Plexxa runs on Fly.io with primary infrastructure in Sydney, Australia (region syd). Application servers, the Postgres database, blob storage and search indexes all live in this region by default. Cross-border data movement happens only when:
For customers on the Business or Custom plan we can host in additional regions on request.
Plexxa is multi-tenant. Each customer has its own workspace ("Customer" record) and every row in our database is scoped to a workspace via a CustomerId foreign key. We enforce this isolation in three independent layers:
FORCE ROW LEVEL SECURITY is enabled on customer tables, with policies that key off a connection-level app.customer_id setting. A bug in app code that forgets to filter still can't read another tenant's rows.customers/{customerId}/users/{userId}/{filename} and access is gated by short-lived signed URLs.In transit: all traffic between your browser and Plexxa uses TLS 1.2+ with HSTS. Internal calls between Plexxa services within Fly.io are also TLS-encrypted.
At rest: the Postgres database is encrypted at rest using the underlying provider's volume encryption. Blob storage is encrypted at rest by the storage provider. Backups are encrypted.
Staff access to production is restricted to the small number of Plexxa employees who need it for operational reasons. We use:
Within your workspace, you have role-based access control: Owner, Admin, Member, Viewer, and any custom roles you create. Document, web-link and data-source access is further gated by per-resource ACLs so you can give specific people access to specific content.
End users authenticate via email + password (with optional 2FA) or by federated SSO with Google / Microsoft. Passwords are hashed with PBKDF2 (the default for ASP.NET Core Identity). Session cookies are HTTP-only, Secure, SameSite=Strict, and signed.
For embedded widgets on your site, traffic is gated by allow-listed origins and a per-widget public key that you control. Revoking a widget's key terminates the assistant on every site it was embedded on, immediately.
We do not train AI models on your content. Your documents, web pages, queries and answers are not used to train any model — ours, our suppliers', or anyone else's. The technical mechanism: when we send content to a model provider for inference (i.e. to answer a single question), we send it via API with provider settings that exclude the request from training datasets.
Current model providers we use:
The current full list is published in the sub-processors section below; we update it when it changes.
The following third parties process customer data on our behalf:
The current authoritative list is in the DPA. We notify customers in writing before adding a new sub-processor that processes content data.
Postgres is backed up continuously with point-in-time recovery for the last 7 days, plus daily snapshots retained for 30 days. Backups are encrypted and stored in the same region as the primary database.
When you delete a document, web link, or data source from your workspace, it is removed from the live index immediately. The underlying row is hard-deleted on a daily background sweep (or sooner if you ask). Backup snapshots that contain deleted data age out within 30 days.
When you cancel your account, we retain your data for 30 days in case you change your mind, then permanently delete it across primary, replica and backup storage. You can ask for an immediate purge in writing — we'll do it within 30 days of the request and confirm in writing.
If you've found a security issue, email security@plexxa.ai. Please include enough detail to reproduce the issue, and please don't run automated scanners that generate user accounts or load — we're a small team and noisy testing makes life harder. We commit to:
We do not currently run a paid bug-bounty program.
We're being upfront here. Plexxa is a small Australian software company; we don't have a SOC 2 report yet. We're working on a SOC 2 Type II audit and will publish the report when it's complete. ISO 27001 is on the longer-term roadmap.
What we do have on hand today:
For security-related questions, vulnerability reports or compliance queries: security@plexxa.ai.