We understand that privacy and security are essential to fulfilling our obligation to provide you with the best service possible. This begins with trust and peace of mind. We've gone above and beyond to implement industry-exceeding security standards and are guided by recognized cybersecurity experts that are part of our Advisory Board.
leafplanner requires an industry-exceeding password minimum length of 12 characters. Passwords must combine letters, numbers, and special characters, including lower- and upper-case characters.
Password redaction is also in place to protect your login data on screen.
Two-Factor Authentication (2FA)
Two-factor authentication is available to require identity verification when logging into your account.
We strongly recommend you enable two-factor authentication for your account and require it for any additional users you add to your account. You do so in your account settings. To make changes to your individual 2FA preferences, you can do so in your profile settings.
Currently, leafplanner supports the following methods:
Control who can access different parts of your account by customizing permission settings when inviting another user to your account.
leafplanner Agent access is on by default for onboarding and support purposes. You can turn our access off and on at any time.
Advanced data encryption standards protect your data. Additionally, we have implemented Microshard™ technology from ShardSecure® to fragment and further anonymize your data.
leafplanner's servers are securely hosted on Amazon Web Services (AWS). Your data is encrypted using AES 256-bit encryption, stored anonymously, and can only be accessed with encryption keys.
We utilize SSL/TLS for end-to-end encryption for data in transit.
leafplanner maintains logs of specific actions by users within each account to maintain a record of events and provide full transparency to account changes and access.
leafplanner is a subscription-based revenue model, not an advertising model. Your family's data is your own, and you can choose to have it removed from our servers at any time.