Straight talk on security.
We're an early-stage company, and we'd rather tell you plainly what's true today than dress it up. Here's how PlanSmart handles your data — and what we don't have yet.
The basics, done honestly.
Encrypted in transit
Traffic runs over TLS 1.3, so data moving between you and PlanSmart is encrypted on the wire.
Isolated databases
Application and vector databases run in an isolated environment — not exposed directly to the public internet.
Hashed passwords
Passwords are hashed, never stored in plain text.
Established storage
Uploaded files are kept on established cloud object storage (AWS S3 / Cloudflare R2), not ad-hoc servers.
You keep authority
PlanSmart returns findings, not approvals. Your review decisions — and the record of them — stay yours.
Auditable record
Reviews produce a timestamped, exportable history, so you can reconstruct what was checked and when.
No badges we haven't earned.
We don't yet carry formal certifications like SOC 2. Plenty of vendors imply otherwise — we won't. As we grow, we'll add the certifications that matter to the teams we serve, and we'll say so here when we actually have them, not before.
Have a security or data-handling question? Talk to us — we'll give you a straight answer.