Frequently asked questions

Here you will find answers to some of the most frequent questions. Remember to check our help centre for product related guides or contact us directly for more information.


How do you secure customers' data?

The security protections and control processes are there to ensure a secure environment for our customers' information. Navigate to the security section on this page to read more about our security practices and protocols.

How does your platform take privacy into account?

From transparent logs to auto-deleted attachment and personal data fields, we have developed multiple features to help our customers comply with data protection regulation.

Do you retain customers' data after a contract is terminated?

Yes, we retain our customers' data for 180 days after a contract has been terminated. During this time period, the customer can request a data handoff.

Can you provide assist in personal data requests that relate to your platform?

Yes we can. In cases where our customers receive requests from data subjects to export, correct, amend or delete personal data, we assist named administrators to respond the such requests.

Do you have all required subprocessor DPA's in place?

Yes, we have signed Data Processing Agreements (DPA's) with all of our subprocessors. You can view them here:


How do you encrypt customers' data?

All data in our products is encrypted at rest and in transit. Our products support TLS 1.2, TLS 1.1, SSLv3 and SSLv2 protocols for encrypting communications. The data at rest is encrypted with AES-256, block-level storage encryption.

Where do you host customers' data?

Data is hosted in the European data centers of Amazon Web Services that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant.

What kind of backups and monitoring do you have in place?

Automatic backups of databases are taken daily, weekly, and monthly. We also keep a version history for all successful database transactions.

What kind of internal security measures do you have in place?

Some of our internal security measures include annual security and awareness training for all employees, internal security audits and portable device security management.

How do you respond to possible security incidents?

Our protocol for handling security incidents include escalation procedures, rapid mitigation and post mortems. All employees are informed of our policies.

Is there a document you could share about the security of your cloud services?

There is a document available upon request. Please send us an email at with the headline "Security and data protection of Plan Brothers cloud services" and we will send the document to you.

“Collaborating with Plan Brothers is really easy and the same goes for their products. The system and interface are easy to use and don’t require extra training. It’s only a handful of service providers that act so efficiently, continuously develop their own products and deliver possible changes.”

Salla Suonperä,
Shopping Centre Manager

“Plan Brothers and its modern and easy-to-use web and mobile services have brought a significant improvement in the security audit markets. User-orientation has been our primary criterion when we have chosen the company’s services.”

Tuomo Linjala,
Real Estate Security Manager

“Plan Brothers has enabled our transition to fully mobile reporting and thus improved our real estate communication. We save several hours of time each day to handle other tasks instead of reporting.”

Matias Lehtomäki,
Security & Cleaning Manager