Skip to main content

Security

If you or your team have specific questions about how Plain is built, our processes or how we store and handle data please get in touch at help@plain.com. We are very happy to answer any questions you have.

Data security

  • We use Amazon Web Services to host Plain
  • All data is stored in Amazon Web Services eu-west-2 region (London)
  • All data is encrypted in transit and at rest
  • All data is backed up regularly and encrypted at rest
  • We apply the following security best practices:
    • All changes to our infrastructure, permissions, and code happen via code reviews
    • We grant the least amount of privileges to IAM roles, systems, and engineers to perform their duties
    • Administrator privileges are only used in the case of serious incidents, for our routine maintenance tasks we provision IAM roles with fine grained permissions.
  • We use the following third parties, for full legal terms, please see the Data Processing Addendum
    • Auth0: as our identity provider for internal Support App users. No customer data is sent to Auth0.
    • Postmark: to send and receive emails for users and customers.
    • Segment: to measure product usage. We only send anonymised data.
    • Mixpanel: to measure product usage. We only send anonymised data.

Reporting a security issue

If you think you found a security issue or have any questions related to security please email:

We will reply to security related questions within 24h.