Security Measures

Last Updated: November 20, 2024

At Planck, security isn't just a feature—it's a core principle. We've implemented multiple layers of security measures to ensure your clipboard data remains private, protected, and exclusively accessible to you.

Our security architecture is built on industry-standard encryption protocols and best practices, providing enterprise-grade protection for your sensitive information.

Encryption Standards

We employ AES-GCM-256 (Advanced Encryption Standard with Galois/Counter Mode) for all sensitive data encryption. This is the same encryption standard trusted by:

  • Leading password managers
  • Financial institutions
  • Government agencies for classified information

AES-GCM-256 provides both confidentiality and authenticity, ensuring your data cannot be read or tampered with during transmission or storage. The 256-bit key length makes brute-force attacks computationally infeasible with current technology.

Key Derivation

Your encryption keys are derived using PBKDF2 with the following specifications:

  • 100,000 iterations for enhanced security against brute-force attacks
  • SHA-256 as the underlying hash function
  • Unique salt for each user to prevent rainbow table attacks

Importantly, your encryption keys are never transmitted to our servers. All encryption and decryption happens locally on your device, ensuring true end-to-end encryption.

Data in Transit

All communication between your devices and our servers is protected by multiple security layers:

  • TLS 1.3 for transport layer security
  • End-to-end encryption of clipboard content
  • Perfect Forward Secrecy to protect past communications

Even if a network attacker could intercept your traffic, they would only see encrypted data without the means to decrypt it.

Data at Rest

Your clipboard data is protected both on your devices and our servers:

  • All data is encrypted before storage in our database
  • Encryption keys are stored securely in your operating system's secure enclave
  • Row-level security is enforced to ensure that only your data is accessible to you

Authentication

Our authentication system leverages OAuth 2.0 through trusted providers:

By leveraging OAuth, we eliminate common security risks associated with password-based authentication while providing a seamless and secure login experience.

Incident Response

While we work hard to prevent security incidents, we maintain a comprehensive incident response plan that includes:

  • Rapid incident response procedures
  • User notification protocols

In the unlikely event of a security incident, we commit to transparent communication with our users and swift action to address any vulnerabilities.