How Plai uses the best security practices to protect our customers
At Plai, customer trust is one of our top priorities.
That's why we maintain the highest standards of data security and privacy. We understand that it is important for you to keep your data and your employee data secure. It is our promise. Plai implements the security testing and reviews, designed to be GDPR compliant, and encrypts your data.
Facilities and Cloud Infrastructure
Plai is hosted and delivered by Amazon Web Services (AWS). Amazon is responsible for the security of its actual data centers and the AWS cloud. Plai is responsible for monitoring, managing, and securing the Plai cloud.
AWS manages the data centers that host the Plai cloud. For more information about security at those data centers, see here.
Plai Cloud data is hosted in the USA West region.
Amazon Web Services manages the security of the cloud. AWS has been certified by third-party organizations and manages many compliance programs 24/7 to comply with laws and regulations. A list of such certifications and compliance statements can be found here.
AWS has SOC 1, SOC 2, and a public SOC 3 report on Security, Availability & Confidentiality (pdf).
Plai is GDPR compliant. Organizations in the European Union (EU) or who employ EU-based individuals can be sure that Plai protects their personal information securely in compliance with the EU laws.
People and Access
Within Plai, only a few trusted members of our team have access to the production environment to maintain our cloud services and assist our customers. Additionally, we monitor all access to the Plai cloud. Plai implements a variety of data security and vulnerability checks to ensure secure software development.
Customers are responsible for maintaining the security of their own login information.
Data Encryption and Storage
In the Plai cloud, data at rest is encrypted following the best industry standards - 256-bit encryption via native AWS capabilities. Additionally, all data-in-transit and communications with the Plai cloud are protected with HTTPS using TLS 1.2 and within the cloud with VPN network connections.
Your data is retained indefinitely while you are our customer. In case you leave our service, all data will be removed upon the customer request or within one year of inactivity. If you want to remove your data, please contact us at email@example.com.
Breaches will be communicated within 48 hours, and any vulnerabilities are fixed as soon as possible.
Customer data is backed up once a day, once per week and once per month and is encrypted following industry standards.
Plai cloud services are tested regularly by our security team. If findings occur, they will be solved immediately.
Plai's cloud team has a disaster recovery process in place, and it is tested on a regular basis.
Responsible Disclosure Policy
If you believe you have found a potential security vulnerability on Plai, please let us know right away by emailing firstname.lastname@example.org. We will investigate all reports and do our best to fix valid issues quickly.
Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of the disclosure.
Make a reasonable faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Plai service. Please only interact with domains you own or for which you have explicit permission from the account holder.
While researching, we'd like you to refrain from:
1) Distributed Denial of Service (DDoS) attacks.
3) Social engineering or phishing of Plai employees or contractors.
4) Any attacks against Plai's physical property or data centers.
Thank you for helping to keep Plai and our users safe!
Changes to the security and disclosure guidelines
We may revise these guidelines from time to time. The most current version of the guidelines will be available at https://plai.team/legal/security.