PlexRun

Security

Security at every layer.

PlexRun is designed for teams running production workloads with sensitive data. Here's how we protect it.

Encryption

  • TLS 1.2+ for all data in transit
  • AES-256 encryption at rest
  • Secrets stored in an isolated secrets manager
  • No plaintext credentials anywhere in the stack

Compliance roadmap

  • GDPR-aligned data processing practices
  • CCPA-ready data handling by design
  • SOC 2 Type II — planned pre-GA
  • Penetration testing prior to general availability

Access control

  • Role-based access control (RBAC) on all resources
  • SSO / SAML 2.0 for Enterprise plans
  • MFA enforced for all internal systems
  • Least-privilege principle across all services

Infrastructure

  • Data stored in the region you select
  • VPC isolation with no shared-tenancy compute
  • Automated vulnerability scanning on every deploy
  • Uptime SLA available on Enterprise plans

Responsible disclosure

We take security vulnerabilities seriously. If you believe you have discovered a security issue in PlexRun, please report it responsibly.

We commit to: acknowledging your report within 48 hours, providing a status update within 7 days, and notifying you when the issue is resolved. We will not take legal action against researchers acting in good faith.

Report a vulnerability

security@plexrun.com

PGP key available on request.