// Trust & Security Report

    Notta Inc. (Notta 株式会社) logo

    Notta Inc. (Notta 株式会社)

    AI-powered meeting notetaker and transcription platform with multi-format support (web, mobile, desktop, Chrome extension) supporting 58 languages; integrates with Zoom, Teams, Google Meet, Webex; includes Notta Brain for AI-generated summaries, infographics, and presentations.

    Certifications held

    5

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Enterprise-grade security: SOC 2 Type II certified, GDPR compliant

    Verify on notta.ai
    ISO 27001
    HELD

    Notta is SOC2 Type II and ISO 27001 certified; ISO 27001 appears in the certifications listed on Notta's security page.

    Verify on notta.ai
    GDPR
    HELD

    SOC 2 Type II certified, GDPR compliant (homepage FAQ); GDPR is also among the certifications listed on Notta's security page (ISO 27001, SOC 2, CCPA, GDPR, SSL, APPI).

    Verify on notta.ai
    CCPA
    HELD

    CCPA is among the certifications listed on Notta's security page (ISO 27001, SOC 2, CCPA, GDPR, SSL, APPI).

    Verify on notta.ai
    APPI (Japan)
    HELD

    APPI is among the certifications listed on Notta's security page (ISO 27001, SOC 2, CCPA, GDPR, SSL, APPI). APPI is Japan's Act on the Protection of Personal Information, a data protection law that Notta lists alongside its certifications.

    Verify on notta.ai
    > Show 1 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA compliance or certification on Notta's security page, and no Business Associate Agreement (BAA) offering is documented publicly. Based on absence of any HIPAA mention, not on a vendor statement.

    source: notta.ai

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    Notta hosts on Amazon Web Services (AWS), confirmed on its security page. Tier-based regional residency (US default, with EU/Japan/Australia options for Enterprise) is reported by third parties but is not documented on Notta's public security page; treat the specific regional-residency tiers as unverified.

    By default, some customer conversations, notably Japanese-language transcriptions, may be used to train Notta's AI models on non-Enterprise plans; only Enterprise customers can contractually disable this. Notta provides a 'Disable AI features' help-center control. Reporting is inconsistent on whether paid Pro/Business data is included (some sources state paid-account data is not used for model training), and non-Japanese data is reported as not used for training. Set to true because a documented default-on training path exists for at least Japanese-language data on non-Enterprise tiers.

    // Security controls

    Encryption in transit

    TLS 1.2

    notta.ai

    Encryption at rest

    AES-256

    notta.ai

    Infrastructure provider

    Amazon Web Services (AWS)

    notta.ai

    Vulnerability scanning

    Regular vulnerability scanning across production infrastructure, applications, and networks

    notta.ai

    Penetration testing

    Periodic penetration testing conducted

    notta.ai

    Leadership

    Chief Privacy Officer (CPO) and Chief Information Security Officer (CISO) in place

    notta.ai

    // Products & data scope

    Notta Web AppBrowser-based transcription and note-taking

    data: Recordings, transcripts, and AI-generated summaries

    Accessible via www.notta.ai/en

    Notta Mobile (iOS/Android)Mobile recording and transcription

    data: On-device and cloud recordings, transcripts

    Full synchronization across all platforms

    Notta Desktop AppDesktop recording with full-screen capture

    data: Screen recordings, audio, webcam, system audio

    Simultaneous multi-window recording capability

    Notta Chrome ExtensionBrowser-based real-time transcription

    data: Webpage audio and video transcription

    YouTube, podcast, webinar transcription support

    Notta Brain (AI Layer)AI-powered insight generation

    data: Transcript analysis and content generation

    Auto-generates summaries, infographics, presentations, action items from recordings

    Meeting IntegrationsNative platform integrations

    data: Meeting audio and metadata

    Zoom, Microsoft Teams, Google Meet, Webex supported for automatic recording without manual intervention

    // What to watch

    • Default-on AI training on non-Enterprise plans applies to at least Japanese-language conversations; only Enterprise customers can contractually disable training. Reporting is inconsistent on whether paid Pro/Business data is included, so GDPR-regulated or privacy-sensitive teams should confirm the opt-out scope directly with Notta before relying on it.
    • Homepage markets 'SOC-2, GDPR and more'; Notta does hold SOC 2 Type II, ISO 27001, GDPR, CCPA and APPI, so the badge is accurate, but the vague 'and more' should not be read to imply HIPAA coverage.
    • No public evidence of HIPAA compliance or a Business Associate Agreement (BAA) on Notta's security page. Healthcare organizations should not assume HIPAA coverage and must verify directly with Notta before uploading PHI.
    • Data residency: AWS hosting is confirmed, but the specific tier-based regional-residency claim (US default; EU/Japan/Australia for Enterprise) is not documented on Notta's public security page and could not be verified on the vendor domain. Confirm regional-residency options with Notta if required for compliance.
    • Japanese-language transcription default behavior differs from other languages: it is reported to contribute to AI training by default unless Enterprise is selected, while non-Japanese data is reported as not used for training.
    • DPA availability by tier could not be confirmed on the vendor domain; the earlier 'Business tier or above' claim rested on third-party search snippets. Confirm DPA availability directly with Notta.

    // At a glance

    Pricing model

    Freemium: Free tier (200 min/month), Pro ($8.17/month annual), Business, Enterprise tiers with feature/data protection escalation

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Notta Inc. (Notta 株式会社)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    notta.ai

    > Browse all vendor trust reports