Enterprise Grade Security
Keeping your team's data secure is Notejoy's top priority
End-to-end encryption
Notejoy protects your data through robust encryption. All web, desktop, and mobile clients leverage SSL/TLS 1.2 to communicate with Notejoy's servers, ensuring all data is encrypted in transit. Data stored in Notejoy's database is encrypted at rest using industry standard AES-256. All data backups are also similarly encrypted. Encryption keys are stored independently from the underlying encrypted data and files to further protect user data. Notejoy Premium offers full end-to-end encryption, with additional encryption for all user-uploaded images and attachments.
Uptime and availability
Notejoy's production database is setup with full master/slave replication, enabling hot failover immediately if any issues occur with Notejoy's primary database. In addition to that, daily geographically distributed offline backups are taken of our production data to provide even further redundancy.
Notejoy runs many app servers at a time, with traffic load balanced between them. If any app server is experiencing issues, it is automatically removed from the rotation and traffic is sent to the remaining healthy servers. This provides significant redundancy for Notejoy's app servers as well. Daily deployments are done on a rolling basis across app servers to also ensure they do not cause any downtime for the service. Notejoy also has 24/7 monitoring and alerting to ensure the team immediately addresses any availability or performance issues with the service.
Data confidentiality
Rest assured we take your privacy very seriously. The only people who can see your personal library is you. For any team library, the only people who can see the notes within that library are the people who it's shared with. Members of the Notejoy team won't see your notes unless you explicitly choose to share them with us.
Data integrity
Notejoy leverages security best practices to protect access to it's production servers hosted on third-party cloud providers. Notejoy also regularly updates it's production servers and all running server software with the latest security patches to minimize potential vulnerabilities. As part of Notejoy's standard code review process with every code check-in, access control and security considerations are always reviewed.
Data export
At any point you can export all your notes from Notejoy to Google Drive, giving you piece of mind that your data is always accessible to you. From Google Drive you can further export your data to a variety of formats, including Microsoft Word, OpenDocument Format, or Rich Text Format files.
Two-factor authentication
Notejoy allows you to require an extra security token from an authenticator app, like Google Authenticator or Authy, in addition to a password during login to significantly reduce the risks associated with a stolen password.
PCI compliance
Notejoy is fully PCI Level 1 compliant through our billing partner, Stripe. This ensures your payment credentials are always protected, safe, and secure.