Security

We know your data is extremely important to you and your business, and we’re very protective of it. Our data is stored on PlaidCloud too. We take several steps to ensure security. A summary of each step is below:

Need to report a security vulnerability?

Please visit our PlaidCloud Responsible Vulnerability Disclosure and submit a vulnerability report. We will make every attempt to address the issue as quickly as possible.

Physical Security

  • Data center access limited to data center technicians and approved PlaidCloud staff
  • Biometric scanning for controlled data center access
  • Security camera monitoring at all data center locations
  • 24x7 on-site staff provides additional protection against unauthorized entry
  • Unmarked facilities to help maintain low profile
  • Physical security audited by an independent firm

System Security

  • System installation using hardened, patched OS
  • Dedicated firewall and VPN services to help block unauthorized system access
  • Dedicated intrusion detection devices to provide an additional layer of protection against unauthorized system access
  • Distributed Denial of Service (DDoS) mitigation services powered by industry-leading solutions

Operational Security

  • Our data center operations are regularly audited by independent firms against the AICPA SSAE 16 examination standard
  • Systems access logged and tracked for auditing purposes
  • Secure document-destruction policies for all sensitive information
  • Fully documented change-management procedures
  • SOC 1 Attestation report available upon request and upon signing a non-disclosure agreement

Software Security

We employ a team of 24/7/365 server specialists at PlaidCloud to keep our software and its dependencies up to date eliminating potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site.

Communications

All data exchanged with PlaidCloud is always transmitted over encrypted connections. All communication with PlaidCloud occurs over HTTPS using modern SSL and TLS processes. We do not accept connections that are not encrypted.

User access is controlled by the use of various authentication processes including single sign-on, OpenID, Mutli-Factor (Using YubiKey), and password. The method of authentication can be determined by Workspace or individual.

File system and backups

We do not encrypt database data on disk because it would not be any more secure: the website and PlaidCloud back-end would need to decrypt the data on demand, slowing down response times. Any user with shell access to the file system would have access to the decryption routine, thus negating any security it provides. Therefore, we focus on making our machines and network as secure as possible.

All data at rest or in file form is encrypted using the strongest industry standard practice available. All data at rest is stored in a highly distributed file system and encrypted prior to loading.

Employee access

No PlaidCloud employees ever access private workspace data unless required to for support reasons. Support staff may sign into your account to access settings related to your support issue. In rare cases, staff may need to pull a clone of your data, but this will only be done with your consent. Support staff does not have direct access to copy or view any data. When working on a support issue, we do our best to respect your privacy as much as possible by only accessing the files and settings needed to resolve your issue. All copied data are deleted as soon as the support issue has been resolved.

Maintaining security

We protect your sign-in from brute force attacks with rate limiting. All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Sign in information is always sent over SSL.

We also allow you to use two-factor authentication, or 2FA, as an additional security measure when accessing your PlaidCloud account. Enabling 2FA adds security to your account by requiring both your password as well as access to a one-time security code on your phone or Yubikey to access your account.

Single Sign-on is supported using SAML authentication facilities. OpenID is also supported using various OpenID services.

We have full time security staff to help identify and prevent new attack vectors. We always test new features in order to rule out potential attacks.

We’re extremely concerned about maintaining the utmost security, and so we are very active in our security measures.

Some companies are not able to host data outside their firewall for compliance or legal reasons and for those situations we offer PlaidCloud Firewall. PlaidCloud Firewall is a full version of PlaidCloud that can be installed on a server or cluster of servers within the company’s network and ensures no data leaves the firewall.

Credit card safety

When you sign up for a paid account on PlaidCloud, we do not store any of your card information on our servers. It’s handed off to Braintree, a company dedicated to storing your sensitive data on PCI-Compliant servers.

Contact Us

Have a question, concern, or comment about PlaidCloud security? Please contact us.