// Trust & Security Report
Palo Alto Software
LivePlan is a SaaS business planning platform for entrepreneurs and small business owners, featuring AI-assisted plan creation (Idea Canvas, Plan Builder with AI review), market research, financial forecasting, pitch deck generation, and performance tracking via Plan vs Actuals integration with accounting software.
Certifications held
2
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on help.liveplan.com“Updated Terms of Service with Data Processing Agreement (DPA) with Model Clauses; completed EU-U.S. and Swiss-US Data Privacy Framework Principles certification for international data transfers; GDPR training for all staff.”
Verify on liveplan.com“LivePlan's own posture is self-assessed: 'We submit a self assessment (SAQ A 3.2) for PCI compliance.' The card-association certifications (Visa CISP, MasterCard SDP, Discovery DISC) belong to LivePlan's payment processor, not LivePlan: 'Our credit card processing vendor is a validated Level 1 PCI DSS compliant service provider ... certified as compliant with card association security initiatives, including the Visa Cardholder Information Security and Compliance (CISP), MasterCard Site Data Protection Program (SDP), and Discovery Information Security and Compliance (DISC).'”
> Show 6 unconfirmed / not-held certifications
source: liveplan.comNo public evidence that LivePlan / Palo Alto Software holds its own SOC 2 report. The Security Overview attributes SOC 2 only to the hosting provider (Amazon AWS): 'they submit themselves to regular SOC 2 audits' and offers 'SOC reports for the data centers we use after completing an NDA'. This is a host/data-center certification, not a vendor-level SOC 2 Type II. The prior 'SOC 2 Type II' proof quote could not be found verbatim on the vendor domain.
source: liveplan.comNo public evidence of ISO 27001 certification for LivePlan / Palo Alto Software. ISO 27001 is not mentioned anywhere in the vendor's Security Overview; the earlier proof quote referencing ISO 27001 does not exist on the vendor domain.
source: liveplan.comNo public evidence or mention of HIPAA compliance in vendor documentation. LivePlan is a business planning tool not designed for handling Protected Health Information (PHI).
source: liveplan.comNo public evidence found in vendor documentation.
source: liveplan.comNo public evidence found in vendor documentation.
source: liveplan.comNo public evidence found; however, vendor demonstrates strong AI data governance through AI Privacy policy stating customer data is not used for model training.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Multiple locations (Amazon AWS); EU data subject to GDPR compliance and Data Privacy Framework certification
Vendor explicitly states: 'Data you submit to LivePlan's AI-powered features is not used as training data for any AI models or processing services and cannot be used to improve their products.' Customer data is isolated per-customer and never appears in other customers' AI suggestions.
// Security controls
Data Encryption in Transit
HTTPS/TLS encryption using industry-standard algorithms and certificates; same level as leading banks
liveplan.comData Backup and Redundancy
All account and company data written to multiple disks instantly, backed up daily, and stored in multiple locations
help.liveplan.comPassword Security
Passwords validated against Have I Been Pwned (HIBP) database; compromised passwords rejected; 4-hour auto-logout
help.liveplan.comSecurity Testing
Regular automated security scans; annual third-party penetration testing
liveplan.comData Subject Rights
Users can request access, modification, or deletion of personal data under GDPR and Data Privacy Framework
help.liveplan.com// Products & data scope
data: Business plans, financial data, user-uploaded accounting integrations (QuickBooks, Xero), non-sensitive business information
Core product with AI-assisted features. Does not handle PHI or sensitive health data. Subscription-based SaaS with web access.
data: Business idea validation, customer research, competitive analysis
AI-guided system that pressure-tests business ideas; customer data NOT used for training
data: Industry benchmarks, geographic-specific market data, 50+ verified sources
All sources are citable third-party references, not derived from customer data
data: Revenue, cash flow, balance sheet projections; integrates with accounting software
AI can suggest forecast items but does not train on customer financial data
// What to watch
- Security and AI Privacy policy pages return HTTP 403 to automated fetches; content re-verified via the vendor's own paloalto.com/policies/security mirror and vendor-quoted search results.
- Host-vs-vendor conflation corrected: SOC 2 belongs to the hosting provider (Amazon AWS data centers), NOT to LivePlan / Palo Alto Software. LivePlan has no public vendor-level SOC 2 report (offered only under NDA as data-center SOC reports).
- Over-claim removed: ISO 27001 is not mentioned anywhere in LivePlan's security documentation. The earlier ISO 27001 proof quote did not exist on the vendor domain and was downgraded to held=false.
- PCI scope corrected: LivePlan self-assesses via SAQ A 3.2; the Visa CISP / MasterCard SDP / Discovery DISC certifications are held by its payment processor, not LivePlan.
- Do not confuse Palo Alto Software (maker of LivePlan, Eugene OR) with the unrelated cybersecurity firm Palo Alto Networks, which does hold SOC 2 / ISO 27001. None of Palo Alto Networks' certifications apply to LivePlan.
- No dedicated trust center; compliance information scattered across help pages and policy pages.
// At a glance
Pricing model
Subscription-based SaaS (monthly/annual plans); 35-day money-back guarantee
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Palo Alto Software's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
liveplan.com