Back to home

Security

Security is built into every layer of the Aenex platform.

Protecting your data is foundational to everything we build. From infrastructure and encryption to access controls and AI safety, we follow industry best practices to keep your workspace secure.

Infrastructure

  • Hosted on SOC 2 Type II certified cloud providers (GCP and AWS)
  • Multi-region deployment for availability and disaster recovery
  • Content delivery network (CDN) for low-latency global access
  • Encrypted block storage with automated replication

Encryption

  • All data in transit encrypted with TLS 1.3
  • All data at rest encrypted with AES-256
  • Encrypted database backups with separate key management
  • HTTPS enforced for all API and web connections

Authentication

  • Passwords stored as salted bcrypt hashes (never plain text)
  • Session tokens managed with HTTP-only, secure cookies
  • Plannorium SSO for workspace authentication
  • Multi-factor authentication (MFA) on our roadmap
  • SCIM provisioning planned for enterprise workspaces

Access Control

  • Role-based permissions: Owner, Admin, Editor, Viewer, Guest
  • Granular workspace-level access controls
  • Shareable links with view or edit permissions
  • Guest access for external collaborators
  • Audit trail of all permission changes

Monitoring and Detection

  • 24/7 automated threat monitoring and anomaly detection
  • Real-time logging of authentication events and API access
  • Rate limiting and brute-force protection on login endpoints
  • Automated alerts for suspicious account activity
  • Quarterly penetration testing by independent third parties

Backups and Recovery

  • Automated daily backups of all workspace data
  • Cross-region backup replication for disaster recovery
  • Point-in-time recovery capability
  • Encrypted backup storage with restricted access
  • Regular backup restoration testing

AI Security

  • AI requests transmitted over encrypted channels only
  • Strict workspace isolation — no cross-workspace data leakage
  • AI providers contracted to not train on your data
  • Configurable AI provider selection (Groq or Gemini)
  • Prompt and response data stored within your workspace boundary

Report a Security Vulnerability

We take security vulnerabilities seriously. If you believe you have discovered a security issue, please report it responsibly.

Email our security team at support@plannorium.com with details about the issue. We will acknowledge receipt within 48 hours and work with you to address the finding promptly.

We maintain a responsible disclosure policy and will publicly acknowledge verified security researchers who report issues in accordance with our guidelines.

Continuous Improvement

Security is never a finished effort. We regularly update our practices to address emerging threats. Our program includes quarterly penetration testing, dependency scanning, automated security checks in CI/CD, and ongoing security training for our team. We also maintain a bug bounty program for independent researchers.