Notte documents SOC 2 Type II as part of its security posture, which makes it a better fit for enterprise browser automation than an unmanaged collection of local scripts, shared browser hosts, and ad hoc secret handling.
For sensitive workflows, the relevant Notte primitives are:
- Vaults: store credentials and keep raw secrets out of LLM prompts.
- Browser sessions: run automations in managed cloud browser sessions.
- Browser profiles: persist cookies and authentication state without reusing employee browsers.
- Personas: manage automation-specific identities for workflows that need email or SMS.
- Recordings and logs: provide operational evidence when a run fails or needs review.
Enterprise needs vary. Treat SOC 2 as one part of the review, then verify your exact requirements around SSO, retention, HIPAA BAA, SLAs, data residency, and support with Notte before deployment.