General Security Overview
We know that our users store important and oftentimes sensitive life details in Notebird. For that reason, Notebird uses Enterprise-grade security.
“Enterprise-grade security” is an all encompassing term for the many industry standard techniques we employ to secure your data. This includes automatically encrypting all data before it is written to disk as well as protecting your data as it travels over the Internet during read and write operations with Transport Layer Security (HTTPS).
Daily Data Backups
The Notebird database, including Customer accounts and information, is backed up on a daily basis. In the case of accidental deletion, data from the moment of any saved backup can be restored to a Customer's account upon request.
Daily backups are purged on a rolling seven-day schedule. Bi-monthly backups may be saved for up to 45 days before being purged from the system. Additionally, all backups for an account are automatically removed at the time of account deletion or can be removed at the request of an account owner.
Verification Security Code
When sweeping changes are requested by a customer we speak to them via phone or Zoom and generate a Verification Security Code directly to their screen (see screenshot below). They verify their identity by repeating the randomly generated code back to our customer care team member. We do this so bad players cannot impersonate the customer or someone from their organization.
We have not had anyone try to impersonate a Notebird user but we are proactive in our security measures to best protect your data.
Please feel free to email [email protected] if you have any questions regarding security and privacy of your data.
Technical Security Overview
For the nerdy ones in the bunch 😉
A number of factors went into choosing our software stack. We wanted Notebird to be collaborative and accessible from anywhere, so it made sense to operate Notebird in the cloud. After reviewing the many providers available, we strategically chose the Google Cloud architecture. Google Cloud (and the Firebase suite of tools specifically) offer many features that both our development efforts and our customers continue to benefit from. Google Cloud not only has remarkable uptime and scalability, it provides industry-leading efforts in data security. Here are a few high-level, technical details:
We host our database in Google's "us-central" region which means it lives in a secure data warehouse here in Oklahoma.
We use Firestore as our database technology. It's a realtime, NoSQL architecture with high availability and scalability.
Each separate organization within Notebird has their own document and corresponding subcollections—completely siloed from anyone else's data. It's very similar to setting up an entirely new database for each organization to keep everyone's data totally independent and secure!
Data within each organization's "mini-database" have a comprehensive set of security rules. These access policies are inherent to Firestore and ensure only users with proper permissions can access the appropriate data.
Data are encrypted at rest. And since we force-SSL, everything is always encrypted in transit too!
As for privacy, we have a number of strict practices in place. I'm a personal advocate for internet and online privacy, so this matter is near and dear to me. Here are some notes on that:
All your user-generated data belongs to you, and always will! We never sell your information to 3rd parties and YOU can choose what to do with it at any time.
Even if your trial or active subscription expires, you can still access your account and all your data. In this case, you may no longer be able to store new information in Notebird, but we never prevent you from getting to your existing data.
Notebird has a comprehensive reporting and export feature, so you can download some or all of your information from Notebird in PDF or CSV at any time.
The only identifiable information of yours the Notebird team accesses internally is to provide support. Our own internal dashboard is restricted to show the minimum amount of information to serve our customers appropriately.
Occasionally, an organization's data will need to be inspected or manipulated manually in more uncommon troubleshooting scenarios. This only happens with a user's express permission and since I'm the only system admin with full access, I handle all these cases personally—again, only accessing the minimum amount of information necessary to solve the issue.
We respect the "right to be forgotten". So if for some reason you no longer wish to remain on Notebird, we can permanently delete your account and all it's associated data—as long as we receive validated permission from the account owner.