Security
Security at PlexMCP
We take security seriously. Learn about the measures we implement to protect your data and keep your MCP connections secure.
Infrastructure Security
Enterprise-grade encryption and isolation
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Row-Level Security (RLS) for multi-tenant data isolation
Authentication & Access
Strong authentication mechanisms
- JWT-based authentication
- Two-factor authentication (TOTP) support
- Argon2id password hashing
- Scoped API keys with granular permissions
Data Protection
Your data privacy is our priority
- MCP content NOT stored - we only proxy, never retain
- Immutable audit logs with 7-year retention
- Automatic backups with 30-day retention
Compliance
Meeting industry standards
- SOC 2 Type II compliance (target Q2 2026)
- GDPR compliant - data export, deletion, 72-hour breach notification
- OWASP Top 10 mitigations implemented
Vulnerability Disclosure
We appreciate responsible security research
If you discover a security vulnerability in PlexMCP, we encourage you to report it responsibly. We commit to:
- Acknowledging your report within 48 hours
- Providing regular updates on our progress
- Following a 90+ day coordinated disclosure timeline
- No legal action against researchers acting in good faith
Report Security Issues
security@plexmcp.com