🔐Security

Your security matters to us

To earn your trust, we have documented how we work with security.

Authentication

Plock requires multi-factor authentication on all applications and production systems used to build and run the Plock service.

In case we have to use third party services with access to customer data, we will assess the security and privacy practices of that third-party provider as part of the sign up process.

Storage & Backup

Plock runs on AWS, where product data is backed up with encryption at rest. In addition, Plock uses AWS RDS with encryption enabled for data storage. We do not store any sensitive data (such as passwords) inside our database. All sensitive data is stored separately in a Secrets Manager.

Code Deployment

Plock employs GitHub as a tool for actively identifying potential security weaknesses within its code and associated libraries. Upon detection of a vulnerability, Plock promptly addresses the issue by implementing patches, conducting thorough testing, and subsequently releasing the updated code or library at the earliest feasible time.