Security
Last Updated: January 27, 2025
Your trust is our most important asset. All customer data stored by Planyway («we», «us», “Rsoftware”) is protected by rigorous infrastructure and administrative procedures. To achieve the high levels of physical and data protection that businesses require today, Planyway maintains a robust and comprehensive multi-level security environment as described herein.
Data Collection
Our company's overriding policy is to collect as little user information as possible.
Planyway processes the following personal information:
- Your name;
- Email address;
- Trello ID;
- Language preferences;
- Time zone;
- Trello OAuth token;
- Trello board fields (ID, name);
- Trello card fields (ID, name, description, due date, labels);
- Google user ID
- Google OAuth 2.0 tokens;
- Google calendar fields (ID);
- Google event fields (ID, name, description, start/end dates, recurrence rule);
- Outlook user ID;
- Outlook OAuth 2.0 tokens;
- GitHub user ID;
- GitHub OAuth token;
- Planyway time tracking data;
You can get more details on what we apply your personal data for in "Planyway and GDPR" tab at https://planyway.com/legal/planyway-and-gdpr
Physical Security
The Service is hosted on dedicated servers following best industry practices in Microsoft Azure data center, located in Texas, USA. The data centers provide 24-hour physical security which includes keycard and biometric access controls as well as continuous surveillance.
Data Encryption
All data is encrypted at transit by proven transport layer security (TLS) technology from the most trusted providers to encrypt all data transmissions between your device and our servers. TLS technology is designed to protect your information by establishing trust to our servers through a trusted third party and then creating a secure channel through which your data can pass to our servers protected from law violators. We enforce TLS with minimum version 1.2.
All data is stored encrypted (AES 256-bit encryption algorithm). Depends on storage type, encryption keys are managed by Azure service-managed transparent data encryption and customer-managed transparent data encryption with RSA-HSM 4096-bit key.
All data storages and backend apps have firewalls which provide a strong barrier for network security from the Internet.
User Authentication
We use Trello OAuth, Google OAuth 2.0, Outlook OAuth 2.0, GitHub OAuth authorization protocols and do not store either the user name or user's password.
Operational Management
We use Azure Security Center Standard to ensure that your data is secure and backed up. Our team is continually evaluating new security threats and implementing updated countermeasures designed to prevent unauthorized access to or unplanned downtime of the Service.
We use Azure SQL Server and Azure Cosmos DB built-in backup features to ensure that your data is backed up.
Access to all Planyway production resources and data is limited to lead developers, DevOps and security engineers.
Audit and Assurance
All administrative access to data, personally identifiable information, and other content that is uploaded or submitted to the Service is reviewed monthly by internal auditors to confirm that we use it only for the purposes permitted by the agreement governing your use of the Service. We use Azure Security Center to perform automatic audits and monitor security threats.
Disclosure
Planyway maintains a policy of full event disclosure for security incidents that affect user data. In the event of any security incident affecting your data, a notification will be sent to you.
Engagement
If you find a security issue with our Service, please contact us at support@planyway.com.
Changes
We may update this Security Statement as we add new security capabilities and make security improvements to our services. If we make any material changes, we will send you a notification prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our security practices.