General Security Overview
We know that our users store important and oftentimes sensitive life details in Notebird. For that reason, Notebird uses Enterprise-grade security.
Enterprise-Grade Security
“Enterprise-grade security” is an all encompassing term for the many industry standard techniques we employ to secure your data. This includes automatically encrypting all data before it is written to disk as well as protecting your data as it travels over the Internet during read and write operations with Transport Layer Security (HTTPS).
Daily Data Backups
The Notebird database, including Customer accounts and information, is backed up on a daily basis. In the case of accidental deletion, data from the moment of any saved backup can be restored to a Customer's account upon request.
Daily backups are purged on a rolling seven-day schedule. Bi-monthly backups may be saved for up to 45 days before being purged from the system. Additionally, all backups for an account are automatically removed at the time of account deletion or can be removed at the request of an account owner.
2-Factor Text Message Authentication
Put simply, 2-Factor Text Message Authentication (2FA) is an extra layer of security in which users provide two different passcodes to verify themselves when logging into Notebird. Notebird is doing everything we can to keep your data safe with secure practices, procedures and systems. Two-Factor Authentication is how you can play your part in protecting your account. Click here to see how to enable 2FA for your user account.
Technical Security Overview
Deeper insights for the nerdy ones in the bunch 😉 from our Cofounder and Chief Technology Officer
A number of factors went into choosing our software stack. We wanted Notebird to be collaborative and accessible from anywhere, so it made sense to operate Notebird in the cloud. After reviewing the many providers available, we strategically chose the Google Cloud architecture. Google Cloud (and the Firebase suite of tools specifically) offer many features that both our development efforts and our customers continue to benefit from. Google Cloud not only has remarkable uptime and scalability, it provides industry-leading efforts in data security. Here are a few high-level, technical details:
We host our database in Google's "us-central" region which means it lives in a secure data warehouse here in Oklahoma.
We use Firestore as our database technology. It's a realtime, NoSQL architecture with high availability and scalability.
Each separate organization within Notebird has their own document and corresponding subcollections—completely siloed from anyone else's data. It's very similar to setting up an entirely new database for each organization to keep everyone's data totally independent and secure!
Data within each organization's "mini-database" have a comprehensive set of security rules. These access policies are inherent to Firestore and ensure only users with proper permissions can access the appropriate data.
Data are encrypted at rest. And since we force-SSL, everything is always encrypted in transit too!
As for privacy, we have a number of strict practices in place. I'm a personal advocate for internet and online privacy, so this matter is near and dear to me. Here are some notes on that:
All your user-generated data belongs to you, and always will! We never sell your information to 3rd parties and YOU can choose what to do with it at any time.
Even if your trial or active subscription expires, you can still access your account and all your data. In this case, you may no longer be able to store new information in Notebird, but we never prevent you from getting to your existing data.
Notebird has a comprehensive reporting and export feature, so you can download some or all of your information from Notebird in PDF or CSV at any time.
The only identifiable information of yours the Notebird team accesses internally is to provide support. Our own internal dashboard is restricted to show the minimum amount of information to serve our customers appropriately.
Occasionally, an organization's data will need to be inspected or manipulated manually in more uncommon troubleshooting scenarios. This only happens with a user's express permission and since I'm the only system admin with full access, I handle all these cases personally—again, only accessing the minimum amount of information necessary to solve the issue.
We respect the "right to be forgotten". So if for some reason you no longer wish to remain on Notebird, we can permanently delete your account and all it's associated data—as long as we receive validated permission from the account owner.
-Chris D.
(Cofounder & Chief Technology Officer)