PPlanito
Legal

Privacy Policy

We take your privacy seriously. This policy explains exactly what we collect, why, and how you can control it.

Last updated April 20, 2026
TL;DR: We collect only what we need to run Planito. We never sell your data. You own everything you create. You can delete your account and all data at any time.

Planito ("we", "our", "us") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our workspace application and website.

By using Planito, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the application.

Account information

When you create a Planito account, we collect your name, email address, and password (hashed, never stored in plain text). If you sign in via Google or GitHub, we receive your name, email, and profile picture from those services.

Workspace content

Your notes, tasks, calendar events, saved links, Smart Sheet data, and all other content you create in Planito is stored on our servers in order to sync across devices and enable collaboration features.

Usage data

We collect anonymous usage analytics to understand how features are used — things like which tabs are visited, which templates are used, and how often features are accessed. This data is aggregated and cannot be tied to individual users.

Device and technical data

  • Browser type, version, and operating system
  • IP address (for fraud prevention and geographic routing only)
  • Time zone and locale settings
  • Crash reports when errors occur

We use the information we collect to provide, maintain, and improve the Planito service. Specifically:

  • To operate and maintain your workspace
  • To process payments and manage billing
  • To send essential service notifications (account changes, billing, security)
  • To respond to support requests
  • To improve features based on aggregated usage patterns
  • To detect and prevent fraudulent or abusive activity

We will never use your workspace content to train machine learning models or share it with third parties for advertising purposes.

We do not sell, trade, or rent your personal information to third parties. We share data only in the following limited circumstances:

  • Service providers: We work with a small number of trusted service providers (hosting, payments, email) who process data on our behalf under strict data processing agreements.
  • Legal requirements: We may disclose information when required by law or to protect the rights and safety of our users.
  • Business transfers: In the unlikely event of a merger or acquisition, your data would be transferred with appropriate notice and options to export or delete.

We use strictly necessary cookies to authenticate your session and keep you logged in. We do not use any advertising or tracking cookies. We use minimal analytics that are self-hosted and do not share data with third parties.

You have the following rights regarding your personal data:

  • Access: Request a copy of all data we hold about you
  • Correction: Update or correct inaccurate personal information
  • Deletion: Delete your account and all associated data permanently
  • Portability: Export your workspace data in JSON or CSV format
  • Opt-out: Unsubscribe from any marketing emails at any time

To exercise any of these rights, email us at privacy@planito.io or use the data controls in your account settings.

We retain your account data for as long as your account is active. If you delete your account, all personal data and workspace content is permanently deleted within 30 days. Backup copies are purged within 90 days.

Anonymised, aggregated analytics data may be retained indefinitely as it cannot be used to identify individual users.

We implement industry-standard security measures including end-to-end HTTPS encryption, hashed passwords with bcrypt, regular security audits, and strict employee access controls. We are SOC 2 Type II compliant.

In the event of a data breach that affects your personal information, we will notify you within 72 hours as required by GDPR.

If you have questions about this Privacy Policy or your data, please contact our Data Protection Officer at privacy@planito.io. For EU residents, you also have the right to lodge a complaint with your local supervisory authority.