Rate limits, retention, data export, backup, SLA targets, security posture, and compliance. Every number on this page is implemented in production code and measurable against the running service.
Token-bucket per IP (unauthenticated) or per API key (authenticated). Tokens refill at the sustained rate. Short bursts allowed up to the burst ceiling. 429 with Retry-After header when exceeded.
| Caller | Sustained | Burst | Identifier |
|---|---|---|---|
| Unauthenticated | 120 req/min | 20 | client IP |
| Authenticated (gs_ak_ key) | 600 req/min (~10 req/sec) | 20 | API key |
| Admin | Unlimited | - | admin scope |
Org deletion enters a 90-day grace period. The owner can restore in full during the window. After 90 days, nodes, edges, and source files are hard-purged. Grace period is configurable via the GRAPHORY_PURGE_GRACE_DAYS environment variable; Graphory cloud uses the default of 90.
| Action | Effect | Window |
|---|---|---|
| Owner soft-deletes the org | Org flagged deleted, all access blocked | Immediate |
Owner calls POST /org/{id}/restore | Org restored, all access re-enabled | Any time within 90 days |
| 90 days elapse | Hard-purge: graph, edges, source files all removed | Permanent |
Owner-only. Asynchronous: submit the job, poll for completion, download from a signed URL (valid 24 hours).
format=zipRaw source files
All .md files with YAML frontmatter. Source-of-truth portability, re-ingest anywhere.
format=graph-jsonFull graph state as JSON-LD
Every node, every edge, every property, full provenance. Load into any other graph store.
Included
Excluded
| Snapshot cadence | Daily at 03:00 server time |
| Snapshot format | Full graph-store .rdb dump |
| Local retention | 7 days on the application host |
| Offsite copy | B2 object storage, encrypted at rest, separate region |
| Restore target | Manual restore in under 4 hours from the most recent dump |
Operational policy, not contractual guarantees. A public status page with measured uptime and drill results is on the 2026 roadmap. Enterprise customers can negotiate contractual RPO/RTO.
Uptime targets per plan. Policy commitments except on Enterprise, where they are contractual. Measurement is the fraction of minutes in a calendar month during which the Graph API responds with 2xx to a health check from an external region.
| Plan | Uptime target | Allowed downtime/month | Contractual |
|---|---|---|---|
| Free | Best effort | No target | No |
| Pro | 99.5% | ~3.6 hours | Policy |
| Business | 99.9% | ~44 minutes | Policy |
| Enterprise | Custom | Contract-defined | Yes |
Each org has its own named graph in the graph store. Queries cannot cross org boundaries. No shared index, no shared cache.
Connectors use your OAuth app and your tokens. Stored encrypted in WorkOS Vault. Graphory operators cannot read them in plaintext.
All endpoints terminate TLS via Let's Encrypt with automatic renewal. HTTP redirects to HTTPS.
AuthKit handles login, multi-factor, SSO, org membership. No passwords stored in Graphory.
gs_ak_ API keys scoped to a single org, created only by the owner. Revocable immediately from Settings.
Who, what, when, with what authority (code, AI, user correction, admin). User corrections outrank automatic extraction.
Plain-English where we stand today:
For regulated industries, air-gapped environments, or zero-SaaS-dependency requirements, a self-hostable community edition is on the roadmap for Q2-Q3 2026.
Self-hosting roadmapOperational or security questions: support@graphory.io. Procurement, security review, custom terms: info@graphory.io.