NoteWave
NoteWave Logo
Help Center
Home
Updated Feb 2, 2026|5 min read

Data Security Overview

Enterprise-grade security protecting your meeting data.

Introduction

NoteWave implements enterprise-grade security measures to protect your meeting recordings, transcripts, and personal data. This article explains our comprehensive security infrastructure and the protections we provide.

Data Encryption

All your data is encrypted both in transit and at rest using industry-standard protocols.

In Transit

TLS 1.3 encryption protects all data moving between your device and our servers, preventing interception.

At Rest

AES-256 encryption secures stored data in our databases and file storage systems.

Bank-Level Security
The encryption standards we use (TLS 1.3 and AES-256) are the same protocols used by financial institutions worldwide.

Infrastructure Security

NoteWave is built on trusted, certified infrastructure providers with proven security track records.

Our infrastructure partners:

  • Supabase - Database, authentication, and real-time features (SOC 2 Type II certified)
  • Vercel - Frontend hosting with global CDN (SOC 2 compliant)
  • Fly.io - Backend Python hosting for transcription processing
  • LemonSqueezy - PCI-DSS compliant payment processing

Authentication & Access Control

Multiple layers of authentication protect your account from unauthorized access.

Security features:

  • OAuth 2.0 - Secure login via Google or GitHub without sharing passwords
  • JWT Sessions - Cryptographically signed tokens prevent session hijacking
  • Password Encryption - Passwords are hashed using bcrypt before storage
  • Multi-Factor Authentication - Optional 2FA for additional account protection
Best Practice
Use OAuth login (Google or GitHub) instead of password-based authentication for enhanced security.

Row Level Security (RLS)

Database-level security policies ensure you can only access your own data.

What RLS protects:

  • Meetings and transcripts are isolated to their owners
  • Shared transcripts enforce explicit permission checks
  • Team data requires membership verification
  • Payment and subscription data is strictly user-specific

Even if our application code had a bug, RLS policies at the database level would prevent unauthorized data access.

Security Monitoring

Continuous monitoring detects and responds to security threats in real-time.

24/7 Monitoring

Automated systems watch for suspicious activity, failed login attempts, and anomalous data access patterns.

Automated Backups

Daily encrypted backups ensure data recovery in case of system failures or disasters.

Webhook Security

Integration webhooks (Zoom, Teams, LemonSqueezy) use HMAC-SHA256 signature verification to prevent tampering and unauthorized requests.

Cryptographic Verification
Every webhook request is cryptographically signed. We reject any request with an invalid signature, ensuring only legitimate services can communicate with NoteWave.

Data Breach Notification

In the unlikely event of a data breach, we will notify affected users within 72 hours and inform relevant authorities as required by GDPR and POPIA.

Our response includes:

  • Immediate notification to affected users
  • Clear information about the nature and scope of the breach
  • Steps we're taking to contain and remediate the issue
  • Recommendations for protecting your account

Security Limitations

While we implement comprehensive security measures, no system is 100% secure. You play a critical role in protecting your account.

Your Responsibility
Use strong, unique passwords. Never share your credentials. Enable two-factor authentication. Report suspicious activity immediately to contact@blazesolutions.ai.

Was this article helpful?

Your feedback helps us improve our documentation.