Privacy Policy

Effective Date: March 17, 2026 | Last Updated: March 17, 2026

PlanPal ("we," "us," or "our") is a cloud-based equity compensation compliance platform. We are committed to protecting your privacy and handling your personal information with transparency and care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our platform, or interact with our services.

By accessing or using PlanPal, you agree to the practices described in this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our services.

1. Information We Collect

1.1 Personal Information

We may collect personal information that you voluntarily provide to us when you register for an account, request a demo, subscribe to our services, or contact us. This includes:

• Full name and job title
• Email address and phone number
• Company name, size, and industry
• Billing and payment information (processed securely through third-party payment providers)
• Equity compensation data you upload or enter into the platform, including employee names, grant details, vesting schedules, and tax jurisdiction information
• Any other information you choose to provide through forms, surveys, or communications

1.2 Usage Data

We automatically collect certain information when you access and use our platform, including:

• IP address and approximate geographic location
• Browser type, version, and operating system
• Device identifiers and device type
• Pages visited, features used, and actions taken within the platform
• Date and time of access, session duration, and referring URLs
• Error logs and performance data

1.3 Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience, analyze usage patterns, and deliver relevant content. For more details, see Section 8: Cookies and Tracking.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To provide, operate, and maintain our equity compensation compliance platform
• Account management: To create and manage your account, process transactions, and send related information such as confirmations and invoices
• Compliance and reporting: To generate regulatory compliance reports, tax calculations, and filing-related outputs as part of our core service
• Communication: To respond to your inquiries, provide customer support, and send service-related notifications
• Improvement: To analyze usage trends, diagnose technical issues, and improve the functionality and user experience of our platform
• Security: To detect, prevent, and address fraud, unauthorized access, and other security concerns
• Legal compliance: To comply with applicable laws, regulations, and legal processes
• Marketing: To send promotional communications about new features, updates, or related services, where you have opted in or where permitted by law (you may opt out at any time)

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Service providers: We engage trusted third-party vendors who assist with hosting, analytics, payment processing, email delivery, and customer support. These providers are contractually obligated to protect your data and use it only for the services they perform on our behalf.
• Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
• Legal requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• With your consent: We may share your information for any other purpose with your explicit consent.

We do not share your uploaded equity compensation data with other customers or use it for purposes unrelated to providing our services to you.

4. Data Security

We take the security of your data seriously and implement robust measures to protect it:

• SOC 2 Type II standards: Our platform is designed to meet SOC 2 Type II standards, with security controls intended to operate effectively over time
• Encryption: All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption
• Audit trails: We maintain comprehensive audit logs of all data access and modifications within the platform, ensuring full traceability and accountability
• Access controls: We enforce role-based access controls, multi-factor authentication, and the principle of least privilege for all internal systems
• Infrastructure: Our platform is hosted on enterprise-grade cloud infrastructure with redundancy, automated backups, and continuous monitoring
• Incident response: We maintain a formal incident response plan and will notify affected users promptly in the event of a data breach, in accordance with applicable laws

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We encourage you to use strong passwords and keep your account credentials confidential.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. When you close your account, we will delete or anonymize your data within 90 days, unless retention is required to:

• Comply with legal, regulatory, or tax obligations
• Resolve disputes or enforce our agreements
• Maintain records required by applicable equity compensation regulations

Usage data and aggregated, de-identified analytics may be retained indefinitely for product improvement purposes.

6. International Data Transfers

PlanPal operates globally to serve clients managing equity compensation across multiple jurisdictions. Your information may be transferred to, stored, and processed in countries other than your country of residence, including Canada and the United States.

Where we transfer personal data internationally, we have implemented controls intended to support GDPR compliance, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with all sub-processors
• Alignment with applicable cross-border data transfer frameworks
• Options to maintain data residency for regulated industries

7. Your Rights

7.1 General Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct any inaccurate or incomplete information
• Deletion: Request that we delete your personal information, subject to certain exceptions
• Portability: Request a copy of your data in a structured, commonly used, machine-readable format
• Objection: Object to the processing of your personal information in certain circumstances
• Restriction: Request that we restrict the processing of your personal information
• Withdraw consent: Where processing is based on consent, withdraw your consent at any time

7.2 Rights Under GDPR (European Economic Area)

If you are located in the European Economic Area (EEA), you have the rights listed above under the General Data Protection Regulation (GDPR). Our legal bases for processing your personal data include: performance of a contract, legitimate interests, compliance with legal obligations, and your consent. You also have the right to lodge a complaint with your local data protection authority.

7.3 Rights Under CCPA (California)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us at hello@planpal.io. We will respond to verifiable requests within the timeframes required by applicable law.

8. Cookies and Tracking

We use the following types of cookies and tracking technologies:

• Essential cookies: Required for the platform to function properly, including authentication, security, and session management. These cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with our website and platform, enabling us to improve performance and user experience. We use tools such as Google Analytics with IP anonymization enabled.
• Functional cookies: Remember your preferences and settings to provide a more personalized experience.
• Marketing cookies: Used to deliver relevant advertisements and measure the effectiveness of our marketing campaigns. These are only set with your consent.

You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies, though this may affect your ability to use certain features of our platform. You may also opt out of interest-based advertising through industry tools such as the Digital Advertising Alliance at optout.aboutads.info.

9. Children's Privacy

PlanPal is a business-to-business platform designed for corporate equity compensation professionals. Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us at hello@planpal.io.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify registered users via email or through an in-platform notification
• Where required by law, obtain your consent before applying material changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: hello@planpal.io
• Website: planpal.io/contact

We aim to respond to all privacy-related inquiries within 30 days. For data subject access requests under GDPR or CCPA, we will respond within the legally mandated timeframes.