Security

Protecting your data is our top priority.

Data Encryption

All data transmitted between your browser and our servers is encrypted using HTTPS with TLS 1.3. Your content stored in our database is protected with AES-256 encryption at rest. Passwords are never stored in plain text — they are hashed using bcrypt with automatic salting, making them impossible to reverse even if our database were compromised.

Infrastructure

Notara is built on trusted cloud infrastructure:

  • Hosting: Our application is hosted on Vercel's global edge network, providing fast and reliable access worldwide.
  • Database & Storage: User data and files are stored securely in Supabase, which provides enterprise-grade PostgreSQL databases with row-level security and encrypted storage.
  • AI Processing: Transcription and AI features are powered by Google's Gemini AI, processed through secure API connections.

Content Security

We take comprehensive measures to protect all your content within Notara:

  • Notes & Transcripts: All your notes, transcripts, and summaries are stored in our database and accessible only to you through authenticated requests.
  • Uploaded Files: Audio, video, and document files you upload are stored securely in Supabase Storage with access controls.
  • AI Processing: When your content is processed by AI for transcription, summaries, or chat responses, it is sent through secure HTTPS connections to Google's Gemini API.
  • Shared Content: When you share content, unique secure links are generated. You control who has access.

Authentication

User authentication is handled through enterprise-grade security systems:

  • Password Security: Passwords are hashed using bcrypt with a cost factor of 10 and automatic salting. Your password is never stored — only the irreversible hash.
  • Email Security: Email addresses are encrypted during transmission via TLS and stored securely in our database with row-level security policies.
  • Email verification for new accounts.
  • Secure password reset via email verification.
  • Session management with secure, HTTP-only cookies.
  • Social Authentication: Secure OAuth 2.0 integration with Google, Discord, and X (Twitter). When you sign in with a social provider, we receive only the information you authorize (typically your email and profile name). Your social account passwords are never shared with us.

Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor — the highest level of certification available. We never store your credit card information on our servers. All payment data is transmitted directly to Stripe through their secure payment elements.

Data Retention & Deletion

You have full control over your data. You can delete your recordings, notes, transcripts, and any other content at any time from your account. When you delete content, it is permanently removed from our systems. Account deletion removes all associated data.

Reporting Vulnerabilities

We appreciate the contributions of the security research community. If you believe you have found a security vulnerability in Notara, please report it to us at security@notara.org. We take all reports seriously and will respond promptly.