Plant | Security

Security

Striving to deliver products and services that you can trust

Basic

All projects and versions are private and can be visible to your team only, none of your work is available to the outside world, and all data always transmitted over SSL.

All changes to our product and systems get tested by our Quality Assurance team before any release. Our whole product team is responsible for testing. If there are any changes that impact authentication or any other security related features, we make sure to verify that none of the information is exposed inappropriately, and that our users can only access their own data.

Plant on-premise option allows your IT team to control access to application infrastructure including logs, database, and application storage.

Authentication Security

Plant requires authentication for all application screens and pages. All authentication controls enforced on a trusted system, and all authentication controls fail securely. Plant uses TLS-encrypted POST requests to transmit authentication credentials.

We protect your login from brute force attacks with rate limiting and enforce password requirements and security standards:

  • All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt.
  • No plaintext passwords are stored.
  • Login information is always sent over SSL.
  • Email-based password reset links are sent only to a user's pre-registered and confirmed email address with a temporary link.

Session Management Security

Each session goes through a unique authentication token. Authentication token consists of random data to protect against brute force account credential attacks.

Each time user is signed out from Plant the authentication token cookie is deleted from the client and the authentication token becomes invalidated on Plant servers.

Credit card safety (PCI Compliance)

We do not store any of your card information on our servers. It's handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers.

Single Sign-On (SSO)

Plant lets you implement Single Sign-On through SAML 2.0 or Open ID protocols. This allows your team to log in to Plant using their existing corporate credentials. SSO is an account-level feature available for Enterprise option.

Data Access

We have implemented employee access controls that protect your information from unauthorized use. Only a handful of people can access data and they only do so in order to improve the services we provide.

Plant employees will never have access to private repositories unless required for support reasons. In rare cases staff may need to get a copy of your design, this will only be done with your consent.

Need to report a security vulnerability?

Please email support@plantapp.io to report any security vulnerabilities.

N U S L R