LaunchNotes Security Posture

Privacy and security are core functions of the LaunchNotes platform, as well as foundational requirements for all new feature development. Earning and keeping the trust of our customers is our top priority, so we hold ourselves to the highest privacy, security, and compliance standards.

Privacy compliance and data processing

We take the protection of your information seriously, and we comply with all applicable privacy laws and regulations.

You can learn more about LaunchNotes’s privacy practices in our Data Retention Policy and Disclosure Policy, and learn more about LaunchNotes’s commitment to compliance with the General Data Protection Regulation (“GDPR”) here.

Our Data Processing Addendum is available for your review. In addition, you can find a current list of LaunchNotes’ data subprocessors at the end of the DPA and at this link.

Network and system security

When you visit the LaunchNotes website or app, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. At rest, LaunchNotes encrypts data using AES-256.

LaunchNotes servers are located in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.

Penetration test and report

LaunchNotes has engaged BSK Consulting LLC to provide a penetration test against our internal and internet-facing information technology infrastructure. Testing was performed remotely via internet in-testing environment. Finding categories, severities, and CVSS scores are aligned with LaunchNotes standards. The report is available upon request.

Business continuity: 99.97% uptime

LaunchNotes utilizes industry-leading Google Cloud hosting infrastructure. Backups are redundantly replicated across multiple availability zones for data durability. LaunchNotes maintains business continuity and disaster recovery plans. Components of the disaster recovery plan include an operations playbook, which is regularly reviewed and rehearsed. A review of LaunchNotes business continuity performance is available upon request.

Product security

Within the LaunchNotes product, collaborator permissions can be managed through the management portal. These permissions allow you to control who you share a project with and whether they can modify the projects that you’ve shared with them. LaunchNotes also enables you to restrict access to a project or view share link with a password or with an email domain.

LaunchNotes recommends enabling two-factor authentication (2FA) for your account if you’re using password-based authentication. LaunchNotes supports SAML-based Single Sign On (SSO) and additional administration features for teams on the Business and Enterprise plans. Additional information is available here.

Organizational and information security

LaunchNotes vets employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.

Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.

LaunchNotes maintains separate production and testing environments.

Application security

LaunchNotes runs automated application-level security scans on a daily basis, package dependency security advisory scans on a weekly basis, and endpoint scans on a monthly basis. In addition to internal scans, LaunchNotes commissions external penetration tests on a regular basis.

As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by LaunchNotes.

GDPR Compliant and AICPA SOC badges

How to report an issue

If you believe you've discovered a security-related issue, please report the issue to