Notify is built for the needs of government services. It has processes in place to:
- protect user data
- keep systems secure
- manage risks around information
On Notify, data is encrypted:
- when it passes through the service
- when it’s stored on the service
Any user data you upload is only held for 7 days.
Data Protection Act
Notify complies with the Data Protection Act. To make sure it stays compliant, there are regular legal reviews of the service’s:
- approach to data sharing
Other technical security controls on Notify include:
- protective monitoring to record activity, and raise alerts about any suspicious activity
- using JSON Web Tokens, to avoid sending API keys when your service talks to Notify
Protect sensitive information
Some messages include sensitive information like security codes or password reset links.
If you’re sending a message with sensitive information, you can choose to hide those details on the Notify dashboard once the message has been sent. This means that only the message recipient will be able to see that information.
User permissions and signing in
You can set different user permissions in Notify. This lets you control who in your team has access to certain parts of the service.
To sign in to Notify, you’ll need to enter:
- your email address and password
- a text message code that Notify sends to your phone
If receiving text messages at work is a problem for your team, contact us about using an email link instead.
How we manage risks on Notify
Things we do to manage risks on Notify include:
- regular updates to the Privacy Impact Assessment
- security impact assessments