Your clients’ data is
protected at every layer.
PlanBase is built for Canadian financial professionals who are accountable for their clients’ most sensitive financial information. We take that responsibility seriously, from the infrastructure up.
Built to protect sensitive financial data.
TLS 256-Bit Encryption
All data transmitted between your browser and PlanBase is encrypted using TLS 1.2+ with 256-bit ciphers. Data at rest is encrypted using AES-256. No data leaves our systems unencrypted.
Canadian Data Residency
Your client data never leaves Canada. All customer data (including financial plans, client records, and account information) is stored exclusively on servers located in Canada.
PCI DSS Compliance
Payment processing is handled entirely by Stripe, Inc., a PCI DSS Level 1 certified provider. PlanBase never stores, processes, or transmits full credit card numbers or CVV codes.
Access Controls
Access to production systems is restricted to authorized PlanBase personnel on a need-to-know basis. All administrative access is logged, monitored, and subject to multi-factor authentication.
PIPEDA & Law 25 Compliance
PlanBase complies with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25 (Bill 64). We maintain a designated Privacy Officer and respond to access requests within statutory timeframes.
Breach Notification
In the event of a confirmed data security breach, we notify affected customers without undue delay as required by PIPEDA. We maintain an incident response plan that is reviewed annually.
What we comply with.
PlanBase is designed for use by licensed financial advisors and planners who operate under strict regulatory requirements. Our compliance posture reflects the standards expected of the financial services industry in Canada.
Built for Regulated Professionals
PlanBase is a productivity and planning tool, not a dealer, adviser, or portfolio manager. We do not provide financial, investment, tax, or legal advice. Advisors using PlanBase remain solely responsible for ensuring their use of the platform complies with obligations imposed by CIRO, the FP Canada Standards Council, and applicable provincial regulators. Our infrastructure is designed to support your professional obligations, not replace them.
Security questions, answered.
Where is my data stored?
All customer data is stored on servers physically located in Canada. We do not transfer customer data outside of Canada without explicit written consent.
Who at PlanBase can access my data?
Access to customer data is restricted to authorized PlanBase employees on a strict need-to-know basis. All access is logged and monitored. We do not sell, rent, or share your data with third parties except as described in our Privacy Policy.
How is payment information handled?
All payment processing is delegated to Stripe, a PCI DSS Level 1 certified provider. PlanBase never stores your full card number, CVV, or expiry date on our systems.
What happens to my data if I cancel?
Upon cancellation, your data remains accessible for 30 days so you can export your financial plans. After this window, data is permanently deleted from active systems per our data retention policy.
Is PlanBase compliant with Quebec's Law 25?
Yes. PlanBase complies with Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25 / Bill 64), including designating a Privacy Officer, maintaining a privacy incident register, and supporting data subject rights.
How do you handle a data breach?
We maintain a formal incident response plan. In the event of a confirmed breach affecting personal information, we notify affected customers and the relevant privacy regulator (the OPC or provincial equivalent) without undue delay, as required by PIPEDA.
Questions about our security practices?
Reach out to our team. We’re happy to provide additional documentation for your firm’s due diligence process.
Contact Security Team