Security

Straight talk on security.

We're an early-stage company, and we'd rather tell you plainly what's true today than dress it up. Here's how PlanSmart handles your data — and what we don't have yet.

What's in place today

The basics, done honestly.

Encrypted in transit

Traffic runs over TLS 1.3, so data moving between you and PlanSmart is encrypted on the wire.

Isolated databases

Application and vector databases run in an isolated environment — not exposed directly to the public internet.

Hashed passwords

Passwords are hashed, never stored in plain text.

Established storage

Uploaded files are kept on established cloud object storage (AWS S3 / Cloudflare R2), not ad-hoc servers.

You keep authority

PlanSmart returns findings, not approvals. Your review decisions — and the record of them — stay yours.

Auditable record

Reviews produce a timestamped, exportable history, so you can reconstruct what was checked and when.

What we don't have yet

No badges we haven't earned.

We don't yet carry formal certifications like SOC 2. Plenty of vendors imply otherwise — we won't. As we grow, we'll add the certifications that matter to the teams we serve, and we'll say so here when we actually have them, not before.

Have a security or data-handling question? Talk to us — we'll give you a straight answer.