Skip to content
Plain Help Center home
Plain Help Center home

Our commitment to security

At Plain, we take your data seriously. Whether you're handling sensitive customer conversations or scaling your support operations, security is foundational to how we build, operate, and support our platform.

Transparent & compliant

Plain is SOC 2 Type II certified, meaning we’ve passed independent audits verifying how we manage security, availability, and confidentiality. We’ve also built our systems in line with GDPR and the UK Data Protection Act, and provide a clear Data Processing Agreement (DPA) for companies that need it.

We believe in transparency. You can check our system health any time at status.plain.com, and we’re happy to share SOC2 reports or security documentation with your team – just head here to request access.

A few of foundations to the way we build:

  • All data is encrypted at rest and in transit

  • Our infrastructure is hosted securely in AWS

  • Data access is tightly controlled and on a 'need-to-know' basis

  • All system changes go through strict code reviews

Securing Plain's API

Everything from Plain's platform to our API is designed to keep your data protected.

  • Our GraphQL API uses the same infrastructure that powers Plain itself - there are no “hidden features” and you have access to our entire GitHub repo.

  • Every API request requires authentication and signed headers, so only trusted systems can interact with your data.

  • We support mutual TLS (mTLS) for teams that want an additional layer of verification.

  • Slack messages are temporarily cached for no longer than 7 days, purely for reliability and recoverability.

Privacy-first by default

We’re clear about what data we collect, how we use it, and how you can stay in control. For more information on how we process your data, read our Privacy Policy and DPA.

We support your rights as a data owner:

  • You can request, access, or delete your data at any time.

  • We’ll never share your data without consent.

  • We’re available to help your team meet internal privacy or compliance goals.

If your team needs help mapping Plain’s security and compliance to your internal requirements, or you’d like to request additional documentation, just email us at help@plain.com.

Powered by Plain