If you or your team have specific questions about how Plain is built, our processes or how we store and handle data please get in touch at firstname.lastname@example.org. We are very happy to answer any questions you have.
- We use Amazon Web Services to host Plain
- All data is stored in Amazon Web Services
- All data is encrypted in transit and at rest
- All data is backed up regularly and encrypted at rest
- We apply the following security best practices:
- All changes to our infrastructure, permissions, and code happen via code reviews
- We grant the least amount of privileges to IAM roles, systems, and engineers to perform their duties
- Administrator privileges are only used in the case of serious incidents, for our routine maintenance tasks we provision IAM roles with fine grained permissions.
- We use the following third parties, for full legal terms, please see the Data Processing Addendum
- Auth0: as our identity provider for internal Support App users. No customer data is sent to Auth0.
- Postmark: to send and receive emails for users and customers.
- Segment: to measure product usage. We only send anonymised data.
- Mixpanel: to measure product usage. We only send anonymised data.
Reporting a security issue
If you think you found a security issue or have any questions related to security please email:
We will reply to security related questions within 24h.