Noto Security & Privacy
Our commitment to security
At Noto, we take the safety, security, and privacy of customer and end-user data seriously. We use modern, industry-standard security practices and trusted infrastructure to protect your information, and we continuously improve our systems as we grow. Our goal is to keep your data secure, private, and reliable, so you can focus on running your business with confidence.
Data Security
All customer and end-user data is stored on secure, cloud-based infrastructure hosted on Amazon Web Services (AWS), one of the most trusted and widely used cloud platforms in the world.
Noto uses encrypted connections (TLS/HTTPS) across the entire application for all data transmitted between your browser and our servers. Data is encrypted in transit and protected using current best practices for application and database security.
Access to Noto systems is restricted to authorized users only. We use authentication, authorization, and role-based access controls to ensure users can only access data appropriate to their role. We maintain regular backups and routinely test our backup and restoration procedures to ensure data can be recovered in the unlikely event of an outage or security incident.
Financial Data Security
Noto does not store sensitive banking or card details on its own servers.
All payment processing is handled by Finix, a trusted third-party payments provider that adheres to strict security standards in the payments industry. Finix uses strong encryption and is audited for PCI compliance to securely handle payment information.
Noto employees do not have access to customer banking details or full payment credentials. Payment data is tokenized and managed by our payment processor to reduce risk and protect both organizations and their customers.
Information Access
Noto is designed to ensure that sensitive information is accessible only to authorized individuals.
Within each organization, access to data and features is managed through clearly defined roles and permissions. Organization administrators can control and review staff access, while Noto enforces these permissions at the system level to prevent unauthorized access.
End-user information (such as parents, students, or members) is only visible to the organization and its authorized users. Noto provides built-in safeguards and auditability to help organizations manage access responsibly and securely.
Privacy
Noto does not sell, rent, or share personal information with third parties for advertising or marketing purposes.
Customer data—including contact information, scheduling details, and uploaded content—remains the property of the organization and its users. Noto does not claim ownership of any customer or end-user content stored on the platform.
We use customer data solely to operate, maintain, and improve the Noto service, and to meet legal or contractual obligations, in accordance with our Privacy Policy.
Questions or concerns?
Protecting your data is a core responsibility we take seriously. If you have any questions about security, privacy, or data handling at Noto, please don’t hesitate to contact our team.
