Security
How CloseNote protects your data
Passwords
Passwords are hashed using bcrypt before storage. We never store or transmit plain-text passwords. Even we cannot see your password.
Encrypted storage
Call transcripts, notes, and Salesforce tokens are encrypted at rest using AES-128-CBC with HMAC-SHA256 (Fernet). Your data is unreadable without the encryption key.
Audio not retained
Audio recordings are deleted from our servers immediately after transcription. We never store raw call audio. Only the text transcript is kept.
HTTPS everywhere
All traffic between your browser and CloseNote is encrypted using TLS. HTTP connections are automatically redirected to HTTPS.
Salesforce OAuth
We connect to Salesforce using OAuth 2.0. We never see or store your Salesforce password. You can revoke access at any time from Settings.
Security headers
All responses include security headers: X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security, and Referrer-Policy to prevent common web attacks.
Report a vulnerability
Found a security issue? Please disclose it responsibly by emailing [email protected]. We take all reports seriously and will respond within 48 hours.