Self-hosted
Feature capabilities
Marketplace
Plan and pricing
Download for Mac
Download for Android
This Privacy Policy explains how Plane Software, Inc., a Delaware corporation ("Plane," "we," "our," or "us") collects, uses, shares, and protects personal information when you interact with our websites, products, and services.
Plane offers a work management platform available in cloud-hosted, self-hosted, and air-gapped deployment configurations (collectively, the "Service," as defined in our Terms of Service). This Privacy Policy covers our practices as a data controller — meaning situations where we determine how and why your personal information is processed.
Capitalized terms not defined in this Privacy Policy have the meanings given in our Terms of Service.
Plane acts in different capacities depending on the context:
(a) Plane as controller. When you visit our websites, create an account, contact our sales or support teams, or register for events, Plane determines how your personal information is used. This Privacy Policy describes our practices in that capacity.
(b) Plane as processor. When Customer uses Plane Cloud to store and manage Customer Data, we process that data on behalf of Customer as a processor (or service provider). Customer is the controller and determines how Customer Data is processed. Our processing of Customer Data in that capacity is governed by the Data Processing Addendum, not this Privacy Policy.
If you are an end user of a Customer's Plane workspace, please contact that Customer directly for information about how your personal information is handled within their workspace.
This Privacy Policy applies to:
This Privacy Policy does not apply to:
Account and profile data. When you create a Plane account, we collect your name, email address, company name, job title, profile photo, password, and account preferences.
Payment and billing data. When you purchase a paid plan, we collect your billing name, billing address, and payment card type and last four digits. Full payment card details are processed directly by our payment processor (Stripe) and are never stored on Plane's systems.
Support and communications. When you contact us, we collect the information you provide in support tickets, emails, feedback forms, chat conversations, surveys, and event registrations.
Content you submit. We collect feedback, forum posts, and comments you submit on our public-facing websites. This does not include Customer Data stored within your Plane workspace.
Device and connection data. We collect your IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
Usage data. We collect information about how you interact with our websites and Service, including pages visited, features used, clickstream data, referring and exit URLs, session duration, and timestamps.
Log data. Our servers automatically record information including server logs, error reports, and diagnostic and crash data.
Cookie data. We collect information through cookies and similar technologies. See Section 10 for details.
Third-party sign-in. If you sign in using Google, GitHub, or another identity provider, we receive your name and email address as permitted by your provider settings.
Partners and vendors. We may receive business contact information from our reseller, consulting, or marketing partners.
Publicly available data. We may collect professional information from public profiles (such as LinkedIn) for sales outreach purposes.
No Customer Data is collected by default. When you run Plane on your own infrastructure, your data stays in your environment.
We may collect minimal, opt-in telemetry (such as Plane version number, instance ID, and aggregate usage metadata) only if Customer explicitly enables it. No Customer Data, project names, user content, or personally identifiable information from Customer's instance is transmitted.
If you contact our support team, we may receive diagnostic data that you voluntarily share for troubleshooting.
We use personal information for the following purposes:
Providing the Service. Operating, maintaining, and supporting Plane Cloud; processing transactions; authenticating users; and providing customer support.
Improving the Service. Analyzing usage patterns, testing new features, conducting internal research, troubleshooting, and improving performance, security, and user experience.
Communicating with you. Sending transactional messages (account confirmations, billing receipts, security alerts), responding to inquiries, and providing product updates.
Marketing. Sending promotional content, newsletters, event invitations, and educational materials. You can opt out at any time.
Safety and security. Detecting, preventing, and investigating fraud, abuse, security incidents, and violations of our Terms.
Legal compliance. Complying with applicable Laws, regulations, legal processes, and enforceable governmental requests.
Aggregated analytics. Creating de-identified or aggregated data that cannot identify you, for business analysis and reporting.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation ("GDPR") or equivalent legislation:
Contractual necessity. Processing required to perform our contract with you — for example, providing your Plane account, processing payments, and delivering support.
Legitimate interests. Processing that furthers our legitimate business interests (or those of third parties), provided your rights do not override those interests — for example, improving the Service, fraud prevention, marketing to existing customers, and ensuring network security. Where we rely on legitimate interests, we conduct balancing tests to ensure our interests do not override your fundamental rights and freedoms.
Consent. Processing based on your explicit, freely given consent — for example, opt-in telemetry from self-hosted instances and optional marketing communications. You may withdraw consent at any time.
Legal obligation. Processing necessary to comply with a legal requirement — for example, tax record-keeping and responding to lawful data requests.
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
We may share your information with the following categories of recipients:
We engage trusted third-party companies to help us operate and improve the Service, including providers of cloud infrastructure and hosting, payment processing, analytics, customer support tools, and email delivery. All service providers are bound by contractual obligations to protect your data and use it only as instructed by us.
A current list of our sub-processors is available at plane.so/legals/sub-processors.
If you use Plane Intelligence (our AI Features), your data may be processed by third-party AI providers acting as sub-processors. These providers are listed on our sub-processors page. See Section 9 for details.
We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Plane, our users, or the public; detect, prevent, or address fraud, security issues, or technical problems; or enforce our Terms.
If Plane is involved in a merger, acquisition, asset sale, corporate reorganization, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you (via email or prominent notice on our website) before your personal information becomes subject to a different privacy policy.
We may share your information for other purposes with your explicit consent.
We may share aggregated or de-identified data that cannot reasonably be used to identify you, without restriction. This is consistent with how we handle Usage Data under our Terms. Plane will not attempt to re-identify any de-identified or aggregated data.
Your privacy posture differs depending on which deployment model you use.
When you use Plane Cloud, Plane hosts and processes data on our infrastructure. This Privacy Policy applies fully. Customer Data processing is governed by the DPA.
When you run Plane on your own infrastructure, we do not have access to your instance or its data. You are the data controller and are fully responsible for securing and managing your environment.
This Privacy Policy applies only to your interactions with our websites, support channels, Documentation, and any optional telemetry you enable.
Optional telemetry. If enabled, we collect limited technical metadata (Plane version, instance ID, aggregate feature usage counts). No Customer Data, project names, user content, or personally identifiable information is transmitted.
License key validation. Your instance may contact our servers to validate license keys. This transmits only the license key and instance identifier — no Customer Data.
When you run Plane in an air-gapped (fully offline) environment, no data is transmitted to Plane. Your instance operates with zero connectivity to our servers.
This Privacy Policy applies only to interactions outside your air-gapped environment — such as visiting our website, contacting support, or purchasing a license. License keys for air-gapped deployments are provisioned offline as described in the Documentation.
Plane Software, Inc. is based in the United States. If you access the Service from outside the United States, your personal information may be transferred to and processed in the United States or other countries where we or our service providers operate.
We protect international transfers of personal information using appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Agreement (IDTA) or UK Addendum to SCCs where applicable, and other lawful transfer mechanisms recognized under applicable data protection laws.
For more information about the specific safeguards in place, contact us at [email protected].
Plane Intelligence provides AI-powered features within the Service, as described in Section 5 of our Terms and the AI Terms.
How AI Features process data. When you use Plane Intelligence on Plane Cloud, your inputs (such as text submitted for summarization or generation) are sent to third-party AI providers for processing. These providers act as sub-processors and are listed at plane.so/legals/sub-processors.
Automated processing. Customer remains solely responsible for any decisions, actions, or automated processes implemented based on AI-generated outputs.
No training on your data. Plane does not use Customer Data to train, fine-tune, or improve general-purpose AI models — whether our own or those of third-party providers. Our agreements with AI sub-processors prohibit them from using your data for model training.
AI outputs. AI-generated outputs are treated as Customer Data and are subject to the same protections. You are responsible for reviewing and verifying AI outputs before relying on them.
Self-hosted and air-gapped AI. If you use AI Features on a self-hosted instance, your data is sent to the configured AI provider directly from your infrastructure — Plane does not act as an intermediary. On air-gapped instances, AI Features that require external connectivity are not available unless you configure a local model.
We and our third-party partners use cookies, pixels, web beacons, and similar technologies on our websites for the following purposes:
Essential cookies. Enable core functionality such as authentication, security, and session management. These cannot be disabled.
Functional cookies. Remember your preferences, language, and settings.
Analytics cookies. Help us understand how visitors use our websites, measure performance, and identify trends.
Marketing cookies. Deliver relevant advertisements and measure the effectiveness of our marketing campaigns.
For detailed information, including specific cookies used and how to manage them, see our Cookie Policy.
You can manage your cookie preferences through our cookie consent banner (displayed on first visit), your browser settings, or third-party opt-out tools such as Your Online Choices or the NAI Opt-Out.
Our websites do not currently respond to "Do Not Track" browser signals. We do honor Global Privacy Control ("GPC") signals where required by applicable law (such as the California Consumer Privacy Act and Delaware Personal Data Privacy Act). When we detect a GPC signal, we treat it as a valid opt-out of the sale or sharing of personal information.
We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Account data. Retained for the duration of your account, plus a reasonable period after account deletion for backups, legal obligations, and dispute resolution.
Payment and billing data. Retained as required by tax and financial reporting obligations (typically 7 years).
Support data. Retained for the duration of your account or until the support matter is resolved, plus any legally required retention period.
Usage and analytics data. Aggregated and retained for analysis; raw logs typically retained for up to 12 months.
Marketing data. Retained until you unsubscribe or request deletion, whichever is earlier.
Telemetry data (self-hosted). Retained in aggregate form; raw telemetry typically retained for up to 12 months.
When personal information is no longer needed, we securely delete or anonymize it. For Customer Data retention and deletion following termination, see Section 9.5 of the Terms.
We implement industry-standard technical, organizational, and administrative safeguards to protect personal information, including encryption in transit (TLS/SSL) and at rest, access controls and role-based permissions for internal systems, regular security assessments and vulnerability testing, employee security training and confidentiality obligations, and incident detection, logging, and monitoring.
Details of Plane's security practices are available at plane.so/security.
Breach notification. In the event of a data breach affecting your personal information, we will notify you and any applicable regulatory authorities in accordance with applicable data protection laws. For Plane Cloud customers, breach notification obligations are also addressed in the DPA.
Your responsibilities. No system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials, choosing strong passwords, and securing the devices you use to access the Service.
Depending on your location and applicable law, you may have the following rights regarding your personal information:
Access. Request a copy of the personal information we hold about you.
Correction. Request that we correct inaccurate or incomplete personal information.
Deletion. Request that we delete your personal information, subject to legal retention requirements.
Portability. Request a copy of your personal information in a structured, machine-readable format.
Restriction. Request that we restrict our processing of your personal information.
Objection. Object to our processing of your personal information based on legitimate interests.
Withdraw consent. Where processing is based on consent, withdraw your consent at any time.
Opt out of marketing. Unsubscribe from marketing communications at any time via the unsubscribe link in any marketing email or by contacting us.
To exercise any of these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law (typically 30 days). We may ask you to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.
If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"):
Right to know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes for collection, and the categories of third parties with whom we share it.
Right to delete. You may request deletion of personal information we have collected from you, subject to certain exceptions.
Right to correct. You may request correction of inaccurate personal information.
Right to opt out of sale/sharing. Plane does not sell your personal information. Plane does not share your personal information for cross-context behavioral advertising.
Right to limit use of sensitive personal information. We do not use or disclose sensitive personal information for purposes beyond what is necessary to provide the Service.
Non-discrimination. We will not discriminate against you for exercising your CCPA rights.
To submit a CCPA request, email [email protected].
Categories collected in the past 12 months: Identifiers (name, email, IP address); commercial information (billing data, purchase history); internet/electronic network activity (usage data, device data); professional information (job title, company); inferences drawn from the above.
We have not sold personal information in the preceding 12 months.
Residents of U.S. states with applicable comprehensive privacy laws (including, without limitation, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana) may have certain rights under applicable law, which may include the right to access, correct, delete, or obtain a copy of their personal information, and the right to opt out of certain types of processing, such as targeted advertising, the sale of personal information, or profiling in furtherance of decisions that produce legal or similarly significant effects. Plane does not sell personal information and does not engage in targeted advertising or profiling in a manner that would trigger such opt-out rights under applicable law. To exercise your rights, contact us at [email protected].
We do not currently sell personal information as defined under Nevada law. To submit an opt-out request, email [email protected] with the subject line "Nevada Do Not Sell Request."
If you are located in the European Economic Area ("EEA"), the United Kingdom, or Switzerland, you have additional rights under the GDPR (or equivalent legislation) with respect to your personal information.
Plane Software, Inc. is the controller of personal information processed in connection with our websites, account management, and direct communications. Where we process Customer Data on behalf of a Customer, that Customer is the controller — see Section 1.
In addition to the rights listed in Section 13, EEA/UK/Swiss residents have the right to lodge a complaint with your local supervisory authority (a list of EEA authorities is at edpb.europa.eu; for the UK, contact the ICO; for Switzerland, the FDPIC), withdraw consent at any time for processing based on consent without affecting the lawfulness of prior processing, and object to processing based on legitimate interests including profiling.
If required under Article 27 of the GDPR, details of our EU/UK representative will be provided upon request. Contact [email protected].
The Service is not directed at children under 16 (or such lower age as prescribed under applicable law). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child below the applicable age, we will promptly delete it. If you believe a child has provided us with personal information, contact us at [email protected].
The Service may contain links to, or integrations with, third-party websites, applications, or services not operated by Plane. This Privacy Policy does not apply to those services. When you connect a third-party integration to Plane (such as GitHub, Slack, or other tools), the data shared with that integration is governed by that third party's privacy policy. Plane is not responsible for the privacy practices of third-party services.
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on this page with a revised effective date, send an email notification to the address associated with your account, and display an in-product notification for Plane Cloud users.
The latest version will always be available at plane.so/legals/privacy-policy. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
If you have questions or requests regarding this Privacy Policy or our privacy practices, contact us at:
Plane Software, Inc.
Email: [email protected]
Web: plane.so/contact
651 N Broad St, Suite 201, Middletown, New Castle County, Delaware 19709
Data Protection inquiries: Contact our team at [email protected].