You can control how users access Anaplan data through standard web-based login and single sign-on. The logout and timeout behaviors ensure users know they've successfully logged out and ensure Anaplan isn't left idle and unattended for too long.

Data in Anaplan is encrypted with one of these methods, and depends on the status of the data:

• Data in transit uses HTTPS with 2048-bit certificates. Transport Layer Security (TLS) 1.2 is the minimum version that Anaplan supports, and TLS 1.3 is the maximum supported version.
• The session key length is negotiated by the user's browser, which uses the strongest available encryption.
• Data at rest uses AES-256 full-disk encryption.

These security and privacy-related frameworks, audits, and certifications apply to Anaplan:

• Service Organization Control (SOC) reports
• TRUSTe Privacy Seal
• EU – US Privacy Shield
• Cloud Security Alliance STAR

See our Privacy Shield status on the Privacy Shield Framework website .