Security first

Security is Our Top Priority

Safe Defaults & more

At Storywise, we understand that trust is the cornerstone of any great partnership. That's why we've built Storywise with more-than-industry-grade security in mind:

Comprehensive Code Audits

Before every release, we audit all frameworks and libraries to ensure that there aren't any known problems. If a vulnerability is known, we check if it applies to us and either upgrade or find another remedy.

Lean and Mean

We include only the essential external modules, carefully curated for quality, minimizing potential vulnerabilities.

Six-Eye Principle

Every code change is reviewed by at least two team members, ensuring oversight, quality control, an extensible structure and common understanding.

Access Control

We operate on a need-to-know basis. Only our server admins have database access, safeguarding your data with the utmost care. Access tokens added to the DB & auth tokens for 3rd party providers are saved in an encrypted form.

Internal Hosting & VPN

All our development services are hosted internally, accessible only via VPN for an extra layer of security. Our packages are served from an internal server wherever possible.

Two-Factor Authentication

For all system-critical operations, we require two-factor authentication, adding an essential second layer of protection.

Controlled Administrative Access

Our developers have limited administrator privileges, requiring specific elevation for installations. We limit the attack surface from this side to the absolute minimum.

Docker-Based Consistency

We use Docker to create non-changing artifacts, enabling consistent testing and deployment, including on-premises setups for customers requiring it.

Audit Logs

We audit every action performed in the system, providing transparency through an extensive audit log. This includes changes made to user data in addition to project data.

Secure File Hosting

Files are hosted on a private S3 bucket on AWS, with access granted only via signed links that expire after a few days, ensuring robust data protection.

SSO Authentication Without Barriers

Our authentication module supports Single Sign-On (SSO), which we provide without paywalling. It’s available to all customers with a minimum setup for five users.

Rigorous Test Environment

All updates are thoroughly tested in a separate, secure environment before implementation, reducing risks of unanticipated issues.

Proactive Threat Management

We continually monitor for vulnerabilities, applying patches and updates promptly to stay ahead of potential threats.

Safe AI Endpoints

We ensure safety by using our own, private AI endpoints hosted in Europe. Optionally, other endpoints can be used, and you're even able to utilize your own endpoints with your tokens if needed. We do not store any training data in our system.