Each chart in a dashboard generates a query that gets sent to the database whenever the chart is rendered, though we try to cache anything that makes sense for performance reasons. If you're curious what Chartio is accessing when charts are generated, each of these queries can be inspected in two ways. You can monitor your database logs for queries coming from Chartio on your end, but we also try to make that process easier by providing our own query log for every data source. The query log can be accessed from your project settings page.
To improve performance between the Chartio interface and your database, we cache only the returned results of any query that is used to generate a chart. This way, when a teammate hits a dashboard you've just viewed, they see the cached version of the dashboard rather than executing a whole new series of queries on your database. Chartio only ever stores the results from the latest queries for any chart.
These temporarily cached chart results are the only data from your database that is ever stored in Chartio. At any point your entire cache can be cleared from the settings of your datasource.
You can control the cache duration on your database from its connection settings page. Charts that are requested mulitple times within that cache duration will only query the database the first time.
For example, if your cache duration was 15 minutes and you view a dashboard 0 to 15 minutes after someone else on your team had viewed it, your dashboard will load the cached results and not kick off a new set of queries to your database.
Because Chartio works with read-only access to your database, no Chartio user can alter, edit, or destroy the data on your database. Even editing things like the database schema within Chartio's data connection settings only changes the appearance of that data source within Chartio - the target data source remains unchanged.
Chartio provides different user permissions levels to help you control data access. However, from a strict security standpoint, you should always think about every user-level having visible access to the data in your project. If there is data connected to your Chartio account that you don't want certain users to see, we recommend connecting it to a separate, segregated project.
Admin and creator user levels can generate charts from any data source within your project and inspect the raw results returned from a chart. Only admins can inspect the data connection settings, query log, and billing information though. Viewers can see dashboards but can't create or edit charts. You can read more about our permissions levels in our documentation.
With database connections you can restrict access to specific tables at the database level. When creating the read-only user you can grant access to only specific tables and views, ensuring that Chartio only has access to specific data. The process to do this varies by data source.
For more information see your database's documentation or contact us at email@example.com.
Some databases enable you to grant users with permissions as granular as the column level. If your database is one of those, you can certainly create the read-only user for Chartio with access to only specified columns. Again, for more information see your database's documentation or contact us at firstname.lastname@example.org.
Another approach is to create Views in your database that replicate a table but either don't include or some how encode the sensitive columns. Then use the table level level permissions described above to grant access to the new view, but not the original table.
Request a Demo
Tell Us About Your Company