Data & Security

Plot connects to the tools where your work happens — your email, your calendar, your team chat. That means we hold data worth protecting, and we treat that as part of the product. This page explains where your data lives, who can see it, and how we keep it safe.

Where your data lives

Plot is local-first. The app keeps a copy of your data on your device, so it works offline and stays fast. That copy is protected by your device's own storage encryption.

Your data syncs to our servers for backup, for your other devices, and for sharing with the people you choose. Our database runs on Google Cloud in Toronto, Canada, and is backed up automatically every day. Our API runs on Cloudflare's network.

Encryption

Everything moving between your device and our servers is encrypted in transit with TLS. Everything stored on our servers is encrypted at rest by our infrastructure providers.

The most sensitive pieces — the tokens that link your connected accounts, and any AI keys you bring — are encrypted a second time at the application level with AES-256, using keys we manage.

Your connected accounts

Connections use OAuth: you sign in with the provider directly, and Plot receives a scoped token — never your password. Each connection asks only for the access its features need, and you can disconnect at any time. Disconnecting removes the stored tokens.

Connectors run inside a sandboxed runtime with access only to the capabilities they declare.

Plot's use of information received from Google Workspace APIs adheres to the Google User Data Policy, including the Limited Use requirements. Because Plot can access Gmail, we also pass an annual independent security assessment (CASA) that Google requires for that access.

AI

AI in Plot does things you can see — summarize a thread, suggest where something belongs. We send only what a feature needs to our AI providers (Anthropic, Google, and OpenAI), under agreements that prohibit them from training on your data or keeping it beyond the response. We never use your data to train models either. You can turn off AI processing entirely in your account settings.

Who can see your work

Your threads are visible to you and the people you've shared them with — directly, through a group, or through your team. Drafts stay private until you send them. These rules are enforced in the database itself, on every query, not just in the app.

People at Plot don't read your data. The narrow exceptions — debugging with your consent, investigating abuse, legal requirements — are spelled out in our privacy policy.

Deleting your data

You can delete your account from the app at any time. We hold your data for 14 days in case you change your mind, then everything is erased automatically and permanently — your content, your connection tokens, and your files.

Payments

Payments are handled by Stripe. Your card details go to Stripe directly and never touch our servers.

The services we rely on

Plot runs on a small set of providers, each doing one job:

• Cloudflare — API hosting, networking, and file storage
• Google Cloud — database hosting (Toronto, Canada)
• Clerk — sign-in and authentication
• Stripe — payments
• Anthropic, Google, and OpenAI — AI features (optional; never used for training)
• Unipile — powers the LinkedIn, WhatsApp, and Instagram connections
• PostHog — product analytics and error tracking
• Resend — email notifications
• Firebase and Apple Push — notifications to your devices

That's the full list. We don't sell your data, and we don't show ads.

If you find a security issue

Email security@plot.day — it reaches us directly, and we respond quickly. We also publish security.txt for automated discovery.

Where we are

We're a small team, and we don't have a SOC 2 report yet. What we do have: the controls on this page, an independent security assessment every year, and an architecture that keeps your data on your device first. If you're evaluating Plot for your business and need more than this page, write to security@plot.day — a person will answer.