Security Overview

Data Security

• Our servers are hosted and managed in secure data centers in the United States by Amazon AWS.
• The data center operations have been accredited under:

          ISO 27001

          SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)

          PCI Level 1

          FISMA Moderate

          Sarbanes-Oxley (SOX)

View the full list of Amazon AWS certifications here 

• The website uses financial-grade SSL encryption of the data.
• ProductPlan encrypts data-at-rest using AES-256, block-level storage encryption on the server giving you greater security.

Roadmap Security

• ProductPlan personnel do not have access to your roadmap unless you share it with us.
• You have full control of how and when you share a roadmap. Sharing a roadmap with another user requires a secure login. By default all roadmaps are restricted to only the people you explicitly share them with.
• We provide the ability for a roadmap owner to create a private link that can be shared with others. This link does not require a log in. However, as the roadmap owner you are in control whether this feature is used, and the link can be deactivated at any time.
• We do not share your roadmap data with third parties.
• We back up our servers regularly to ensure against loss of information.

Penetration and Vulnerability Testing

• ProductPlan uses a combination of automated and 3rd party penetration testing and threat assessments to ensure that our systems are hardened against intrusion. 

Global Compliances

• ProductPlan is Privacy Shield Certified and is committed to adhering to GDPR for more information see our Privacy information here.  

Enterprise Grade Security 

Our Enterprise Subscriptions include additional security features geared towards larger accounts:

• Strong Password Enforcement: Enforce stronger password combinations required by your organization.
• Single Sign On Integration: Require SSO authentication in order to access your company's ProductPlan data.
• Limit or Restrict Access to Private Links: Prevent users on the account from generating shareable Private Links, or limit access to SSO authenticated users.

To report security or privacy issues that affect ProductPlan or our web servers, please contact security@productplan.com.