Security & Compliance
Built for trust
This page summarizes how Plaibook protects your data. For detailed security documentation, we are happy to share under NDA or complete your vendor security questionnaire.
Last updated: April 2026
Overview
Security at a glance
Infrastructure
- --AWS cloud (US-East region)
- --Private VPC with public/private subnet separation
- --Auto-scaling container infrastructure (ECS Fargate)
- --WAF with managed rule sets and rate limiting
- --No direct internet access to application containers
Encryption
- --TLS 1.3 for all data in transit
- --AES-256 encryption at rest across all data stores
- --HSTS enforcement on all connections
- --Application-level encryption for integration credentials
- --Secrets stored in AWS SSM Parameter Store
Access control
- --Role-based access control with four permission tiers
- --Short-lived access tokens with refresh rotation
- --MFA auto-enabled for admin accounts
- --Industry-standard password hashing
- --Automatic account lockout after repeated failures
Data isolation
- --Row-level tenant isolation on every database query
- --Organization-scoped access enforced at the API layer
- --Presigned URLs for time-limited recording access
- --All cross-tenant access attempts are logged
Compliance
- --TCPA-compliant SMS pipeline with seven pre-send checks
- --Three-layer PCI redaction for call recordings
- --State-specific messaging rules (FL, CT, OK, and more)
- --SOC 2 readiness in progress
Operations
- --CI/CD with mandatory staging before production
- --Container image scanning on every push
- --Automated backups with multi-tier retention
- --Structured audit logging with defined retention periods
- --Infrastructure as Code (Terraform)
Multi-Tenancy
Data isolation
Plaibook is a multi-tenant application. Every customer's data is isolated at the database query level, not just in application logic. There is no shared data access between tenants.
How it works
- 1.Every record includes an organization identifier.
- 2.The user's organization is set from their authenticated session and cannot be overridden by the client.
- 3.Organization scoping is enforced by middleware before any query executes.
- 4.Every database query includes the organization filter directly, not as a post-query filter.
Audit and access logging
- --Internal admin cross-organization access is logged with user identity, source, target, and IP address.
- --Unauthorized cross-organization access attempts are flagged and logged.
- --User creation, updates, and role changes are recorded in the audit trail.
- --Call recordings are scoped by organization and accessible only via time-limited presigned URLs.
TCPA Compliance
SMS compliance pipeline
Every outbound SMS passes through a real-time compliance service before delivery. No message is sent until every check passes. If any check fails, the message is blocked and the reason is logged.
Global kill switch
Platform-wide emergency stop that blocks all outbound messages instantly.
Do Not Contact list
Recipient phone is checked against the organization's DNC list. Matches are blocked and the conversation is removed.
Lead verification
Confirms the recipient exists as a known lead in the organization's database.
Opt-out check
If the lead has opted out, the message is blocked and the conversation is removed.
SMS consent validation
Verifies the lead has explicit SMS consent on file before any message is sent.
Business hours enforcement
Messages are only sent during permitted hours in the recipient's timezone, with automatic rescheduling for off-hours.
State-specific rules
Per-state rules for Florida, Connecticut, Oklahoma, and others are applied based on campaign configuration.
Fail-safe by default
If any unexpected error occurs during compliance validation, the message defaults to blocked. The compliance service never fails open. All decisions are logged for audit purposes.
PCI Protection
Three-layer PCI redaction
When customers mention payment card information during calls, Plaibook detects and removes it from both transcripts and audio recordings. Three independent layers run in sequence so no single layer is a single point of failure.
AI detection
During transcription, the AI model identifies segments where card numbers, CVVs, or expiration dates are spoken and flags them with timestamps.
Pattern matching
A second pass uses deterministic pattern matching to catch any card numbers the AI layer may have missed, covering all major card networks.
Audio silencing
A dedicated service processes the audio file to silence the time ranges where PCI data was detected. The silenced audio replaces the original recording.
Result
After processing, neither the transcript nor the audio recording contains payment card information. Validation results are stored for audit purposes. A bulk redaction process also covers historical recordings retroactively.
Compliance
SOC 2 readiness
We have not completed SOC 2. Here is an honest assessment of where we stand.
In place
AES-256 encryption at rest across all data stores
TLS 1.3 in transit with HSTS
Role-based access control with four permission tiers
Token-based authentication with server-side revocation
MFA auto-enabled for admin accounts
Industry-standard password hashing
Brute-force lockout protection
AWS CloudTrail audit logging
Application-level audit logging
Container image scanning
WAF with managed rule sets
Row-level tenant isolation
Automated multi-tier database backups
Infrastructure as Code with state locking
Integration credentials encrypted at the application layer
In progress
Formal security policies documentation
Incident response plan
Data retention policy for permanent stores
Data Processing Agreements for AI providers
Automated dependency scanning in CI
External penetration testing
Planned
SOC 2 Type II formal audit
Formal disaster recovery runbook
Vendor management policy
Business continuity plan
Data Practices
Data handling and privacy
Data residency
All data is stored and processed in the United States (AWS US-East region). Database, object storage, cache, and compute all reside in the same region.
Data retention
Log data is retained for defined periods (30 to 365 days depending on type) and automatically purged. Call recordings and transcripts are retained until an organization admin requests deletion.
Data deletion
Organization admins can delete all call data for a specific integration, including associated recordings. For data subject access or deletion requests, contact security@plaibook.tech.
AI and your data
We do not opt in to any AI provider training programs with customer data. PII redaction is applied before data is sent to AI providers for analysis tasks.
Backup and recovery
Automated database backups run on multiple schedules (hourly through yearly) with retention ranging from days to months. Application infrastructure is stateless and fully reproducible from code.
Incident response
We are formalizing our incident response plan. In the event of a security incident, affected customers will be notified promptly. Contact security@plaibook.tech to report a vulnerability.
Subprocessors
Third-party data processors
These third parties receive or process customer data as part of Plaibook's operations.
| Provider | Purpose | Data Sent |
|---|---|---|
| AWS | Cloud infrastructure, compute, storage | All platform data (encrypted at rest and in transit) |
| MongoDB Atlas | Primary database | All structured data (transcripts, analysis, contacts, conversations) |
| Google Gemini | Call audio transcription and analysis | Call audio recordings |
| OpenRouter | AI conversations, analysis | Text prompts with conversation and transcript data (PII redaction applied on analysis paths) |
| DeepInfra | Text embedding generation | Short text strings (non-PII descriptions) |
| Stripe | Billing | Usage metrics and billing information |
| PostHog | Product analytics | Anonymized usage events |
| Amazon SES | Transactional email | Email addresses and notification content |
Need more detail?
We are happy to share detailed security documentation under NDA, walk through our architecture, or complete your vendor security questionnaire.