Security

Security at Plato Tribune

Plato Tribune generates AI-powered SEO content clusters and auto-publishes them to our customers’ WordPress sites. Because we connect to your sites and handle your credentials, security is fundamental to everything we build.

Last updated: June 2026

Overview

We follow a defense-in-depth approach: multiple, layered controls across our application, infrastructure and operations.

This page summarises the technical and organisational measures we use to protect your data and your connected WordPress sites.

Encryption

All traffic to and from Plato Tribune is encrypted in transit using TLS. We do not serve application content over unencrypted connections.

Sensitive data is encrypted at rest. In particular, your WordPress credentials (site URL, username and application password) are encrypted with AES-256-GCM before they are stored, and are only decrypted at the moment they are needed to publish.

Authentication

Authentication is handled by Keycloak, a hardened identity platform. Passwords are never stored in plaintext; they are salted and hashed.

We support optional single sign-on, including Google sign-in, so your team can authenticate with your existing identity provider.

Infrastructure

Our application runs on Vercel, a managed platform with automated patching, DDoS protection and a global edge network.

We separate development, staging and production into isolated environments, so test data and production data never mix.

Access controls and least privilege

Internal access to production systems is restricted to the staff who need it and is granted on a least-privilege basis.

Administrative actions are scoped and logged, and access is reviewed periodically and revoked promptly when no longer required.

Payment security

All payments are processed by Stripe, a PCI-DSS Level 1 certified provider. Card data is sent directly to Stripe and is never stored on our servers.

We retain only the limited billing metadata required to manage your subscription.

Monitoring and backups

We monitor our systems for errors and anomalous activity and maintain an incident response process to react quickly to issues.

Our MongoDB database is backed up regularly so that data can be restored in the event of a failure.

Responsible disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability, please contact us through our contact page with the details.

We ask that you give us a reasonable opportunity to investigate and remediate before any public disclosure, and we commit to acknowledging your report.

Your responsibilities

Security is a shared responsibility. Use a strong, unique password, enable single sign-on where possible, and keep your WordPress installation and plugins up to date.

Use dedicated WordPress application passwords for the connection and revoke them immediately if you suspect any compromise.