Security
Security & Trust

Your Data is Safe & Secure

We take security seriously. Learn about the comprehensive measures we've implemented to protect your data and ensure the privacy and security of your information.

Last updated: December 15, 2024

Security at a Glance

256-bit Encryption

Military-grade encryption for all data

SOC 2 Certified

Third-party audited security controls

24/7 Monitoring

Continuous security monitoring

Global Compliance

GDPR, CCPA, and more

Our Security Measures

Comprehensive protection at every layer

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption

  • TLS 1.3 for all data transmission
  • AES-256 encryption for data at rest
  • RSA-4096 for key exchange
  • Perfect Forward Secrecy (PFS)

Multi-Factor Authentication

Secure your account with multiple layers of authentication

  • TOTP-based authenticator apps
  • SMS verification (backup)
  • Hardware security keys (WebAuthn)
  • Recovery codes for emergency access

Infrastructure Security

Enterprise-grade cloud infrastructure with multiple security layers

  • AWS SOC 2 Type II compliant infrastructure
  • Regular automated security scans
  • Network segmentation and firewalls
  • Intrusion detection and prevention

Access Controls

Strict access controls and monitoring for all system components

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access reviews
  • Audit logs for all admin actions

Employee Security

Comprehensive security training and background checks for all team members

  • Background checks for all employees
  • Regular security awareness training
  • Zero-trust access policies
  • Secure development practices

Incident Response

24/7 monitoring and rapid response to security incidents

  • 24/7 security operations center
  • Automated threat detection
  • Incident response playbooks
  • Coordinated vulnerability disclosure

Certifications & Compliance

Independently verified security and compliance standards

SOC 2 Type II

Annual third-party audit of our security controls

Certified 2024

ISO 27001

International standard for information security management

In Progress 2024

GDPR Compliant

Full compliance with European data protection regulations

Certified 2024

CCPA Compliant

California Consumer Privacy Act compliance

Certified 2024

Security Practices

How we maintain security across all operations

Development Security

  • Secure coding standards and reviews
  • Automated security testing in CI/CD
  • Dependency vulnerability scanning
  • Static and dynamic code analysis
  • Regular penetration testing

Data Protection

  • Data minimization principles
  • Automatic data retention policies
  • Secure data backup and recovery
  • Data anonymization techniques
  • Geographic data residency controls

Operational Security

  • 24/7 security monitoring
  • Automated threat detection
  • Regular security assessments
  • Vendor security evaluations
  • Business continuity planning

Report Security Issues

Help us keep everyone safe by reporting security vulnerabilities responsibly

Security Email

security@notesmaker.ai

Encrypted Communication

Use our PGP key for sensitive reports

Responsible Disclosure Guidelines

  • • Report vulnerabilities privately before public disclosure
  • • Provide detailed information about the vulnerability
  • • Allow reasonable time for us to address the issue
  • • We typically respond within 24-48 hours
  • • We acknowledge and credit security researchers publicly

Security Documentation

Access additional security resources and documentation