How Plumb protects your drawings
Shop drawings are competitive information — fabrication methods, client relationships, pricing signals. We built Plumb assuming every package you upload is confidential. This page describes the controls in plain language, so you can hand it to whoever signs off on new vendors.
LAST UPDATED · 2026-06-10
Upload
Files transfer over TLS to access-controlled cloud storage. Uploads are only accepted into a folder scoped to your account, via short-lived signed URLs. The storage bucket is private — there are no public links to anything you upload.
Validation & sanitization
Every upload is verified server-side to actually be a PDF (file signature plus structural parse) before an order is created. Before any processing, the file is sanitized: embedded JavaScript, embedded files, and file attachments are stripped. Password-protected and malformed files are rejected with a clear error.
Review
Analysis runs in a single-use, isolated container that is destroyed when the job finishes. Drawings are analyzed by Claude via the Anthropic API under commercial terms — API inputs and outputs are not used to train Anthropic’s models. No human at Plumb reads your drawings as part of the automated flow; staff access is limited to support and abuse investigation.
Delivery
Your marked-up PDF and Excel comment file are stored privately and delivered through signed download links that expire after 7 days. Fresh links are always available from your dashboard, behind your login.
Deletion
An automated daily job permanently deletes source drawings 30 days after upload — this is enforced by code, not policy. Deliverables stay available in your account until you delete them or close the account. Full deletion is available any time on request.
Tenant isolation
Every database table enforces row-level security: queries are filtered to the authenticated account by the database engine itself, not just application code. Storage paths are scoped per account the same way.
Account security
Passwords require 12+ characters, are checked against known-breach corpuses at signup and on every password change (using k-anonymity — your password never leaves our server), and are stored only as salted hashes. Email verification is required before first login.
Application hardening
Strict transport security (HSTS), clickjacking and MIME-sniffing protections, signature-verified payment webhooks, and authenticated, constant-time-verified job dispatch between our web tier and processing tier.
Least privilege
Administrative access is restricted to named Plumb principals. Service credentials are scoped per environment, never committed to source control, and rotated on personnel or incident events.
Payments
Billing is handled by Stripe (PCI DSS Level 1). Your card number is entered on Stripe’s hosted checkout and never transits or touches Plumb servers.
Plumb runs on audited cloud infrastructure. We don’t operate our own servers, and each provider below maintains its own independent security certifications (SOC 2 Type II and/or ISO 27001).
You own your drawings. We claim no rights to anything you upload beyond what’s needed to produce your review.
No training, period. Your drawings are not used to train or improve AI models — ours or anyone else’s.
Deletion on request. Email us and we’ll permanently remove your files and account data, with written confirmation.
NDA available. If your client agreements require a signed NDA before drawings go to any vendor, we’ll sign one — ask.
Security questions, vendor-review questionnaires, or a vulnerability to report: hello@plumbreview.com. We respond to disclosure reports within 2 business days and credit good-faith researchers.