Security and Compliance

_Content

Data Protection

Our team implements cryptographic controls when processing and storing data and performs encryption in accordance with industry standards. All Notch web traffic sent over the public internet is encrypted in transit using the TLS v1.2 protocol, and encryption at rest is performed with AES-256

Network Security

Notch's production services are hosted on leading cloud infrastructure providers like Amazon AWS. We use Amazon's Virtual Private Cloud to protect our network perimeter in addition to web application firewalls and regular vulnerability scanning.

Access Control

Notch maintains audit logs of all activity, errors, and warnings on production systems and uses single sign-on and 2-factor authentication to enforce application access control. Levels of access are granted on a principle of least privilege and use Role-Based Access Control.

Responsible Disclosure Program

We treat the security of our customers very seriously, which is why we carry out rigorous testing and strive to write secure and clean code. Despite our meticulous testing and thorough QA, sometimes bugs occur. For this reason, we encourage the community to responsibly disclose any bugs or issues. Please send reports to security@notch.cx