Security

Last updated: 9th September 2022

Industry Exceeding Standards

We understand that privacy and security are essential to fulfilling our obligation to provide you with the best service possible. This begins with trust and peace of mind. We've gone above and beyond to implement industry-exceeding security standards and are guided by recognized cybersecurity experts that are part of our Advisory Board.

USER AUTHENTICATION
Password

leafplanner requires an industry-exceeding password minimum length of 12 characters. Passwords must combine letters, numbers, and special characters, including lower- and upper-case characters.

Password redaction is also in place to protect your login data on screen.

Two-Factor Authentication (2FA)

Two-factor authentication is available to require identity verification when logging into your account.

We strongly recommend you enable two-factor authentication for your account and require it for any additional users you add to your account. You do so in your account settings. To make changes to your individual 2FA preferences, you can do so in your profile settings.

Currently, leafplanner supports the following methods:

  • SMS
  • Email

PERMISSION-BASED ACCESS
User Access

Control who can access different parts of your account by customizing permission settings when inviting another user to your account.

leafplanner Access

leafplanner Agent access is on by default for onboarding and support purposes. You can turn our access off and on at any time.

DATA PROTECTION

Advanced data encryption standards protect your data. Additionally, we have implemented Microshard™ technology from ShardSecure® to fragment and further anonymize your data.

Encryption

leafplanner's servers are securely hosted on Amazon Web Services (AWS). Your data is encrypted using AES 256-bit encryption, stored anonymously, and can only be accessed with encryption keys.

We utilize SSL/TLS for end-to-end encryption for data in transit.

Activity Logging

leafplanner maintains logs of specific actions by users within each account to maintain a record of events and provide full transparency to account changes and access.

Business Model

leafplanner is a subscription-based revenue model, not an advertising model. Your family's data is your own, and you can choose to have it removed from our servers at any time.