Security

This page summarises the security posture PLEXL LLC applies across plexl.ai, plexifact.io, plexiflexor.ai, and the engagement infrastructure delivered to clients. Detailed mechanism docs, audit-trail walkthroughs, and security-questionnaire responses are available to qualified evaluators under NDA.

Data in transit

TLS 1.3 on every public surface. HSTS with `includeSubDomains` and `preload`. No mixed-content paths.

Data at rest

All customer data is stored encrypted in client-tenancy infrastructure. PLEXL does not retain copies of customer data on PLEXL-managed systems beyond what is necessary for an active engagement.

Access controls

Role-based access control with MFA enforced for every PLEXL operator account. Customer environment access is provisioned per engagement, scoped to the minimum required, and revoked at engagement end.

Audit & governance

Every action taken by a PLEXL operator in customer infrastructure is recorded in an audit log retained for the engagement duration plus retention period agreed in the master services agreement.

Compliance

SOC 2 Type II readiness is on the roadmap; timeline confirmed per engagement. GDPR and CCPA workflows supported via the data-handling practices summarised in our Privacy Policy.

Report a vulnerability

Email info@plexl.ai with `[security]` in the subject. We respond within 2 business days and coordinate responsible disclosure timing with the reporter.

Contact

PLEXL LLC · info@plexl.ai