Back to Home
QuoterAgentQuoterAgent

Security & Privacy

Your proposals contain sensitive business data. We take security seriously and are transparent about how we protect your information.

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys and secrets are stored in environment variables, never in code.

Database Security

PostgreSQL on Supabase with Row Level Security (RLS) policies. Each user can only access their own data. Admin operations require service-role authentication.

Authentication

Powered by Supabase Auth with support for email/password and OAuth providers. Sessions are managed server-side with secure HTTP-only cookies.

Infrastructure

Hosted on Vercel (frontend) and Supabase (database, auth, storage) — both SOC 2 Type II compliant. EU region (Frankfurt) for GDPR compliance.

API Security

All API routes are protected via tRPC middleware with authentication checks. Input validation via Zod schemas on every endpoint.

Third-Party Services

AI processing via Anthropic Claude API (no training on your data). Payments via Stripe (PCI DSS Level 1). Emails via Resend (EU region).

GDPR & Data Protection

Designed with European data protection standards in mind

Data stored in EU region (Frankfurt, eu-central-1)
No personal data shared with AI providers for training
Users can request data export and deletion by contacting support
Minimal data collection — only what's needed for the service
Secure session management with automatic expiry
Audit trail for proposal acceptances (IP, timestamp, user-agent)

Data Processing Agreement (DPA)

For enterprise customers requiring a DPA, please contact us. We are happy to provide a signed DPA that covers your data processing requirements.

Request a DPA →
Privacy Policy·hello@quoteragent.com