Security

Plasmic takes security seriously. Our cloud infrastructure is hosted in US data centers that are SOC 1, SOC 2, and ISO 27001 certified. Our data centers have round-the-clock security, fully redundant power systems, two-factor authentication, and physical audit logs.

If you are interested in a Self-hosted version of Plasmic that you can deploy yourself, in your own VPC/VPS/Kubernetes cluster, please get in touch with our enterprise team.

Security practices

Security affects everything we do at Plasmic. We are pursuing SOC 2 Type 1 compliance and we:

  • Force HTTPS on all connections, so data in-transit is encrypted with TLS 1.2.
  • Encrypt all database data at-rest with AES-256.
  • Host all servers in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Our data centers have round-the-clock security, fully redundant power systems, two-factor authentication and physical audit logs.
  • Regularly conduct external penetration tests from third-party vendors.
  • Regularly conduct security awareness training sessions with all employees.

Data storage and security

Plasmic does not store any of your externally-connected raw data. Data-fetching code components are how data is retrieved for rendering Plasmic pages, and the data that passes through here does not get persisted.

Only finally rendered pages can be cached in the following situations:

  • If you use Plasmic Hosting, then you are choosing to publish a public website, and these rendered static pages are cached in our CDN for performance.
  • If you use the HTML REST API, then you can choose to render with data by specifying the prepass=1 query parameter, in which case you can also specify a maxAge expiry.

Provisioned data sources

For provisioned databases hosted on Plasmic, such as Plasmic CMS or Plasmic Database, we store data in a Postgres cluster managed by our cloud provider.

  • The cluster is accessible by only our servers using the same stringent security applied to our external database connections.
  • End-user data may be colocated on a single Postgres instance—reach out if you are interested in having a dedicated Postgres instance.

Reporting security bugs or concerns

Please contact Plasmic’s security team, via email at security@plasmic.app. We welcome reports from end users, security researchers, and anyone else!

Was this page helpful?

Give feedback on this page