Compliance and security documentation

Plausible publishes its security practices, data policy and legal documents publicly. Most compliance and security review questions can be answered directly from those pages without needing to contact us.

Where to find the relevant documents

Security overview: technical and organizational security measures, infrastructure, access controls, backups, subprocessors and vulnerability disclosure
Data policy: what data Plausible collects, why, and how it is handled
Privacy policy: how we handle data related to Plausible account holders
Data Processing Agreement (DPA): the DPA that applies to all Plausible customers, covering GDPR obligations and processor responsibilities

How Plausible is typically classified in security reviews

Plausible does not process personal data or track individual users. There are no cookies, no cross-site tracking and no persistent user identifiers. Because of this, Plausible is typically classified as a low-risk service in vendor security assessments and GDPR impact analyses.

Security questionnaires

If your organization requires a vendor security review, the documents above are designed to answer the questions typically asked in those reviews. We recommend going through them before sending a questionnaire, as most topics are already covered.

If there are specific questions that are not answered by those pages, contact us and include the specific questions. We will do our best to help.

Where to find the relevant documents​

How Plausible is typically classified in security reviews​

Security questionnaires​

Where to find the relevant documents

How Plausible is typically classified in security reviews

Security questionnaires