How we keep your data safe.

Email + password authentication via Supabase Auth. Passwords are hashed with bcrypt — we never see your plaintext password and we cannot recover it (you reset it).

Minimum 12-character passwords. Password-reset and email-confirm links are short-lived, single-use tokens.

Every row in our database is tagged with the agent who owns it. Postgres row-level security policies enforce that each query only ever returns the rows owned by the authenticated user — at the database level, not the application level.

This means a bug in our code can’t accidentally leak one agent’s clients to another. The database refuses queries that don’t match the policy, full stop.

Connections to Plannimo are encrypted in transit using HTTPS (TLS 1.2+). HSTS is enabled — once your browser has visited plannimo.com once, it will refuse plaintext connections going forward.

Data at rest is encrypted by our infrastructure providers (Supabase / AWS RDS for the primary database). Backups are encrypted as well.

Plannimo runs on:

• Supabase — Postgres database and authentication, hosted in AWS us-east-1
• Vercel — application hosting and serverless compute
• Resend — transactional email delivery for reminders and account emails, with SPF, DKIM, and DMARC configured for plannimo.com

Service-role / admin credentials are never exposed to the browser. Cron-driven reminder delivery happens server-side behind a shared-secret check.

The application sets strict response headers on every request:

• HSTS (with includeSubDomains and preload)
• X-Frame-Options: DENY (no clickjacking via iframe)
• X-Content-Type-Options: nosniff
• Referrer-Policy: strict-origin-when-cross-origin
• Permissions-Policy disabling camera, microphone, geolocation, payment, USB
• Content-Security-Policy in report-only mode (full-enforcement enabled before public launch)

Dependencies are scanned weekly via Dependabot and on every PR via npm audit. Source code is scanned for leaked secrets via gitleaks on every push.

You can delete your account from your settings page. Deletion is permanent and cascades — every client, trip, reminder, and setting tied to your account is removed from our database in the same transaction.

Found a security issue? Please email security@plannimo.com. We’ll acknowledge within 72 hours. Please give us a reasonable window to ship a fix before disclosing publicly. We don’t run a paid bounty yet, but we’ll credit you in the next changelog if you’d like.

We don’t sell your data. We don’t use your client records to train AI models. We don’t share your data with third parties beyond the infrastructure providers listed above. We don’t send marketing email without explicit opt-in.