Security
Trust Ideanote to keep your data secure and meet your compliance requirements.
Ideanote supports SSO through SAML 2.0, SCIM provisioning, domain claiming, and device management integrations so only approved users and trusted devices ever reach your workspace.
All customer data in Ideanote is encrypted both in transit and at rest by default. Enterprise admins gain additional visibility and control with audit logs, advanced permission settings, and integrations with audit log aggregators to safeguard your information.
Features such as global retention policies, export controls, and audit trails help organizations manage compliance obligations and maintain oversight across the full lifecycle of their ideas.
Ideanote offers standard cloud hosting, regional data residency, dedicated single‑tenant deployments, and fully self‑managed on‑premise installations—giving you control over where and how your data is hosted.
Security
We take a security-by-design approach to protect your data. Our infrastructure, policies, and processes are continuously monitored by Drata to ensure compliance with industry standards.
Encryption Everywhere
All data that flows through Ideanote is encrypted using strong cryptography both when it is sent across the internet (TLS 1.2+) and when it is stored in our databases or file systems (AES-256). This ensures that your data is protected against unauthorized access, whether it’s moving between systems or sitting at rest in storage.
Least-Priviledge Access
Access to customer data is granted only when strictly necessary and always limited to the minimum required. Every employee has unique accounts, multi-factor authentication is enforced, and terminated accounts are automatically removed within one business day. This prevents unnecessary exposure and reduces risk in case of human error or malicious intent
Continous Monitoring
With Drata, our infrastructure, endpoints, and policies are monitored around the clock. Automated alerts and daily evidence collection ensure that security controls are active and effective every single day.
Secure Development Lifecycle
Our software development lifecycle (SDLC) includes multiple safeguards. Every code change undergoes peer review, automated testing, and security scans before release. Dependencies are continuously checked for vulnerabilities, and builds are validated in separate development, staging, and production environments. MFA is enforced for all code repositories, deployment systems, and pipelines, ensuring secure practices from code creation to deployment.
Clear Reporting Structure
We maintain documented internal processes and external contacts so vulnerabilities and incidents can be reported and addressed quickly and transparently.
Secure Authentication
Ideanote supports multiple enterprise‑grade authentication methods, including SAML 2.0, SCIM, JWT, OpenID and more. These options give organizations strong control over identity management and provide secure, streamlined access for their teams.
Privacy
Your data stays yours. We design our platform and policies to ensure confidentiality, transparency, and compliance with global standards.
How we Handle your Data
Our team is dedicated to developing and maintaining data privacy safeguards that align with industry best practices. We provide ongoing training to ensure our employees are up to date with evolving legislation and privacy standards. Every employee and contractor signs confidentiality and non-disclosure agreements, and vendors handling personal data must meet the same strict requirements.
Agreements
The Ideanote Terms and Data Processing Addendum describe in detail our data privacy practices, standards, and safeguards. These agreements are regularly reviewed and updated to ensure compliance with GDPR, CCPA, and other global data protection laws.
Data Governace
We apply policies and procedures that govern the entire data lifecycle from collection and processing to distribution, storage, and deletion. This ensures your information remains secure, private, accurate, and accessible throughout its use.
Security infrastructure
Ideanote’s infrastructure is designed with layers of protection to help ensure your data is secure while transmitted, stored, or processed. Protections include but are not limited to encryption, least privilege access, secure software development.
Compliance
We align with leading frameworks and undergo independent audits to provide assurance that your data is handled responsibly.
SOC2 Type II
Our systems and controls are audited against the AICPA Trust Services Criteria, verifying that Ideanote maintains effective safeguards over security, availability, and confidentiality over time. Ideanote is proud to be SOC 2 Type II certified by an independent third-party auditor, ensuring customers that our security controls have been attested and validated. We are constantly looking for ways to not only improve security for our product but also with how we conduct business on a daily basis.
GDPR Compliance
As the GDPR is considered the most stringent global privacy framework and because Ideanote is based in the EU we map our privacy program to its requirements and other international regulations. Customers have rights to access, correct, delete, and restrict the use of their personal data in accordance with GDPR.
Data Residency Options
Data residency for Ideanote lets organizations choose the country or region where they want to store their encrypted data at rest. Ideanote supports the EU, US, CA and AE regions out of the box. It gives customers the flexibility to comply with regional regulations like the Canadian Provincial Privacy Regulation, the Australian Privacy Act of 1988 or the KSA Data Sovereignty Policy.
On-Premise Hosting
For organizations with strict compliance or security mandates, Ideanote also offers fully self‑managed installations that provide maximum control over data location, infrastructure, and operational policies. With Ideanote you can keep all company ideas behind your firewall.
Reliability
Innovation requires a platform you can depend on. Ideanote is built with resilience and continuity in mind.
Automatic Load Balancing
Load balancing and a clustered architecture ensure high availability for our webapp and API. Ideanote's system scales automatically with demand and can handle traffic peaks for global campaigns without a problem.
Backup and Retention
All databases are backed up daily, with versioned storage and defined retention periods. This ensures data can be restored reliably and quickly.
Cloud Monitoring and Alerts
Core infrastructure, including databases and messaging queues, is continuously monitored. Automated alerts escalate issues before they impact availability.
Business Continuity
A tested disaster recovery and business continuity plan ensures services can be restored quickly in case of incidents. Lessons learned from testing feed into continuous improvements.
AI Governance
AI in Ideanote is designed to empower users, not compromise security or privacy. Our governance model ensures safe, transparent, and user‑centric AI features.
No Training on Customer Data
Ideanote does not use Content to train AI or similar systems. Ideanote also ensures that it has contracts in place with any third-party subprocessors involved that prevent them from using customer content to train their models.
Regional AI
For our Data Regions, AI is also kept inside the local cluster. This ensure that your customer data stays within geographic boundaries and you can stay compliant.
Fine-Grained Control
With Ideanote you have the option to turn all or some AI features off for your workspace. You decide where AI comes into play and who has access to it.
Bring-your-own-Key
Ideanote is open to BYOK approaches for AI where requests are sent to your own cloud AI providers for even more control. While this is not enabled in our interface we can work with you to enable AI your way.