Security at NotesAO

Your clients’ data is our highest priority. Below is an overview of the safeguards we maintain.

1. Data Encryption

• In transit – All traffic is forced over TLS 1.2 or higher (A-rating on SSL Labs).
• At rest – Database volumes and file objects are encrypted using AES-256.

2. Infrastructure & Network

• Hosted on [your cloud provider] with ISO 27001-certified data centres in the US.
• Firewalls, WAF, and automated DDoS mitigation protect every endpoint.
• Administrative access secured by hardware-token MFA.

3. Back-ups & Disaster Recovery

• Databases are snap-shotted hourly, retained 30 days, and stored cross-region.
• Full disaster-recovery drills performed quarterly.

4. Application Security

• Static code analysis on every pull-request; dependency scanning via [tool].
• OWASP Top-10 penetration tests annually by an independent security firm.

5. Responsible Disclosure

If you believe you have found a security vulnerability, please email security@notesao.com. We investigate all reports promptly.

6. Your Responsibilities

• Use unique, strong passwords for your NotesAO account.
• Keep browsers and operating systems up-to-date.
• Immediately report any suspicious activity to our support team.