Security at NotifyHero

Your incident data is sensitive. We treat it that way — with enterprise-grade encryption, strict access controls, and a security-first architecture.

Infrastructure

  • Hosted on AWS with isolated VPCs per environment
  • Multi-AZ deployments for high availability
  • Automated backups with point-in-time recovery
  • DDoS protection via AWS Shield

Data Encryption

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 for all data in transit
  • Encryption keys managed through AWS KMS
  • Database connections encrypted end-to-end

Authentication & Identity

  • Single Sign-On (SSO) via SAML 2.0 and OIDC
  • Multi-factor authentication (MFA) for all accounts
  • API keys with granular scoping and expiration
  • Session management with automatic timeout

Access Controls

  • Role-based access control (RBAC) with least-privilege defaults
  • Comprehensive audit logging for all actions
  • IP allowlisting for API and dashboard access
  • Team-scoped data isolation

Compliance

  • SOC 2 Type II certification in progress
  • GDPR-compliant data handling and retention
  • Third-party penetration testing (planned)
  • Vendor security assessments for all sub-processors

Enterprise SLA

99.99% uptime SLA for Enterprise plans, backed by service credits. We publish real-time status at our status page.

Vulnerability Disclosure

Found a security issue? Report it to security@notifyhero.com. We acknowledge reports within 24 hours and aim to resolve critical issues within 72 hours.