Security

The security of your data is extremely important to us. This document outlines some of the steps we take to secure our service.

TLS / SSL

All communication with Paperplane servers is encrypted using TLS (often also referred to as SSL).

Data retention

All data is backed up offsite daily for recovery from disasters. Backups are retained for a reasonable period of time but will eventually be deleted.

Financial security

Credit card details are never stored by Paperplane. Credit card details are transmitted directly to our payment provider over encrypted connections and are not logged or stored in our systems.

Payments are processed by Stripe, a PCI-DSS Level 1 compliant service provider.

Password security

Password security is maintained through a minimum passwords length requirement.

To maximise your safety, we recommend your password be at least 10 characters in length with a mixture of letters, numbers and non-alphanumeric characters. We recommend that the password you use for Paperplane is unique and not used on any other web site.

A password manager such as 1Password can help you manage your passwords securely.

No plain text passwords are stored at any time.

Physical security

Paperplane’s production systems run on Heroku and Amazon Web Services.

For more details on the physical security the provide, please refer to the following documents:

Vulnerability management

Software libraries used by Paperplane are regularly updated. Security updates from software libraries will be applied as soon as possible, often within 24 hours of public release.

Vulnerability disclosure

If you believe you’ve discovered a bug in Paperplane’s security, please get in touch at security@paperplane.app.

PricingDocumentationBlogAPI Status
@getpaperplane
© year Paperplane. All rights reserved.
Terms of UsePrivacy PolicySecurity