// security

Security built for sensitive meetings.

Notabium is designed for therapists, lawyers, doctors, and anyone whose conversations should not live on a vendor's server. Here is exactly how we keep it that way.

Default posture: local

Audio, transcripts, and AI summaries are stored on your machine. The app cannot upload them without a deliberate user action. Three cloud features (Hosted summaries, share links, bot mode) require explicit opt in per feature, and within those, opt in per meeting.

Three template families are locked to local processing

Therapy session, legal deposition, and medical consult templates can never call any cloud LLM. The enforcement lives in the app code, not in a settings toggle. Even if you have Notabium Hosted enabled, summaries for these template families run on local Qwen3 only.

Encryption

In transit: TLS 1.3 on every endpoint. HSTS preload on notabium.com. Modern cipher suites only.
At rest: Cloudflare R2 server side encryption with managed keys for share videos. Supabase Storage with server side encryption for sync blobs.
End to end: cross device sync uses libsodium secretstream xchacha20poly1305 with a key derived from a passphrase you set. We never see the plaintext.
OS keychain: OAuth tokens, BYOK API keys, and license tokens live in macOS Keychain or Windows DPAPI, not in plaintext files.

Signed binaries and signed updates

Every desktop release is signed twice:

The macOS binary is signed with our Developer ID certificate and notarized by Apple.
The Windows binary is signed with our EV code signing certificate.
The auto updater verifies every release against our minisign Ed25519 public key, which is baked into the app at build time. A compromise of our update server alone cannot push a malicious update.

// tauri.updater.pubkey
key_id: C8E62C3CE23F1411
algo: Ed25519

Bot mode disclosure

When you schedule a Pro+ bot, the bot identifies itself in the participant list. It joins muted, with the camera off. It does not pretend to be a person. The default display name includes the word "Recorder" so attendees can see what is happening.

Compliance posture

GDPR aligned: by design. Data minimisation by default. DPA on request.
HIPAA compatible architecture: local processing means PHI does not flow to vendors. A BAA with covered entities is available on Enterprise.
SOC 2: in progress. We rely on Cloudflare's underlying SOC 2 Type II controls and are building our own organisational controls toward certification.
FedRAMP, IL2/4/5: not yet. Enterprise customers requiring these should reach out about self hosted deployment.

Responsible disclosure

If you find a security issue, please email security@notabium.com. We acknowledge within 24 hours and work with you on a disclosure timeline. No bug bounty yet, but we credit reporters in release notes if they want.

Do not disclose publicly until we have shipped a fix. We aim to ship security fixes within 7 days of confirmed reports.