Compliance

Notify is self-hosted notification infrastructure for cryptocurrency exchanges, fintech operators, and regulated businesses. This page describes how the platform is architected with compliance requirements in mind, and outlines the responsibilities shared between Notify (as software provider) and you (as the operating entity deploying the platform).

Notify is notification infrastructure — it facilitates transactional communications, not financial services, payment processing, or the movement of funds. Notify does not fall under direct financial services regulation (FCA, FinCEN, or equivalent). However, the operators who deploy Notify are typically regulated entities, and this page explains how Notify supports your compliance posture.

Transactional notifications — withdrawal confirmations, deposit alerts, account activity summaries — are part of the broader compliance framework for exchanges. Notify supports your AML programme through: audit logs recording every notification with recipient, template, timestamp, and delivery status; delivery continuity via queue-backed retry ensuring compliance-relevant notifications are not silently dropped; segregated SMTP channels allowing compliance notifications to route through dedicated infrastructure; and soft-delete records providing tamper-evident logs suitable for investigations and audits.

Notify is designed with data protection principles in its architecture. All personally identifiable information (PII) — contact records, notification content, delivery logs — is stored exclusively on your own infrastructure. Notify as a vendor has no access to this data. Additional controls include: encrypted credential storage (AES-256); built-in unsubscribe management with audit logging; full contact deletion including notification history to support right-to-erasure requests; and data minimisation by design — only the data necessary to deliver a notification is collected. As an operator, you are the data controller for all personal data in your Installation and are responsible for your own Privacy Policy and data subject request handling.

Notify is designed for transactional notifications to existing customers with a relationship with your exchange. Platform-level controls include: unsubscribe links supported in all email templates; a contact manager suppression list that prevents sending to unsubscribed contacts; and consent status fields in contact imports to ensure only opted-in contacts receive marketing communications. Operators remain responsible for obtaining appropriate consent, maintaining accurate contact records, and honouring opt-out requests promptly in compliance with CAN-SPAM, CASL, PECR, and equivalent regulations.

Notify ships with KYC notification templates across its exchange packs, covering: verification initiated; documents requested; verification approved; verification rejected (with reason); and KYC expiry and re-verification reminders. These templates can be triggered via the REST API from your KYC workflow system, ensuring timely and compliant customer communications at every stage of the verification process.

Security controls relevant to compliance requirements include: admin UI protected by authentication with API access restricted to valid Bearer keys; all secrets encrypted at rest and never logged or returned in API responses; unique request IDs on every API call for audit correlation; notification jobs processed in isolated queue workers; and HMAC-signed outbound webhook payloads verifiable by receiving systems.

As a regulated entity deploying Notify, your compliance obligations include: maintaining appropriate legal basis for processing customer contact data; publishing an accurate privacy policy covering your notification activities; ensuring your SMTP infrastructure complies with applicable sending regulations; implementing your own AML programme covering transaction monitoring and customer due diligence; retaining notification logs per your jurisdiction's record-keeping requirements; and responding to data subject access and erasure requests from your customers.

For compliance-related enquiries about the Notify platform, contact us at compliance@notify.io. We will respond within 5 business days.