TLS 1.2+
In-Transit Encryption
AES-256
At-Rest Encryption
99.9%
Uptime SLA
Infrastructure Security
Built on the world's most trusted cloud.
Every component of PlugIQ's infrastructure is selected for reliability, security certification, and proven enterprise performance.
AWS Cloud Hosting
PlugIQ runs on Amazon Web Services — globally certified, enterprise-grade cloud infrastructure. AWS manages physical security, hardware reliability, and infrastructure redundancy. Descasio manages the security configuration of everything built on top.
Encryption
All data transmitted to and from PlugIQ is encrypted in transit using TLS 1.2 or higher. All data at rest is encrypted using AES-256 encryption. This applies to workflow data, process records, form submissions, and all stored attachments.
High Availability
The platform is designed for 99.9% uptime. Infrastructure is distributed across availability zones to eliminate single points of failure and ensure continuity for mission-critical approval workflows.
Access Security
Precisely controlled access at every level.
Who can see what, do what, and approve what is not left to convention. It is enforced by the platform.
Role-Based Access Controls (RBAC)
Every user is assigned a role that determines exactly what they can see, build, submit, and approve. Access is enforced at the data layer — not just the interface.
Single Sign-On (SSO)
PlugIQ supports SAML 2.0 and OAuth-based SSO, allowing organizations to enforce their existing identity provider policies — including MFA requirements.
Directory Sync (SCIM)
Automated user provisioning and deprovisioning via SCIM ensures access is removed immediately when a user leaves. No manual offboarding gaps.
Session Controls
Administrators can configure session timeout policies and IP allowlisting to enforce access boundaries that match your organization's security posture.
Data Security
Your data is yours — protected and isolated.
Immutable Audit Trail
Every action — every approval, decline, comment, reassignment, and system event — is logged with timestamp and actor record. This log cannot be edited or deleted.
Data Isolation
All customer data is fully isolated in a multi-tenant architecture. No organization can access another's data — at the application layer or the infrastructure layer.
Data Retention and Deletion
Organizations control retention policies. Users may request deletion of their data at any time by contacting team@plugiq.io.
Responsible Disclosure
Found a vulnerability? Tell us first.
If you discover a security vulnerability in PlugIQ, we ask that you report it responsibly before any public disclosure. Our team takes every report seriously and will work to investigate and remediate valid findings promptly.
Send your report to team@plugiq.io with the subject line: Security Disclosure — PlugIQ. We will acknowledge your report within 2 business days.
We commit to working collaboratively with security researchers. We do not pursue legal action against researchers who act in good faith and follow responsible disclosure guidelines.
Talk to our team about your security requirements.
For enterprise security reviews, compliance queries, or detailed infrastructure documentation, contact us directly.