Your financial data deserves real protection
Portfolio and wealth data are among the most sensitive things you manage online. Here's how we handle it at Planafolio.
Sicherheit
Deine Finanzdaten verdienen echten Schutz
Wir wissen, wie sensibel Depot- und Vermögensdaten sind. Deshalb behandeln wir sie entsprechend.
Verschlüsselt gespeichert
Zugangsdaten und Bestände werden verschlüsselt abgelegt, niemals im Klartext.
Kein Produktverkauf
Wir verkaufen keine Finanzprodukte und geben deine Daten nicht an Dritte weiter.
Hosting in Deutschland
Server und Backups laufen auf deutscher Infrastruktur.
Kein Abo-Risiko
Pro ist jederzeit monatlich kündbar — ohne Mindestlaufzeit.
In detail
Concrete safeguards
Not just promises — these are the technical measures behind them.
Encryption
Passwords are stored exclusively as a hash, never in plain text. The connection to Planafolio is TLS-encrypted throughout.
Two-factor authentication
Optional, enabled in account settings — an extra layer of protection against compromised passwords.
Regular backups
Your data is backed up regularly, so a technical failure doesn't mean data loss.
Minimal permissions
Internally we follow the principle of least privilege: access to user data is restricted to what's technically necessary.
Secure sessions
Session cookies are set httpOnly and secure and expire automatically — a stolen cookie can't be read out via JavaScript.
Data portability
A full JSON export of your data is available anytime in account settings — no support request needed.
Protected API keys
API keys are stored only as a hash and shown to you once in plain text — after that, not even Planafolio knows them anymore.
Responsible disclosure
You can report security vulnerabilities to us directly and confidentially — we handle reports promptly, before any details are published.
In case of an incident
How we handle security incidents
Security isn't a one-time checkbox, it's an ongoing process. Should an incident still occur, you have clear rights and we have clear obligations.
Notification without delay
In the event of an incident risking your data, we notify affected users without undue delay, per GDPR requirements.
Containment before communication
The cause is isolated and access is closed off first — transparent follow-up communication comes after.
Reporting to the supervisory authority
Notifiable incidents are reported to the responsible data protection authority within the required deadline.
Security questions