Security

Last updated: June 15, 2026

PlugFile handles regulated well-plugging data for Texas oil & gas operators. This page summarizes our security posture in plain English so you can evaluate us during vendor diligence. We make only claims that are true of the current system.

Per-account data isolation (row-level security)

Every saved filing is stored in a Supabase PostgreSQL database with row-level security (RLS) enabled on every table. Each database row is tagged with the authenticated user's ID, and Postgres enforces read and write access at the row level — not just at the application layer. A signed-in user can only ever SELECT, INSERT, UPDATE, or DELETE their own filings. The application frontend uses the public anon key plus the user's session token; the service-role key is never exposed to the browser or returned in any HTTP response, and is used only by trusted server-side processes. Filing shares (operator → plugging company) are scoped to a verified email address claim and restricted so a collaborator cannot change ownership.

Data residency and third parties

All filing data is stored in US-based infrastructure: our Supabase PostgreSQL database is provisioned in a US region, and the application runs on Render in the United States (US-East). The only third party that ever receives filing content is Anthropic's API — a US-based company — and only the specific text you dictate or upload for the Section IX narrative and document-extraction assists, used solely to fill fields the parser could not extract. Anthropic does not train on that data (see below). We do not sell filing data, and we do not share it with any other third party for their own use.

No AI training on your filing data

When you dictate a Section IX narrative, PlugFile may send the text to Anthropic's API to fill in fields that the regex parser could not extract. Anthropic does not use API request data to train its models — this is governed by Anthropic's API terms of service. PlugFile never sends filing data to any other AI provider for any purpose.

Prep, never file

PlugFile prepares a portal-ready or print-ready filing package that you review and submit yourself through the Texas RRC Online System. PlugFile is a preparation tool only — you remain in full control of every submission. The browser extension fills the portal for your review; it never clicks the submit button. Nothing is sent to the RRC without your deliberate action.

TLS and HSTS in transit

All traffic between your browser and PlugFile is encrypted with TLS. The Strict-Transport-Security header (max-age=15552000; includeSubDomains) is served on every response, preventing downgrade attacks. Certificate verification is enforced on all server-side fetches from the Texas RRC — it is never disabled.

Other controls

• Content-Security-Policy: script-src 'self' — no inline scripts, no external script origins beyond the page's own domain.
• Upload limits: document uploads are capped at 10 MB per file.
• Rate limits: per-IP rate limits are applied to all LLM endpoints to prevent abuse.
• No CDN scripts: no third-party JavaScript CDN sources are loaded; all scripts are served from our own domain.

Vulnerability disclosure

We follow responsible disclosure. If you discover a security issue, please report it to [email protected] before public disclosure. Our machine-readable disclosure policy is at /.well-known/security.txt (RFC 9116).

We aim to acknowledge reports within two business days and to provide a resolution timeline within five business days. We ask that you give us reasonable time to address the issue before public disclosure and that you not access or modify data belonging to other users during your research.

Contact

Security issues: [email protected]
General: PlugFile LLC · 8055 FM 359 RD S, STE 322, Fulshear, TX 77441 · [email protected]