Protecting the confidentiality, integrity and availability of customer data and systems.

With Plastiq’s software security assurances, Plastiq facilitates customers security requirements while enabling the best, most cost-effective user experience.

shutterstock_1095422036 1

Software Security Assurance

Plastiq relies on software to protect our environments and data in the cloud. The costs associated with incidents, emerging regulations, and keeping operating costs up to date require companies to pay careful attention to how Plastiq approaches software security and assess the security assurance practices of Plastiq’s supply chain. At every phase of the product development lifecycle, software security assurance is Plastiq’s methodology for building security into the design, build, testing, and maintenance.

Plastiq's software security assurance is a set of industry-leading standards, technologies, and practices, aiming at:

Plastiq’s secure coding standards
Mandatory security training for engineering, product management, and infrastructure organizations
Analysis techniques
Minimizing security weaknesses on customers and partners
Vulnerability disclosure and remediation
Private bug bounty program

Information security is a first class citizen. Plastiq undertakes safeguarding our customer data seriously.

John Menerick
Information Security Officer
Security & IT Compliance

Our corporate practices

Plastiq protects the confidentiality, integrity, and availability of customer data and systems. With Plastiq’s software security assurances, Plastiq facilitates customers security requirements while enabling the best, most cost-effective user experience.

GettyImages-1182301306 2

Multi-factor authentication

We recommend all customers to keep multi-factor authentication enabled. This is the most effective and simplest method to enhance the security of your accounts. This magnifies your company’s security and helps keep information private.

Educate employees about phishing

Phishing emails entice someone to open an attachment, visit a fake website, or enter their credentials in an unsecured way.

Please coach employees to not open unexpected attachments, click links in unexpected emails or open emails from unknown parties. Employees who receive email from unexpected parties should see if the email makes sense. The address should be verified— any email from Plastiq will contain the website address.

If you or any of your employees are unsure if a Plastiq email is legitimate, please forward the email to Plastiq Security at

GettyImages-170729806 1
Group 625

Phishing examples

Phishing scams use fake emails to get customers to share confidential information. Emails look as though they come from Plastiq and may contain links to what appears to be Plastiq, but they lead to a fake site designed to steal information. The scams have become more sophisticated, so it can be hard to know if the email is real or fake. The best way to avoid a phishing scam is knowing what to look for. Check out these recent examples.

Contact us

Our goal is to be a valuable collaborator in customer security.

GettyImages-1215904407 1
Report a security concern

For security-related inquiries, comments, or concerns, email security at

shutterstock_1518572027 1 (1)
Report suspicious email or activity

Help us identify and stop scammers, recognize trends in fraudulent activity, and improve the security of your service.

If you receive an email that appears to be from Plastiq, but seems unusual in any way, please forward it to

shutterstock_301215242 1
Report a potential vulnerability

Plastiq Security acknowledges the valuable role that independent security researchers play in internet security. As a result, we encourage responsible reporting of any vulnerabilities that may be found in our site or applications.

Plastiq is committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us. Our security.txt is found here.

If you would like to join our private bug bounty program, reach us here.


icon_advisories 1

COVID-19: Plastiq has not experienced any significant business impacts.


At Plastiq, we take the security of our customers, their payment recipients, and our partners very seriously.

It’s why we’ve introduced rigorous certifications, standards and frameworks that help ensure the safety of all the data and information that we’re entrusted with.

To protect our customers, we’ve implemented a number of IT compliance certifications and attestations.

Certifications, standards and frameworks


PCI DSS Level 1 - Shared Services Provider


NIST Cyber Security Framework


NIST 800-30


NIST 800-115


Third party audits

Group 629 (1)

Building security in maturity model