Plannelink
Start Now
Zero-Knowledge Architecture

Trust Math, Not People.

You don't need to 'trust' us. You just need to trust encryption. Here is how we protect your data with a Zero-Knowledge architecture.

Download Technical Whitepaper (PDF)

For security engineers and auditors.

In brief

"Zero-Knowledge security ensures that only you possess the key to decrypt your data. Not even Plannelink can access your information, as encryption occurs directly on your device."

In Summary: What We Do and Don't Do

What we do: We encrypt the inventory of your assets (where they are, how to access them) on your device and store it in unreadable form. Only you, with your Master Password, can decrypt it.

What we DON'T do: We don't store banking passwords, seed phrases, or private keys. We don't hold your credentials. We don't transfer funds. We only provide the map for heirs.

Last updated: February 4, 2026

What We Protect You Against

Protected

  • Server breaches: Even if compromised, data remains unreadable
  • Government requests: We can't decrypt even under court order
  • Rogue employees: Zero access to plaintext data
  • Network interception: TLS 1.3 + already encrypted data

User Responsibility

  • Weak password: Use a strong, unique Master Password
  • Compromised device: Keep your PC/smartphone secure
  • Phishing: Always verify the URL (plannelink.com)
  • Forgotten password: No recovery possible (by design)

What We Encrypt and Don't Encrypt

Data Encrypted Why
Asset list (names, descriptions) Sensitive information about your financial situation
Recovery instructions Contains details on how to access assets
Personal notes May contain confidential information
Beneficiary emails Privacy: only you know who your heirs are
Your email (account) Required for login and check-in emails
Last login timestamp Required for Dead Man's Switch system
Master Password NEVER Never sent to servers - stays only on your device

AES-256-GCM

Military grade. Data is encrypted on your device before it leaves. We only receive unintelligible cipher-text.

PBKDF2 (600k rounds)

Your Master Password is transformed into a complex cryptographic key, rendering brute-force attacks useless.

Blind Architecture

We don't store your password. We can't see your assets. We can't sell your data.

GDPR & EU Servers

Data hosted in Europe. Connections strictly protected via TLS 1.3 (HTTPS).

What really happens to your data?

What happens behind the scenes? Here is how your device encrypts data before sending it.

secure-session — bash — 80x24

Security Scenarios & FAQ

What happens if Plannelink servers are hacked?
Hackers would only find useless encrypted data blobs. Without your Master Password (which is not on the server), decrypting them is mathematically impossible.
What if authorities request my data?
We can only provide what we have: indecipherable encrypted data. We technically cannot decrypt data for anyone, even under court order, because we do not hold the keys.
What happens if I lose my Master Password?
Your data is lost forever. There is no 'backdoor' or password reset procedure. This is a security feature, not a bug, ensuring zero unauthorized access.
Does Plannelink sell my data?
No. Due to our Blind Architecture, we cannot see your data, so we cannot sell it even if we wanted to. Our business model is based on subscriptions, not advertising.
Have more security questions? Check our complete FAQ →

The Technical Manifesto

Security is not a feature; it is the foundation of Plannelink.

We utilize Client-Side encryption, meaning data is encrypted on your device before it ever reaches our network. Unlike traditional banks that encrypt data 'at rest' (Server-Side) while still holding the keys, we adopt a Zero-Knowledge approach.

The AES-256-GCM algorithm ensures not only confidentiality but also data integrity, preventing tampering. Key derivation via PBKDF2 with a high iteration count protects your Master Password against modern brute-force attacks.

In short: you hold the keys, we only guard the locked vault.

Responsible Vulnerability Disclosure

Responsible Vulnerability Disclosure

"Working together for everyone's safety. "Data security is our top priority. If you believe you have found a security vulnerability in Plannelink, please report it to us immediately. We appreciate the contribution of the ethical security community in making our platform safer.

Rules of Engagement (Scope)

In Scope:

Web vulnerabilities (XSS, CSRF, Injection), Authentication flaws, Zero-Knowledge encryption bypass.

Out of Scope:

Forbidden:

DDoS attacks, Spam, Social Engineering (Phishing), Physical attacks on offices or data centers.

Safe Harbor (Legal Protection)

Plannelink commits to not pursue legal action against researchers who:

  • Act in good faith to protect our users.
  • Adhere to these rules of engagement.
    • Do not intentionally access, modify, or delete user data.
    • Allow us reasonable time to fix the issue before making it public.

How to Report

team@plannelink.com

⚠️ Important: To ensure your report is processed with priority, use this subject in your email:

[SECURITY] Vulnerability Report - [Your Name]

Send Report

Rewards

As an independent startup, we do not currently offer cash rewards (Bug Bounties). However, we will be happy to add your name to our public Security Hall of Fame and offer you Lifetime Premium Status, granting you guaranteed free access to all current and future features.

Security Hall of Fame

Researcher Date Contribution
Be the first to appear here!

Secure your future with banking standards.

Start Free