Security

Security Policy

Last reviewed: April 8, 2026

ActionPlane is built for governed write-path workflows, so the product is designed around operator controls, traceability, authentication, and defensive service behavior. This page summarizes our current security posture and how to report issues.

1. Platform controls

Identity and session security

Authentication, antiforgery protections, cookie controls, role checks, and user-context validation sit in front of operator actions.

Governed execution

Approval gates, idempotent ingress, queue-backed execution, and audit events help reduce unsafe duplicate or unreviewed writes.

Operational visibility

Run history, review notes, correlation identifiers, and event processing support traceability and incident investigation.

2. Data protection approach

Encryption in transit is expected for service traffic and provider integrations.
Storage, cache, queue, and secret-management controls depend on the deployed cloud environment and subscribed plan.
Workspace data is isolated by tenant-aware application patterns and environment configuration.
Private networking, regional deployment choices, and additional controls may be available through enterprise deployment design.

3. Security operations

We use logging, rate limiting, failure handling, secret rotation practices, and change-control discipline to support secure operation. Controls continue to evolve as ActionPlane matures.

4. Incident response

If we identify a confirmed security incident affecting ActionPlane data or service integrity, we will investigate, contain, remediate, and notify affected customers where required by law or contract.

5. Shared responsibility

You are responsible for your users, connected systems, approval policies, secrets, and downstream permissions.
You should review action proposals, apply least privilege, and configure the right safeguards for your environment.
You must keep your own infrastructure, third-party services, and endpoints secure.

6. Responsible disclosure

To report a security issue, email legal@actionplane.ai or support@actionplane.ai with reproduction details.

Do not access data you are not authorized to access.
Do not use social engineering, destructive testing, or denial-of-service techniques.
Give us a reasonable opportunity to investigate and remediate before public disclosure.

Contact

ActionPlane is a product of Zencraft Consultancy Pvt Ltd.

For legal notices, security reports, and support questions about ActionPlane, use the published channels below.

Legal legal@actionplane.ai Support support@actionplane.ai

Registered office 19, KailashDhara, R B Mehta Marg, Ghatkopar East, Mumbai 400077, Maharashtra, India