Security and Compliance

Your data security is a top priority at Notably. Your data contains information that only you and your customers need to see, and we intend to keep it that way. Every day we ensure that our security is parallel with industry standards and compliance.


Notably is currently partnered with Vanta and in the process of working toward SOC 2 type I by the end of Q2 2023 and SOC 2 type II by mid-2023.

Our organization is simultaneously working toward HIPPA compliance and ISO 27001. As of Q1 2023, we can furnish our in-progress trust reports upon request for more details about our progress.


GDPR & privacy compliance is critical for businesses to be able to function today. Notably is GDPR and CCPA compliant, and also enables your business to choose your own compliance preferences.

Data & Network Security

Notably uses Amazon Web Services (AWS) facilities in the USA to hosts its software. You can see Amazon’s compliance and security documents for more detailed information, including SOC 13 and ISO 27001. Notably’s servers are located within our own virtual private cloud (VPC), protected by restricted security groups. We ensure that only the minimal required communication occurs between servers.

Third-party Subprocessors

Notably currently uses third-party Subprocessors to provide various business functions after due diligence to evaluate their defensive posture and executes an agreement requiring each Subprocessor to maintain minimum acceptable security practices.

Security Policies

Notably conducts mandatory code reviews for code changes and periodic and in-depth security reviews. Notably’s testing and development environments are separated from its production environment. Background screening is conducted for all new hires. Every year, engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and Notably security controls. Notably maintains a formal response plan for significant incidents.

Application Security

The web application architecture and implementation follow OWASP guidelines. They are built in into web frameworks that Notably is built on top of. Notably supports SSO via Auth0. Notably does not store passwords in the database. Audit logging lets administrators see when users last logged in or when they last changed their password. Access to Notably applications are logged and audited.