Microsoft Project Online retires September 30, 2026 — migrate to a modern platform before it's too late.Start migration

Security at Onplana

Your project data is critical. We protect it with enterprise-grade security — encryption, access controls, audit logging, and data isolation — so you can focus on delivering projects, not worrying about breaches.

Security pillars

Security is built into every layer of the Onplana platform, from authentication to infrastructure.

Encryption everywhere

  • TLS 1.2+ for all data in transit
  • AES-256 encryption for data at rest
  • HTTPS enforced on all endpoints
  • Database connections encrypted via SSL

Authentication & access

  • Two-factor authentication (TOTP) for all accounts
  • SSO via SAML 2.0 and OIDC (Enterprise)
  • SCIM provisioning for automated user lifecycle
  • Role-based access control (org + project level)
  • JWT tokens with version-based invalidation
  • IP allowlisting (Enterprise)

Audit & compliance

  • Comprehensive audit logs for all user actions
  • Security event tracking (logins, password changes, 2FA)
  • Audit log export for compliance reporting
  • Session management with forced logout capability
  • Change control boards for governed projects

Infrastructure

  • Hosted on SOC 2 compliant cloud providers
  • Isolated tenant data with row-level security
  • Automated backups with point-in-time recovery
  • DDoS protection and rate limiting
  • Regular vulnerability scanning and patching

Data protection

  • Multi-tenant isolation — organizations never see each other's data
  • Soft-delete with Recycle Bin (30-day recovery)
  • Data residency controls (Enterprise)
  • Your data is never used to train AI models
  • Data export available at any time (no lock-in)

Organizational controls

  • 5 default roles + custom roles (Business+)
  • 26 granular permission keys (org + project)
  • Configurable permission policies per organization
  • Guest seat management with plan-tier limits
  • Member MFA status visibility for admins

Enterprise security features

Enterprise and Enterprise Plus plans include additional security capabilities for organizations with strict compliance requirements:

SSO (SAML 2.0 & OIDC)
SCIM user provisioning
IP allowlisting
Data residency controls
Audit log export
Customer-managed keys (E+)
Session timeout policies
2FA enforcement (org-wide)

Our security practices

Secure development

Code reviews, dependency scanning, and security-focused testing are part of every release cycle.

Incident response

Documented incident response procedures with defined severity levels and escalation paths.

Penetration testing

Regular third-party penetration testing to identify and address vulnerabilities.

Dependency management

Automated monitoring for known vulnerabilities in third-party dependencies.

Access minimization

Internal access to production systems follows the principle of least privilege with MFA required.

Data handling

Strict policies for data access, retention, and deletion. No customer data on developer machines.

Responsible disclosure

If you discover a security vulnerability in Onplana, please report it responsibly. We appreciate your help in keeping our platform and users safe.

security@onplana.com

Questions about security?

We're happy to answer security questionnaires, provide documentation, or discuss your specific compliance requirements.

Contact us Privacy policy