Privacy Policy

How Planna collects, uses, and protects your personal information. Your privacy matters to us.

Legal Document

Planna Privacy Policy

Last updated: January 28, 2026Effective February 1, 2026

Privacy at a glance

Data sold

Never

Encryption

AES-256 + TLS 1.3

Compliance

GDPR · CCPA · SOC 2

Data retention

30 days after deletion

Opt out of analytics

We use anonymized analytics to improve Planna. Toggle off to disable.

Privacy Policy

This Privacy Policy was last updated on January 28, 2026 and became effective on February 1, 2026.

This Privacy Policy explains how Planna collects, uses, discloses, and safeguards your information when you use our Service. We are committed to protecting your privacy and being transparent about our data practices. Please read this policy carefully to understand our practices regarding your information.

Information We Collect

Planna is committed to transparency about the data we collect and how we use it. We collect only the information necessary to provide, secure, and improve our Service.

We collect information in three ways: (1) information you provide directly, (2) information collected automatically when you use the Service, and (3) information from third-party sources when you integrate them with Planna.

  • Account information: name, email address, password (hashed), profile photo, role, and workspace affiliation.
  • Workspace information: workspace name, logo, billing details (processed by Stripe — we never store full card numbers), and member roster.
  • User Content: tasks, projects, comments, files, time entries, and any other data you create or upload through the Service.
  • Usage data: pages viewed, features used, device type, browser, IP address, and timestamps — collected via first-party analytics.
  • Communication data: support tickets, feedback submissions, and email correspondence with our team.
  • Diagnostic data: crash reports, error logs, and performance metrics — used solely for debugging and improving the Service.

How We Use Your Information

We use the information we collect to provide, operate, secure, and improve the Service. We do not sell your personal information to third parties — never have, never will.

Specifically, we use your information for the following purposes:

  • Provide the Service: create and manage your account, workspace, projects, and tasks; enable real-time collaboration.
  • Process payments: bill you for paid Plans, manage subscriptions, and issue invoices (via Stripe).
  • Communicate with you: send service announcements, security alerts, billing notices, and support responses.
  • Improve the Service: analyze usage patterns, identify bugs, prioritize features, and conduct user research.
  • Secure the Service: detect and prevent fraud, abuse, unauthorized access, and security incidents.
  • Comply with legal obligations: respond to lawful requests from authorities and meet regulatory requirements.
  • Aggregate analytics: compile anonymized, statistical data about Service usage to share with partners and the public.

Sharing & Disclosure

We share your information only in the limited circumstances described below. We never sell your data, and we never share it for cross-context advertising.

  • Within your workspace: content you create is visible to other members of your workspace based on their role and permissions.
  • Service providers: we use trusted subprocessors (Stripe, AWS, Postmark, Sentry) to operate the Service. They process data on our behalf under written agreements and are bound by confidentiality obligations.
  • Legal compliance: we may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of Planna, our users, or others.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, we may transfer user data — subject to the same privacy protections described here.
  • Anonymized data: we may share aggregated, de-identified data that cannot reasonably be used to identify you.
  • With your consent: we share information with third parties when you explicitly authorize it (e.g., connecting a Slack integration).

Data Security

We take security seriously. Planna is SOC 2 Type II certified and employs industry-standard safeguards to protect your data. However, no system is 100% secure, and we cannot guarantee absolute security.

  • Encryption in transit: all connections use TLS 1.3 with HSTS enabled.
  • Encryption at rest: all data is encrypted with AES-256 in our primary database and backups.
  • Access control: strict role-based access, multi-factor authentication for all employees, and quarterly access reviews.
  • Network security: VPC segmentation, Web Application Firewall, DDoS protection, and continuous monitoring.
  • Auditing: SOC 2 Type II annual audits, quarterly penetration tests by third parties, and a public bug bounty program.
  • Incident response: 24/7 monitoring with a documented incident response plan. We notify affected users within 72 hours of a confirmed breach.
  • Data residency: by default, data is stored in US-East. Enterprise customers can choose EU (Frankfurt) or APAC (Singapore) regions.
  • Backup: encrypted backups are taken every 6 hours and retained for 30 days. Backups are stored in a separate region.

Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We honor these rights for all users, regardless of jurisdiction.

  • Access: request a copy of the personal information we hold about you.
  • Rectification: request correction of inaccurate or incomplete information.
  • Erasure: request deletion of your personal information (subject to legal retention requirements).
  • Portability: request an export of your data in a machine-readable format (JSON or CSV).
  • Objection: object to certain processing activities, such as direct marketing.
  • Restriction: request that we limit our processing of your data in certain circumstances.
  • Withdraw consent: withdraw consent for processing based on consent at any time.
  • Account deletion: delete your account at any time from Settings → Account — all data is permanently removed within 90 days.

To exercise any of these rights, email privacy@planna.app. We respond within 30 days. EU/UK users may also lodge a complaint with their local data protection authority.

Cookies & Tracking Technologies

We use cookies and similar tracking technologies (local storage, pixels) to operate, secure, and improve the Service. We do not use cookies for cross-site advertising or selling data to ad networks.

CookiePurposeDurationCategory
planna_sessionAuthenticates your session30 daysStrictly necessary
planna_themeRemembers your theme preference1 yearFunctional
planna_localeRemembers your language/region1 yearFunctional
planna_csrfPrevents cross-site request forgerySessionStrictly necessary
_pk_idAnonymized usage analytics (Matomo)13 monthsAnalytics (opt-out)
_pk_sesAnonymized usage analytics session30 minutesAnalytics (opt-out)

You can manage cookies via your browser settings. Disabling strictly necessary cookies will prevent the Service from functioning. Analytics cookies can be opted out via the cookie banner on first visit.

Third-Party Services

Planna integrates with several third-party services. When you connect an integration, that service may access certain data from your Planna workspace, subject to your authorization. We do not control the privacy practices of third parties — please review their policies.

  • Stripe: payment processing — see Stripe's privacy policy. We never store full card numbers.
  • AWS (Amazon Web Services): primary infrastructure and data storage — see AWS's privacy policy.
  • Postmark: transactional email delivery — see Postmark's privacy policy.
  • Sentry: error monitoring and crash reporting (sanitized) — see Sentry's privacy policy.
  • Slack, GitHub, Google Calendar: optional integrations activated by you — see each provider's privacy policy.
  • OpenAI: used only for AI-assisted features (smart suggestions) — content is not used to train models.

Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child, please contact privacy@planna.app and we will delete it promptly.

Educational institutions may use Planna with students aged 13+ with parental consent. We offer FERPA-aligned data practices for verified educational customers — contact us for a DPA.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and via an in-app banner at least 30 days before the changes take effect.

The "Last updated" date at the top of this page reflects the most recent revision. We encourage you to review this page periodically. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

  • Material changes (e.g., new data uses, new subprocessors): 30-day email + in-app notice.
  • Non-material changes (e.g., clarifications, formatting): updated without separate notice.
  • A historical archive of past versions is available on request from privacy@planna.app.

Contact Us

If you have any questions about this Privacy Policy, our data practices, or your rights, please contact us:

  • Email: privacy@planna.app (Data Protection Officer)
  • Support: support@planna.app
  • Postal mail: Planna Inc., Attn: Privacy, 535 Mission Street, San Francisco, CA 94105, USA
  • EU representative: Planna EU GDPR Rep, Friedrichstraße 68, 10117 Berlin, Germany

We aim to respond to all privacy inquiries within 30 days. For urgent matters (e.g., a data breach affecting you), we respond within 72 hours.

Have privacy questions?

Our Data Protection Officer is here to help.