Your data,
on your terms.
Built for sales teams that take customer data seriously. Strong defaults, transparent practices, no dark patterns. We treat your data the way we’d want ours treated.
Encryption everywhere
TLS 1.3 in transit, AES-256 at rest. Per-tenant keys for sensitive fields. No exceptions, no flags to flip.
SOC 2 — in progress
Type II audit underway. Controls already aligned with the framework. Report available on request once issued.
GDPR & LGPD aligned
Standard DPA available, full data export at any time, right-to-be-forgotten built into the product.
SSO + 2FA
Google, Microsoft, Okta. SAML 2.0 on Scale plan. Time-based 2FA included on every plan.
Data residency
Pick where your data lives — São Paulo, Frankfurt, or Virginia. We never replicate across regions without consent.
Backups & recovery
Encrypted snapshots every 24h, 30-day retention. Point-in-time recovery on Scale.
Audit logs
Every record access, every settings change, logged and exportable. 90-day retention by default.
Penetration testing
Annual third-party pentests. Critical findings remediated within 7 days, others within 30.
Incident response
24/7 on-call. Customers notified within 24h of any confirmed security incident — no exceptions.
Your data is yours
We never sell, share, or rent customer data. We do not train AI models on your records. Full export available at any time, in machine-readable format.
Least access by default
Engineers do not have routine access to production data. Just-in-time approval, time-bound, fully logged. Reviewed quarterly.
Transparent practices
Status page, changelog, breach disclosure policy — public. We’d rather earn trust by showing our work than by claiming it.
Responsible disclosure.
If you believe you’ve found a security vulnerability, please email security@notealy.com. We respond within 24 hours, acknowledge confirmed reports publicly, and offer rewards proportional to severity.