Governance built in, not bolted on.
The controls your security team asks for — encrypted keys, audit logs, RBAC, webhook secret rotation, security headers, and JWT sessions. Already shipped.
Encrypted API keys
Third-party credentials are encrypted at rest. Your LLM keys never leak to the canvas.
Comprehensive audit logs
Every flow publish, run, and setting change is recorded with actor, timestamp, and context.
Security headers
CSP, HSTS, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy enabled by default.
Webhook secret rotation
Published flows sit behind rotating secrets. Rotate on-demand from the settings panel.
JWT-based sessions
Short-lived tokens with server-side revocation. No long-lived cookies floating around.
Account deletion on request
We don't auto-delete inactive accounts. Your work stays put until you ask. Email info@plugnode.ai to remove your account and data.
PCI-compliant payments via Stripe
All payments are processed by Stripe (PCI DSS Level 1). Card numbers never touch PlugNode servers — they go directly from your browser to Stripe. SCA / 3D Secure and fraud prevention are built in.
Start building your first flow today.
Free to try. No credit card required. Publish production workflows in under 10 minutes.