Security

Your privacy is the product

We built Pluto so that not even we can read your files. Here's exactly how we keep your data yours.

๐Ÿ”

Zero-knowledge architecture

Encryption keys are derived on your device and never transmitted. We store only encrypted blobs.

๐Ÿ›ก๏ธ

AES-256 & TLS 1.3

Files are encrypted at rest with AES-256 and in transit with modern TLS 1.3.

๐Ÿ”‘

Two-factor auth

Protect your account with TOTP apps, hardware keys, and passkey support.

๐Ÿ“‹

SOC 2 Type II

Independently audited controls for security, availability, and confidentiality.

๐Ÿ‡ช๐Ÿ‡บ

GDPR compliant

Choose your data residency region and exercise full data-portability rights.

๐Ÿ”

Audit logging

Every access and change is logged, giving teams complete visibility and traceability.

Infrastructure

Defense in depth

Multiple independent layers protect your data at every stage of its lifecycle.

๐ŸŒ

Isolated storage nodes

Data is sharded and replicated across geographically separated nodes with no single point of failure.

โฑ๏ธ

Continuous monitoring

24/7 intrusion detection and automated anomaly alerts keep threats out around the clock.

๐Ÿงฏ

Disaster recovery

Hourly encrypted backups and a tested recovery plan guarantee a 99.99% uptime SLA.

๐ŸŽฏ

Bug bounty program

We reward researchers who help us stay ahead โ€” responsible disclosure is always welcome.

FAQ

Security questions

Can Pluto employees read my files?+
No. With zero-knowledge encryption, your files are encrypted before upload and we never hold your keys.
What happens if I lose my password?+
You can restore access with your recovery key. Because of our zero-knowledge design, keep it somewhere safe โ€” it's the only way back in.
Where is my data stored?+
You choose a data region at signup โ€” the EU, US, or Asia-Pacific โ€” and your files stay there.

Security you can verify

Read our whitepaper or request our latest SOC 2 report from the team.

Request documentation