// Trust & Security Report

    Palo Alto Software logo

    Palo Alto Software

    LivePlan is a SaaS business planning platform for entrepreneurs and small business owners, featuring AI-assisted plan creation (Idea Canvas, Plan Builder with AI review), market research, financial forecasting, pitch deck generation, and performance tracking via Plan vs Actuals integration with accounting software.

    Certifications held

    2

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR Compliance
    HELD

    Updated Terms of Service with Data Processing Agreement (DPA) with Model Clauses; completed EU-U.S. and Swiss-US Data Privacy Framework Principles certification for international data transfers; GDPR training for all staff.

    Verify on help.liveplan.com
    PCI DSS (SAQ A self-assessment)
    HELD

    LivePlan's own posture is self-assessed: 'We submit a self assessment (SAQ A 3.2) for PCI compliance.' The card-association certifications (Visa CISP, MasterCard SDP, Discovery DISC) belong to LivePlan's payment processor, not LivePlan: 'Our credit card processing vendor is a validated Level 1 PCI DSS compliant service provider ... certified as compliant with card association security initiatives, including the Visa Cardholder Information Security and Compliance (CISP), MasterCard Site Data Protection Program (SDP), and Discovery Information Security and Compliance (DISC).'

    Verify on liveplan.com
    > Show 6 unconfirmed / not-held certifications
    SOC 2 Type II
    NOT CONFIRMED

    No public evidence that LivePlan / Palo Alto Software holds its own SOC 2 report. The Security Overview attributes SOC 2 only to the hosting provider (Amazon AWS): 'they submit themselves to regular SOC 2 audits' and offers 'SOC reports for the data centers we use after completing an NDA'. This is a host/data-center certification, not a vendor-level SOC 2 Type II. The prior 'SOC 2 Type II' proof quote could not be found verbatim on the vendor domain.

    source: liveplan.com
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification for LivePlan / Palo Alto Software. ISO 27001 is not mentioned anywhere in the vendor's Security Overview; the earlier proof quote referencing ISO 27001 does not exist on the vendor domain.

    source: liveplan.com
    HIPAA
    NOT CONFIRMED

    No public evidence or mention of HIPAA compliance in vendor documentation. LivePlan is a business planning tool not designed for handling Protected Health Information (PHI).

    source: liveplan.com
    ISO 27017 (Cloud Security)
    NOT CONFIRMED

    No public evidence found in vendor documentation.

    source: liveplan.com
    ISO 27018 (Personal Data Protection in Cloud)
    NOT CONFIRMED

    No public evidence found in vendor documentation.

    source: liveplan.com
    ISO 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence found; however, vendor demonstrates strong AI data governance through AI Privacy policy stating customer data is not used for model training.

    source: liveplan.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Multiple locations (Amazon AWS); EU data subject to GDPR compliance and Data Privacy Framework certification

    Vendor explicitly states: 'Data you submit to LivePlan's AI-powered features is not used as training data for any AI models or processing services and cannot be used to improve their products.' Customer data is isolated per-customer and never appears in other customers' AI suggestions.

    // Security controls

    Data Encryption in Transit

    HTTPS/TLS encryption using industry-standard algorithms and certificates; same level as leading banks

    liveplan.com

    Data Backup and Redundancy

    All account and company data written to multiple disks instantly, backed up daily, and stored in multiple locations

    help.liveplan.com

    Password Security

    Passwords validated against Have I Been Pwned (HIBP) database; compromised passwords rejected; 4-hour auto-logout

    help.liveplan.com

    Security Testing

    Regular automated security scans; annual third-party penetration testing

    liveplan.com

    Infrastructure Provider

    Amazon AWS with regular SOC 2 audits

    liveplan.com

    Data Subject Rights

    Users can request access, modification, or deletion of personal data under GDPR and Data Privacy Framework

    help.liveplan.com

    // Products & data scope

    LivePlan Business Planning PlatformBusiness Planning & Forecasting

    data: Business plans, financial data, user-uploaded accounting integrations (QuickBooks, Xero), non-sensitive business information

    Core product with AI-assisted features. Does not handle PHI or sensitive health data. Subscription-based SaaS with web access.

    Idea Canvas (AI Feature)AI-Assisted Planning

    data: Business idea validation, customer research, competitive analysis

    AI-guided system that pressure-tests business ideas; customer data NOT used for training

    Market Research ModuleMarket Intelligence

    data: Industry benchmarks, geographic-specific market data, 50+ verified sources

    All sources are citable third-party references, not derived from customer data

    Financial ForecastingFinancial Modeling

    data: Revenue, cash flow, balance sheet projections; integrates with accounting software

    AI can suggest forecast items but does not train on customer financial data

    // What to watch

    • Security and AI Privacy policy pages return HTTP 403 to automated fetches; content re-verified via the vendor's own paloalto.com/policies/security mirror and vendor-quoted search results.
    • Host-vs-vendor conflation corrected: SOC 2 belongs to the hosting provider (Amazon AWS data centers), NOT to LivePlan / Palo Alto Software. LivePlan has no public vendor-level SOC 2 report (offered only under NDA as data-center SOC reports).
    • Over-claim removed: ISO 27001 is not mentioned anywhere in LivePlan's security documentation. The earlier ISO 27001 proof quote did not exist on the vendor domain and was downgraded to held=false.
    • PCI scope corrected: LivePlan self-assesses via SAQ A 3.2; the Visa CISP / MasterCard SDP / Discovery DISC certifications are held by its payment processor, not LivePlan.
    • Do not confuse Palo Alto Software (maker of LivePlan, Eugene OR) with the unrelated cybersecurity firm Palo Alto Networks, which does hold SOC 2 / ISO 27001. None of Palo Alto Networks' certifications apply to LivePlan.
    • No dedicated trust center; compliance information scattered across help pages and policy pages.

    // At a glance

    Pricing model

    Subscription-based SaaS (monthly/annual plans); 35-day money-back guarantee

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Palo Alto Software's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    liveplan.com

    > Browse all vendor trust reports