Security & Compliance

Your data security is our top priority. Learn how we protect your information.

Security Measures

We implement multiple layers of security to protect your data

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your content is always protected.

Authentication

Secure authentication via Clerk with support for OAuth, multi-factor authentication, and session management.

Access Control

Role-based access control with granular permissions. Control who can view, edit, or manage your content at article and workspace levels.

Infrastructure

Hosted on secure, enterprise-grade cloud infrastructure with 99.9% uptime SLA and automated security updates.

Backups

Automated daily backups with point-in-time recovery. Your data is protected against loss and corruption.

Monitoring

24/7 security monitoring and logging to detect and respond to potential threats in real-time.

Compliance & Privacy

GDPR Compliance

We are designed with GDPR principles in mind. European users have full rights to access, rectify, erase, and port their data. We provide clear consent mechanisms and transparent data processing practices.

CCPA Compliance

California residents have rights under CCPA including the right to know what data is collected, the right to deletion, and the right to opt-out of data sales. We do not sell personal data.

Data Residency

Data is stored in secure, compliant data centers. We use industry-leading cloud providers with appropriate data processing agreements in place.

Third-Party Security

We carefully vet all third-party services and ensure they meet our security standards. Our partners include Clerk (authentication), Convex (database), and PostHog (analytics with consent).

Your Data, Your Control

Data Ownership

You retain full ownership of your content. We never claim ownership or rights to your data beyond what's necessary to provide the service.

Data Export

Export all your data at any time in standard formats. We provide tools to download your articles, attachments, and metadata.

Data Deletion

Delete your content or account at any time. Deleted data is permanently removed from our systems within 30 days, except where required by law.

No Data Mining

We do not sell, rent, or share your personal information or content with third parties for their marketing purposes. Your data is yours alone.

Incident Response

Security Monitoring

We continuously monitor our systems for security threats and vulnerabilities. Automated alerts notify our team of any suspicious activity.

Incident Response Plan

We have a documented incident response plan to quickly identify, contain, and resolve security incidents. Our team is trained to respond effectively.

Breach Notification

In the unlikely event of a data breach, we will notify affected users and relevant authorities within 72 hours as required by law.

Security Questions?

Have questions about our security practices? Contact our security team.

Security Contact

Email: Service@findnotes.app