Trust Center

Security &
Sovereignty.

Notomir is engineered for the stringent requirements of housing authorities, government agencies, and enterprise operations. Every layer of the stack is built with security as a first principle.

Infrastructure

Encryption & Transport

AES-256 at Rest

All documents and extracted data are encrypted using AES-256-bit encryption before being written to disk. Encryption keys are managed with automatic rotation.

TLS 1.3 in Transit

All data transmitted between your browser, our servers, and downstream processors uses TLS 1.3. Older protocol versions are explicitly disabled.

Sovereign Cloud Hosting

Infrastructure runs on AWS us-east-1 through our Supabase partnership. Your data never leaves secured cloud environments.

Network Isolation

Production systems operate inside private virtual networks with no direct public exposure. Database and processing layers are fully isolated.

Compliance

Regulatory Posture

SOC 2 Type II (planned)

Security controls are being built toward SOC 2 Type II standards covering Security, Availability, and Confidentiality from day one.

Encryption everywhere

AES-256 at rest and TLS 1.3 in transit. Encryption keys are managed with automatic rotation. All document storage is encrypted by default.

Role-based access control

Granular permissions at the user and team level. Staff only see what they need to see. Principle of least privilege enforced throughout.

Data ownership

You retain full ownership of all documents and data. Export anything at any time. No lock-in, no data hostage situations.

Access Control

Identity & Authorization

SAML / SSO

Enterprise plans support SAML 2.0 single sign-on integration with Okta, Azure AD, Google Workspace, and any standard identity provider.

Role-Based Access

Granular RBAC lets administrators assign roles at the user, team, and document-type level. Principle of least privilege enforced throughout.

Audit Logs

Every extraction, review decision, and file action is logged with timestamp and user identity. Logs are immutable and exportable.

Security Research

Responsible Disclosure

We take all security reports seriously. If you discover a potential vulnerability, please report it directly. Do not publicly disclose the issue until we have had reasonable opportunity to investigate and remediate.

sales@notomir.com→

We aim to acknowledge reports within 48 hours and provide a resolution timeline within 5 business days.

Security &Sovereignty.