Skip to content

Security

Security & trust

Plena holds event data, attendee details, and payment flows. Here is plainly how we keep all of it safe — and the rights you have over your data.

Your data, protected

Isolated per organizer

Row-level security in the database means one organizer can never read or change another's events, attendees, or revenue.

Encrypted in transit

Every connection to Plena uses TLS (HTTPS). Data moving between your browser and our servers is encrypted.

We never store cards

Payments are handled by Paddle, a PCI DSS-compliant Merchant of Record. Card details go to Paddle, never to Plena.

Attendee privacy

Attendee names and emails are visible only to the organizer of that event — never to the public or other organizers.

Your data, your call

You can export or delete your data on request. We collect only what running your events needs.

How access is controlled

The organizer dashboard is behind authentication — every request is checked against your signed-in session before any data is returned.

Permissions are enforced at the database layer, not just in the app, so a bug in the interface can't expose data you shouldn't see.

Payments

Subscription and ticket payments are processed by Paddle.com, our Merchant of Record. Paddle is PCI DSS compliant and handles all card data, billing, and tax.

Plena stores the order amount and status for your reports — never card numbers.

Privacy & your data

We collect the minimum needed to run events: your account details, the events you create, and registrations for them.

You can request an export or deletion of your data at any time. See our Privacy Policy for the full detail.

Honest about scope

Plena is built security-first, but we don't claim certifications we don't yet hold. As we grow we'll add formal audits and publish them here.

Report a concern

Found something that looks off, or have a security question? Email support@plenaevent.com and we'll respond quickly.