Your security is our foundation.

Minute Notary is a notary public office in Ottawa, Ontario. When you book an appointment, upload a document, or sign in to an account, you are trusting us with sensitive information. We take that seriously, and we build security into every step rather than bolting it on at the end.

This page explains the safeguards in plain language, so you can understand what happens behind the scenes without needing a security background. No single safeguard is ever perfect, so we layer several together, and we keep this page honest about what we do and do not do.

Your documents are the most sensitive thing you hand us, so they get the most careful handling. Files tied to an appointment, including unsigned documents, signer ID photos, and completed notarized PDFs, are routed into controlled Google Drive folders, organized per appointment, and reachable only by authorized notary/admin staff.

• Connections to this website are encrypted in transit (HTTPS), so files are scrambled as they move between your device and us.
• Notary documents are stored in access-controlled Google Drive folders, organized per appointment.
• Download links for private files are temporary and expire after about an hour, so a stale link cannot be reused.
• Public website assets such as blog images may use Cloudflare R2, but your appointment documents and ID photos do not live there.

Access to accounts is protected with industry-standard identity safeguards. We use secure digital keys to verify each sign-in, so only the right person reaches an account:

• Passwords are never stored in plain text. They are protected using a strong one-way hashing method (scrypt), so even we cannot read them.
• Two-factor authentication (an authenticator app plus backup codes) is available to every account, and it is required for staff and admin access.
• Sign-in is rate-limited and protected by an anti-abuse check, so automated guessing attacks are slowed down and blocked.
• Email verification confirms that a new account belongs to a real, reachable address before it is fully active.

Once someone is signed in, role-based access controls decide what they can see and do. Each person gets only the access their job needs, and nothing more:

• Only authorized notary/admin users can view or manage your documents. Regular accounts cannot reach another client’s files.
• Every admin page and every sensitive admin action re-checks who you are and whether you are allowed, on the server, not just in the browser.
• Sensitive actions such as viewing, resending, delivering, or changing the status of a file are logged, so there is an audit trail.

Behind the scenes, the website itself is hardened. We lock down the connection so nobody can read your information while it travels, and we set a layered group of browser security rules on every page:

• HTTPS encryption keeps your information private while it travels online, and HSTS tells browsers to only ever connect securely.
• A Content-Security-Policy and related headers (such as anti-clickjacking and no-sniff rules) reduce the room for common web attacks.
• Cross-origin requests are restricted to a trusted allowlist, so other websites cannot quietly make requests on your behalf.

Remote appointments mean talking face to face over video, so the meeting itself needs to be protected too:

• Online notary appointments are held over Google Meet, which encrypts the video and audio of your call in transit.
• Appointment confirmations and completed-document emails are sent over encrypted (TLS) connections while they are in transit.

When a document is signed online, we do not build the signing engine ourselves. We use a trusted, dedicated e-signature provider so the signing is handled with the care it deserves:

• Electronic signing is handled through SignNow, a dedicated e-signature platform, when a document is signed online.
• Completed documents are routed back into the appointment’s controlled Google Drive folder, alongside the rest of your file.

Security is built into each step, from sign-in to submitting a form. Several protections work together on every request:

• Secure sessions: when you sign in, we issue a signed, secure session cookie that is unique to you and cannot be quietly forged.
• Anti-forgery protection: sensitive actions are accepted only from trusted origins, so a malicious site cannot act in your name.
• Bot protection: forms such as sign-up, login, contact, booking, and chat are guarded by a Cloudflare Turnstile human check.
• Rate limiting: repeated requests to sensitive actions are capped, which slows down abuse and automated attacks.

With these layers working together, your information stays protected while you focus on getting your document notarized.

Holding data longer than necessary is a risk in itself, so we keep working files for a short time and clean up automatically:

• Online booking working files in Google Drive are normally kept for a short post-appointment period (currently up to 7 days) unless law, professional duty, payment, or a support matter requires a longer hold.
• If you use the website chat assistant, messages are scrubbed of detectable personal details before they are stored, and conversations are automatically deleted after about 30 days.
• Abandoned, unpaid booking drafts are automatically cleared after a short checkout window.

The formal notarial record may be kept longer where Ontario law or notarial practice requires it. For the full picture of what we collect and why, see our Privacy Policy.