← Back

Security

How Northplan protects your financial data

Encryption

  • In transit: All connections use HTTPS/TLS encryption. Data cannot be intercepted between your device and our servers.
  • At rest: Financial data you share during coaching (income, expenses, debts, savings, goals) is encrypted with AES-256 before being written to the database. Even direct database access returns encrypted data, not your financial details.

Data isolation

Every user's data is isolated at the database level through row-level security policies. Users can only access their own conversations, financial data, and account information. There is no shared access between accounts.

Data location

  • Account data & conversations: Stored on a private server in Canada
  • AI processing: Conversations are sent to Anthropic (Claude AI) in the United States for processing. Anthropic retains API data for up to 30 days for safety monitoring and does not use it to train models.
  • Voice input: If used, audio is sent to OpenAI (Whisper) for transcription. OpenAI retains data for up to 30 days and does not use it for training.
  • Payments: Card details are handled exclusively by Stripe. Northplan never sees or stores your card number.

What we don't collect

Northplan never asks for or stores your Social Insurance Number (SIN), bank account numbers, credit card numbers, login credentials to other services, or any government-issued identification.

Account deletion

You can delete your account at any time from the app settings. Deletion is immediate and permanent — your email, conversation history, financial data, and all associated records are permanently removed. There is no recovery after deletion.

Incident response

In the unlikely event of a data breach that affects your information, we commit to:

  • Notifying all affected users within 48 hours of confirmed discovery
  • Reporting to the Privacy Commissioner of Canada as required by PIPEDA
  • Providing clear steps you can take to protect yourself
  • Publishing a transparent post-incident report

Questions?

If you have questions about our security practices or want to report a vulnerability, email [email protected].

See also: Privacy Policy · Terms of Service