Security Summary

Holistiplan was founded by two long-time financial planners. We understand the importance of securing your client's data. Holistiplan will follow IT security best practices to develop our software.

Holistiplan's physical infrastructure is hosted and managed by Amazon Web Services (AWS). AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards to protect personal data. AWS's network and infrastructure also have multiple layers of protection to protect against denial-of-service attacks.

In addition to using a best-in-breed cloud service provider, all documents uploaded to our application are encrypted, at rest and in transit, with 256-bit TLS. User credentials are salted and hashed before being stored.

While we recognize the tax return contains personal identifying information (PII), we do not store the taxpayer's Social Security number(s) or home address in our database. The advisor has the ability to delete the return once they have used the software and all PII data will be permanently deleted from the server.

We will continue to take every precaution possible to protect client data. Holistiplan commits to going through annual penetration tests to test any vulnerabilities. We will then investigate and fix any potential vulnerabilities identified. If you would like to report a vulnerability or a security concern, please contact us at

We know you may have more questions. For more details and for your Vendor Due Diligence files, please download our robust Holistiplan Due Diligence Report. We feel this document will answer most, if not all, your questions regarding Holistiplan's Security policies. If it doesn't, please let us know at and we will get those questions answered, and added to this Due Diligence Report for everyone else.