Security
Your data is safe with us.
We take security seriously. Here's a summary of how we protect your data and your account.
JWT-based sessions
We use JSON Web Token (JWT) sessions. No passwords are stored — authentication is handled via Google OAuth or email magic links only.
HTTPS everywhere
All traffic between your browser and Notase is encrypted in transit using TLS. We enforce HTTPS on all endpoints with no HTTP fallback.
Encrypted database at rest
Your data is stored on Neon PostgreSQL with encryption at rest. Database credentials are never exposed to the client or included in any API response.
Workspace isolation
Every user belongs to a workspace. All API routes enforce workspace-level authorization — you can only read or modify data that belongs to your workspace.
No data sold to third parties
We do not sell, rent, or share your data with advertisers or data brokers. Your listing content is used solely to provide the Notase service.
SOC 2-aligned practices
Our infrastructure and access controls are designed with SOC 2 Type II principles in mind — least privilege access, audit logging, and no shared credentials.
Minimal third-party services
We rely on a small number of vetted vendors: Neon for database hosting, Resend for transactional email, and OpenAI for AI generation. No unnecessary third-party data exposure.
Found a security issue? Please email us at support@notase.com and we'll respond within 24 hours.