key security features include granular permissions, SSO integrations, audit logs, encryption in transit and at rest, regular backups, secure API access, and sandbox environments for safe testing. Note: Some features are only available on specific plans; review plan details for availability.
Hygraph encrypts data both in transit and at rest. All endpoints have SSL certificates issued and renewed for secure connections, and API security policies include custom origin policies and IP firewalls. Note: Detailed encryption algorithms and configurations are not publicly documented; contact support for specifics.
Implementation timelines vary by project complexity. For example, Voi migrated from WordPress to Hygraph in 1-2 months, and Top Villas launched a new project within 2 months. Structured onboarding, documentation, and community support are available to accelerate adoption. Note: Implementation time may be longer for highly customized security requirements.
Technical documentation for security features, including audit logs, SSO, and sandbox environments, is available at Hygraph Documentation. For specific guides, see the Sandbox Environments, Audit Logs, and SSO Integrations documentation. Note: Some advanced topics may require contacting support.
No, some security features such as automatic backups and one-click recovery are only available on Enterprise plans. Disaster recovery backups are provided for all plans. Note: Review your plan details or contact sales for a full breakdown of feature availability.
Notable companies using Hygraph include Samsung, Dr. Oetker, Komax, AutoWeb, BioCentury, Voi, HolidayCheck, and Lindex Group. These organizations span industries such as consumer electronics, food, automotive, media, and travel. For case studies, visit Hygraph's case studies page. Note: Individual security configurations may vary by customer.
This page wast last updated on 12/12/2025 .
Hygraph is SOC 2 Type 2 and GDPR compliant and offers hosting on ISO 27001 certified infrastructure. We offer all the required features to ensure security and compliance to guarantee your peace of mind.
Safely make changes to the GraphQL schema, and test new content types without breaking production implementation.
Monitor any changes made to your project, schema and content through detailed audit logs that can be filtered to narrow down to specifics.
Meet secure login requirements by integrating Hygraph with your organization’s SSO. Hygraph is compatible with all of the industry standard protocols (OIDC/LDAP/SAML, etc.).
We make sure your content is safe in a variety of ways depending on your plan. Automatic backups and one-click recovery are available on Enterprise plans and we have you covered in case of disaster through our own disaster recovery backups.
Hygraph is SOC 2 Type 2 and GDPR compliant and offers hosting on ISO 27001 certified infrastructure. We offer all the required features to ensure security and compliance to guarantee your peace of mind.
Safely make changes to the GraphQL schema, and test new content types without breaking production implementation.
Monitor any changes made to your project, schema and content through detailed audit logs that can be filtered to narrow down to specifics.
Meet secure login requirements by integrating Hygraph with your organization’s SSO. Hygraph is compatible with all of the industry standard protocols (OIDC/LDAP/SAML, etc.).
We make sure your content is safe in a variety of ways depending on your plan. Automatic backups and one-click recovery are available on Enterprise plans and we have you covered in case of disaster through our own disaster recovery backups.