Noted takes the safety of your data very seriously. That is why it is at the forefront of everything we do.

To honour this commitment, we engage in the following multi-layered data protection processes.

A laptop showing the Noted app and the cloud connection where data is backed up

Current security features

World class storage facilities

Noted is hosted by Amazon Web Services whose data centres and network architecture are built to meet the requirements of the most security-sensitive organisations around the world.

Accreditations and compliance certifications

As mentioned we use Amazon Web Services (AWS) as our hosting partner. It’s accreditations include:

  • GDPR (European privacy standard)
  • HIPAA (US health privacy standard)


All client data is encrypted in transit and at rest and is not stored on user devices. Sensitive data, such as identity data, is encrypted at field level and uses an advanced identity and key management system that ensures secure and managed access to data. This allows us to compartmentalise data to reduce impact and risk.

24/7 monitoring

Our infrastructure is monitored 24/7/365 days of the year by automated systems and also by our managed service partners. Noted has an on-site security officer who is responsible for Noted’s Information and Security programme. This programme is focused on identifying any foreseeable and internal risks, as well as conducting frequent risk assessments and testing to minimise any potential security threats.


Noted is constantly updating and improving its infrastructure and processes to comply with various standards including HIPAA, GDPR, CIS, HISO. Noted has also been trusted to connect to the Ministry of Health and ACC - in New Zealand, as well as other sensitive environments.

Limited access

The Noted team has limited access to customer data; only what has been agreed upon in customer contracts and agreements. User access is also strictly monitored and governed to reduce risk, e.g: access is instantly revoked from staff if it is no longer needed.


Noted data is backed-up at least daily and stored in multiple secure locations. Backups are also encrypted and stored in secure long-term storage for at least eight years.

API security

Noted has the ability to integrate with your organisation using our restful API. Our API provides strong encryption, secure authentication, and authorisation, and all actions and traffic is logged and audited for security purposes.

No data sharing

Noted does not disclose or share any of your data with third parties or outside sources - except if we are required to by law, or at your request.

Need to know more?

If you would like to know more, please feel free to contact us at

icon/chrome@Fill 1orgPage 1Shapeicon/resolutionticktick