Plasmic takes security seriously. Our cloud infrastructure is hosted in US data centers that are SOC 1, SOC 2, and ISO 27001 certified. Our data centers have round-the-clock security, fully redundant power systems, two-factor authentication, and physical audit logs.
If you are interested in a Self-hosted version of Plasmic that you can deploy yourself, in your own VPC/VPS/Kubernetes cluster, please get in touch with our enterprise team.
Security affects everything we do at Plasmic. We are pursuing SOC 2 Type 1 compliance and we:
- Force HTTPS on all connections, so data in-transit is encrypted with TLS 1.2.
- Encrypt all database data at-rest with AES-256.
- Host all servers in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Our data centers have round-the-clock security, fully redundant power systems, two-factor authentication and physical audit logs.
- Regularly conduct external penetration tests from third-party vendors.
- Regularly conduct security awareness training sessions with all employees.
Data storage and security
Plasmic does not store any of your externally-connected raw data. Data-fetching code components are how data is retrieved for rendering Plasmic pages, and the data that passes through here does not get persisted.
Only finally rendered pages can be cached in the following situations:
- If you use Plasmic Hosting, then you are choosing to publish a public website, and these rendered static pages are cached in our CDN for performance.
- If you use the HTML REST API, then you can choose to render with data by specifying the
prepass=1query parameter, in which case you can also specify a
Provisioned data sources
For provisioned databases hosted on Plasmic, such as Plasmic CMS or Plasmic Database, we store data in a Postgres cluster managed by our cloud provider.
- The cluster is accessible by only our servers using the same stringent security applied to our external database connections.
- End-user data may be colocated on a single Postgres instance—reach out if you are interested in having a dedicated Postgres instance.
Reporting security bugs or concerns
Please contact Plasmic’s security team, via email at firstname.lastname@example.org. We welcome reports from end users, security researchers, and anyone else!