# Security overview - url: https://www.plox.in/docs/security-overview - excerpt: Every access control, content protection, and audit feature Plox offers — in one place. **Plox Tip:** You can stack any of these. A common LP-grade combo is Allowlist + Passcode + Dynamic Watermark + Disable Download. Plox is built so the only people who see your content are the people you intend, and so you always know who *actually* opened it. Here's the full toolkit, grouped by what they protect against. ## Access controls | Feature | What it does | Best for | | --- | --- | --- | | [Require Email to View](/docs/require-email-to-view) | Viewers type an email before access. | Lead capture with low friction. | | [Email Verification via OTP](/docs/email-verification-via-otp) | One-time code sent to the typed email. | Confirming real recipients. | | [Require Passcode](/docs/require-password-to-view) | A shared secret unlocks the document. | Pre-approved viewer lists. | | [Allow Specific Emails Only](/docs/allow-access-to-specific-emails) | Explicit allowlist of viewers. | Internal sends, closed-room deals. | The controls compose — turning on email + passcode + allowlist gives you three independent checks before anyone sees a single page. ## Content protection - **Dynamic Watermarking** — every page is stamped with the viewer's email and timestamp. If a screenshot leaks, you'll know who took it. - [Disable Download](/docs/disabling-downloads-for-shared-files) — viewers can read but can't save a local copy. - **Screenshot Protection** — mobile screenshots are blocked entirely; desktop screenshots carry the watermark. - [Confidential Documents](/docs/confidential-documents) — a preset that flips everything on by default for high-stakes files. ## Visibility & revocation - **Live analytics** — see every view as it happens (see [Tracking your document](/docs/tracking-your-document)). - **Per-viewer audit log** — email, IP, location, device, time, pages read. - **Revoke any link, instantly** — toggle a link off and any open session is killed on the next request. - [Notification triggers](/docs/what-events-trigger-alerts) — alerts when specific viewers open or revisit. ## Infrastructure & compliance - TLS 1.3 in transit, AES-256 at rest. - SOC 2 Type II compliant hosting. - GDPR-friendly: you control viewer PII; you can delete it on request. - Custom domain support so your branded URL never reveals "plox" in the link. ## What to read next - [Confidential Documents](/docs/confidential-documents) — the "lock everything down" preset. - [For Investors](/docs/for-investors) — security defaults LPs expect. - [Allow Access to Specific Emails Only](/docs/allow-access-to-specific-emails) — the strictest viewer gate.