Security
Security model
Row-level tenant isolation, SSO/SAML and SCIM, signed webhooks, audit logging, and data residency.
Last updated
Security in Planoda starts at the database and works outward. The single most important property is tenant isolation enforced with Postgres row-level security: the database itself refuses to return one workspace's rows to another, so isolation does not depend on every query remembering to filter.
Identity and access
SSO via Google, GitHub, and Microsoft is available on every plan. SAML SSO and SCIM provisioning are available on Enterprise, so access follows your identity provider — joiners and leavers are handled where you already manage them. Within a workspace, roles govern what a member can do.
Integrity of integrations
Webhooks are HMAC-signed so you can verify a delivery actually came from us, and the REST API uses OAuth 2.0 + PKCE with scoped, per-workspace consent. An audit log records sensitive and destructive actions — including the propose-then-approve trail for bulk and AI-driven operations.
Compliance posture (honest status)
We are GDPR-aligned and offer US and EU hosting. SOC 2 is in progress, not yet certified — we state this plainly rather than implying a certification we do not hold. Check the marketing security page for the current, dated status before making a procurement decision.