Security and trust

Datplan DataPull is designed to give users a controlled way to pull authorised source data, prepare reporting outputs, and understand what happened during each run.

Privacy-first and non-cloud reporting model

Datplan DataPull is designed for direct, user-authorised API pulls into the desktop app. Provider datasets are used for local app reporting workflows, dashboards, exports, audit review, and reconciliation output. Datplan does not operate as a cloud-hosted analytics warehouse for Xero or HubSpot datasets.

Direct source pulls

Users authorise supported source accounts, choose the company or tenant, and run source pulls through the desktop app.

What online services handle

AWS-hosted Datplan services handle sign-in, source access, billing state, usage checks, execution state, and support controls.

What online services do not do

Datplan online services are not used as a cloud data warehouse for provider datasets and are not used to host customer BI reports.

Security model in plain English

User-authorised access

Supported sources use user-authorised access flows where available. Users should only connect accounts they are authorised to use.

Source-specific access

Source access is controlled by the source and plan purchased for the user email address.

Support-safe diagnostics

Support content should avoid access tokens, secrets, local paths, raw datasets, and screenshots containing sensitive information.

For IT and technical reviewers

Datplan DataPull is not positioned as a cloud-hosted analytics warehouse. The product focuses on user-authorised source pulls, desktop reporting workflows, ETL, export generation, audit output, and reconciliation logs. Public documentation avoids exposing internal infrastructure names, secrets, private URLs, or implementation identifiers.

Technical reviewers should assess user access, source permissions, export handling, device controls, support-data handling, and source-provider permissions as part of their own internal controls.

Support safety rules

Direct API pulls and source-provider boundaries

Datplan DataPull is designed for private direct API pulls into the desktop app workflow, not cloud-hosted analytics storage. Datplan does not own or control third-party source providers. Source availability, rate limits, public-register content, and data accuracy remain subject to the relevant source provider.