Planned's last SOC2 audit was on April 2023, with no unusual findings. The certificate is available upon request to your implementation manager.

Does your organization comply with the General Data Protection Regulation (GDPR)?

Yes

Planned enables logging to track activity and configuration changes. We retain our cloud infrastructure logs for at least one year and have implemented tools to log and retain account activity related to actions across its cloud infrastructure.

Does your product offer role-based access control to assign and restrict user access?
​Yes, our product features role-based access control (RBAC) to manage and restrict user access based on their roles and responsibilities.

Does your organization encrypt data at rest?

Yes, our organization implements robust encryption for data at rest, utilizing advanced encryption standards (AES) to secure sensitive information on our storage systems. This approach is critical to our comprehensive data security framework, safeguarding against unauthorized access and data breaches.

Sensitive data is encrypted when it is transmitted over public networks.
​

Does your organization encrypt user passwords?

Yes, our organization encrypts user passwords, utilizing industry-standard hashing algorithms to ensure their security.