Security first
Security is Our Top Priority
Safe Defaults & more
At Storywise, we understand that trust is the cornerstone of any great partnership. That's why we've built Storywise with more-than-industry-grade security in mind:
Comprehensive Code Audits
Before every release, we audit all frameworks and libraries to ensure that there aren't any known problems. If a vulnerability is known, we check if it applies to us and either upgrade or find another remedy.
Lean and Mean
We include only the essential external modules, carefully curated for quality, minimizing potential vulnerabilities.
Six-Eye Principle
Every code change is reviewed by at least two team members, ensuring oversight, quality control, an extensible structure and common understanding.
Access Control
We operate on a need-to-know basis. Only our server admins have database access, safeguarding your data with the utmost care. Access tokens added to the DB & auth tokens for 3rd party providers are saved in an encrypted form.
Internal Hosting & VPN
All our development services are hosted internally, accessible only via VPN for an extra layer of security. Our packages are served from an internal server wherever possible.
Two-Factor Authentication
For all system-critical operations, we require two-factor authentication, adding an essential second layer of protection.
Controlled Administrative Access
Our developers have limited administrator privileges, requiring specific elevation for installations. We limit the attack surface from this side to the absolute minimum.
Docker-Based Consistency
We use Docker to create non-changing artifacts, enabling consistent testing and deployment, including on-premises setups for customers requiring it.
Audit Logs
We audit every action performed in the system, providing transparency through an extensive audit log. This includes changes made to user data in addition to project data.
Secure File Hosting
Files are hosted on a private S3 bucket on AWS, with access granted only via signed links that expire after a few days, ensuring robust data protection.
SSO Authentication Without Barriers
Our authentication module supports Single Sign-On (SSO), which we provide without paywalling. It’s available to all customers with a minimum setup for five users.
Rigorous Test Environment
All updates are thoroughly tested in a separate, secure environment before implementation, reducing risks of unanticipated issues.
Proactive Threat Management
We continually monitor for vulnerabilities, applying patches and updates promptly to stay ahead of potential threats.
Safe AI Endpoints
We ensure safety by using our own, private AI endpoints hosted in Europe. Optionally, other endpoints can be used, and you're even able to utilize your own endpoints with your tokens if needed. We do not store any training data in our system.