How we protect your data.
planbend holds the financial picture you build — so security isn't a feature, it's the foundation. This page describes, in plain language, how your data is stored, encrypted, isolated, and deleted, and how to reach us if you find a problem.
Infrastructure
planbend runs on managed cloud infrastructure: Supabase for the database and authentication, and Vercel for application hosting and delivery. Both are established providers whose platforms carry industry certifications such as SOC 2. These certifications cover the underlying platforms rather than planbend itself. We run automated backups and periodically test our restore process.
Encryption
Connections to planbend use HTTPS with TLS, so your data is encrypted in transit between your browser and our servers. Your plan data stored in Supabase is encrypted at rest using AES-256. We never store your password — authentication is handled by Supabase, which stores only a one-way hash.
Access and data isolation
Application security
Payments
Subscriptions are processed by Stripe, a PCI DSS Level 1 certified payment provider. Your card details are entered directly with Stripe and are never stored on planbend's systems — we receive only a token and the billing status needed to manage your subscription.
Your control over your data
Incident handling
If we discover unauthorized access to personal information on our systems, we will investigate, take appropriate action to contain and remediate it, and notify affected users as required by applicable law. We treat this as an obligation, not a courtesy.
Reporting a vulnerability
We do not currently run a paid bug-bounty program, and this page does not authorize testing against our production systems or other users' data. If you discover a security issue, please report it responsibly by emailing security@planbend.com with enough detail for us to reproduce and investigate. We appreciate good-faith reports and will respond.
A note on certifications
planbend is an independent, bootstrapped product. We build on certified infrastructure (Supabase, Vercel, Stripe), but planbend itself does not yet hold its own SOC 2 attestation. A formal SOC 2 process is a milestone we intend to pursue as we grow, and we will update this page when it begins. We'd rather state that plainly than imply a certification we don't hold.
Contact
Planbend LLC · Toano, Virginia