Security
Security at Plato Tribune
Plato Tribune generates AI-powered SEO content clusters and auto-publishes them to our customers’ WordPress sites. Because we connect to your sites and handle your credentials, security is fundamental to everything we build.
Last updated: June 2026
Overview
We follow a defense-in-depth approach: multiple, layered controls across our application, infrastructure and operations.
This page summarises the technical and organisational measures we use to protect your data and your connected WordPress sites.
Encryption
All traffic to and from Plato Tribune is encrypted in transit using TLS. We do not serve application content over unencrypted connections.
Sensitive data is encrypted at rest. In particular, your WordPress credentials (site URL, username and application password) are encrypted with AES-256-GCM before they are stored, and are only decrypted at the moment they are needed to publish.
Authentication
Authentication is handled by Keycloak, a hardened identity platform. Passwords are never stored in plaintext; they are salted and hashed.
We support optional single sign-on, including Google sign-in, so your team can authenticate with your existing identity provider.
Infrastructure
Our application runs on Vercel, a managed platform with automated patching, DDoS protection and a global edge network.
We separate development, staging and production into isolated environments, so test data and production data never mix.
Access controls and least privilege
Internal access to production systems is restricted to the staff who need it and is granted on a least-privilege basis.
Administrative actions are scoped and logged, and access is reviewed periodically and revoked promptly when no longer required.
Payment security
All payments are processed by Stripe, a PCI-DSS Level 1 certified provider. Card data is sent directly to Stripe and is never stored on our servers.
We retain only the limited billing metadata required to manage your subscription.
Monitoring and backups
We monitor our systems for errors and anomalous activity and maintain an incident response process to react quickly to issues.
Our MongoDB database is backed up regularly so that data can be restored in the event of a failure.
Responsible disclosure
We welcome reports from security researchers. If you believe you have found a vulnerability, please contact us through our contact page with the details.
We ask that you give us a reasonable opportunity to investigate and remediate before any public disclosure, and we commit to acknowledging your report.
Your responsibilities
Security is a shared responsibility. Use a strong, unique password, enable single sign-on where possible, and keep your WordPress installation and plugins up to date.
Use dedicated WordPress application passwords for the connection and revoke them immediately if you suspect any compromise.