We're serious about security.

Planto uses AES-256 encryption techniques to encrypt data.
This is the same method used by the US government, military and banks for sensitive information.

Planto's Security Explained

Security Techniques

Private and 
Confidential

Personal sensitive information are always encrypted and stored ONLY on your device. We will never have access to these information as they are not stored on Planto’s server or cloud.

Biometric 
Authentication

Biometric authentication and/or pin is always required to decrypt stored credentials and information on your mobile device so you have full control over the access of your Planto account.

Government Level 
Encryption

Financial data is always encrypted using AES-256 encryption techniques and stored on the cloud server. No one can intercept your data from the point it leaves your device.

We are NOT collecting...

Specific Account Details

Your bank account or credit card numbers are never collected.

Bank Credentials

Your banking credentials are stored only on your device, and never on our server or the cloud.

Name & Address

We never ask for personal information e.g. your name, address, phone number or HKID.

We Promise

Everything Is
 Read-Only

We CANNOT move money in or out of your account and everything is read-only.

You Own Your Data

You can delete your accounts at any time and we will remove all your bank related data.

Regular Security Audits

We regularly undergo independent security audits to make sure our systems are always secure.

Data & Security FAQs

1. Where does Planto store personal sensitive information?

Personal sensitive information (bank credentials, mobile pin) is always stored ONLY on your device. We will never have access to these types of personal information.

2. Where does Planto store financial data?

Financial data (transactions, loans, investments) is stored and securely encrypted on the cloud on Google and Amazon's data centres.

3. How does Planto ensure that my financial data is safe?

Planto ensures that all users' financial data are encrypted and anonymised through using AES-256 encryption techniques, building strict access controls and regularly undergoing independent security audits to make sure our systems are always secure.

4. Does Planto support biometric authentication?

Yes. Biometric authentication and/or pin is always required to decrypt stored credentials and information on your mobile device so you have full control over the access of your Planto account.

5. What if I lose my phone?

The data on your phone is encrypted and can only be accessed through PIN and biometric authentication. Nobody else can access your Planto accounts, even if you lose your phone. If you wish to delete your account, please contact us immediately and Planto will delete and remove all your data.

6. Does Planto use 3rd parties to connect to my bank accounts?

There are NO 3rd parties involved in the bank aggregation process. All of Planto's technologies are built in-house by our strong team of software engineers. This is to ensure we have total control over security and are quick to respond to user requests and concerns. To make sure that our technologies maintain their quality and security standards, our IT infrastructure is audited by a leading security firm on a regular basis.

7. Have banks given Planto permission to access my data?

Planto is not in partnership or related to any banks in Hong Kong. Your financial data is aggregated using a method called 'screen scraping' - a method where users input their online bank credentials (including OTP, 2FA, etc.) and provides consent to retrieve transaction data from the bank's platform. This is a common practice by platforms that integrate thousands of banks globally, helping millions of customers. Planto does not store your personal sensitive information and only retrieves financial data that appears on the app and as per our Privacy Policy. Planto has built this screen scraping method in-house to ensure the highest security and that your data is NEVER exposed to any other third-party without your consent.

8. Does Planto support Two Factor Authentication?

Planto supports multiple forms of authentication including 2FA, token and mobile authentication. We currently support this for HSBC, Stanchart, BOCHK, ICBC and DBS and will continue to expand the list.

Ready to realise all your goals in life?

The Planto mobile app is available on both iOS and Android - so take the first step towards achieving your life goals.