Docs Blog About
Get Started
Security

Security at Plexor

Enterprise-grade security to protect your data and intellectual property. We take security seriously so you can focus on building.

Your Data Is Never Stored

We do not log, store, or retain the content of your API prompts or responses. Your intellectual property remains yours. Requests are processed in real-time and are never persisted to any storage system.

Encryption in Transit

All data transmitted to and from Plexor is encrypted using TLS 1.3, the latest and most secure transport layer protocol available.

Encryption at Rest

Account data and credentials are encrypted at rest using AES-256 encryption. API keys are hashed and can never be retrieved in plaintext.

Infrastructure Security

Our infrastructure runs on Microsoft Azure with enterprise-grade security, including network isolation, DDoS protection, and automated threat detection.

Access Controls

Role-based access controls, multi-factor authentication support, and comprehensive audit logging for all administrative actions.

Regular Audits

We conduct regular security assessments, penetration testing, and vulnerability scanning to identify and address potential risks.

Incident Response

We maintain a comprehensive incident response plan and will notify affected users within 72 hours of any confirmed security breach.

Data Handling Practices

We are committed to minimizing data collection and retention. Here's exactly what we do and don't store:

What We Store

  • Account Information: Email, hashed password, organization name
  • API Keys: Hashed versions only (original keys cannot be retrieved)
  • Usage Metrics: Request counts, token counts, provider selections (no content)
  • Billing Data: Transaction records, invoices (payment details handled by Stripe)

What We Never Store

  • Prompt Content: The text of your API requests
  • Response Content: The generated responses from LLM providers
  • Conversation History: Any record of the content flowing through our system
  • Training Data: We never use your data to train any models

Security & Compliance

TLS 1.3 Encryption
AES-256 Encryption
SOC 2 Type II (Azure)
GDPR Compliant
CCPA Compliant
Regular Pen Testing

API Security Best Practices

We recommend the following security practices when using the Plexor API:

  • Rotate API Keys Regularly: Generate new API keys periodically and revoke old ones
  • Use Environment Variables: Never hardcode API keys in your source code
  • Implement Rate Limiting: Protect your integration from abuse with client-side rate limits
  • Monitor Usage: Regularly review your usage dashboard for anomalies
  • Use Scoped Keys: Create separate API keys for different environments (dev, staging, production)
  • Enable Notifications: Set up alerts for unusual usage patterns

Responsible Disclosure

We welcome security researchers to help us maintain the security of Plexor. If you discover a security vulnerability, please report it responsibly:

  • Email your findings to security@plexor.dev
  • Include a detailed description of the vulnerability and steps to reproduce
  • Give us reasonable time to address the issue before public disclosure
  • Do not access or modify data belonging to other users

We commit to acknowledging receipt within 48 hours and providing regular updates on our progress. We appreciate your help in keeping Plexor secure.

Security Questions?

If you have questions about our security practices or need additional information for your security review, please contact our security team.

security@plexor.dev