Security at ThePlexa

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Sensitive fields are additionally encrypted at the application layer with per-tenant keys.

Role-based access controls, granular permissions, SSO/SAML (Enterprise), and mandatory 2FA for all staff. Customer data is accessed only when explicitly authorized for support.

Hosted on ISO 27001 / SOC 2 certified cloud infrastructure with multi-region redundancy, automated patching, and isolated tenant environments.

ThePlexa is built to support HIPAA, GDPR, and PCI-DSS obligations for our customers. Business Associate Agreements and Data Processing Addenda are available on request.

Continuous backups with point-in-time recovery. RPO < 1 hour, RTO < 4 hours. Disaster recovery is exercised quarterly.

We welcome security research. Report findings to support@theplexa.com using our published PGP key. We respond within 72 hours and credit responsible reporters.