Data & Security FAQs
1. Where does Planto store personal sensitive information?
Personal sensitive information (bank credentials, mobile pin) is always stored ONLY on your device. We will never have access to these types of personal information.
2. Where does Planto store financial data?
Financial data (transactions, loans, investments) is stored and securely encrypted on the cloud on Google and Amazon's data centres.
3. How does Planto ensure that my financial data is safe?
Planto ensures that all users' financial data are encrypted and anonymised through using AES-256 encryption techniques, building strict access controls and regularly undergoing independent security audits to make sure our systems are always secure.
4. Does Planto support biometric authentication?
Yes. Biometric authentication and/or pin is always required to decrypt stored credentials and information on your mobile device so you have full control over the access of your Planto account.
5. What if I lose my phone?
The data on your phone is encrypted and can only be accessed through PIN and biometric authentication. Nobody else can access your Planto accounts, even if you lose your phone. If you wish to delete your account, please contact us immediately and Planto will delete and remove all your data.
6. Does Planto use 3rd parties to connect to my bank accounts?
There are NO 3rd parties involved in the bank aggregation process. All of Planto's technologies are built in-house by our strong team of software engineers. This is to ensure we have total control over security and are quick to respond to user requests and concerns. To make sure that our technologies maintain their quality and security standards, our IT infrastructure is audited by a leading security firm on a regular basis.
7. Have banks given Planto permission to access my data?
Planto is not in partnership or related to any banks in Hong Kong. Your financial data is aggregated using a method called 'screen scraping' - a method where users input their online bank credentials (including OTP, 2FA, etc.) and provides consent to retrieve transaction data from the bank's platform. This is a common practice by platforms that integrate thousands of banks globally, helping millions of customers. Planto does not store your personal sensitive information and only retrieves financial data that appears on the app and as per our Privacy Policy. Planto has built this screen scraping method in-house to ensure the highest security and that your data is NEVER exposed to any other third-party without your consent.
8. Does Planto support Two Factor Authentication?
Planto supports multiple forms of authentication including 2FA, token and mobile authentication. We currently support this for HSBC, SCB, BOC HK, ICBC and DBS and will continue to expand the list.
22/F, 3 Lockhart Road, Wan Chai, Hong KongPlanto Limited © 2025
