SECURITY
Security and compliance by design.
How QuoterAgent protects proposal data, workspace access, buyer-facing delivery, and commercial workflow integrity.
01
Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys and secrets are stored in environment variables, never in code.
02
Database Security
PostgreSQL on Supabase with Row Level Security (RLS) policies. Each user can only access their own data. Admin operations require service-role authentication.
03
Authentication
Powered by Supabase Auth with support for email/password and OAuth providers. Sessions are managed server-side with secure HTTP-only cookies.
04
Infrastructure
Hosted on Vercel (frontend) and Supabase (database, auth, storage), using providers with SOC 2 Type II compliance programs. EU-region hosting supports GDPR-oriented operations.
05
API Security
Authenticated product operations use tRPC and API handlers with ownership checks and typed input validation where implemented. Public proposal access is token-scoped.
06
Third-Party Services
AI processing via Anthropic Claude API (no training on your data). Payments via Stripe (PCI DSS Level 1). Emails via Resend (EU region).
Data protection
GDPR & Data Protection
Designed with European data protection standards in mind
- Data stored in EU region (Frankfurt, eu-central-1)
- No personal data shared with AI providers for training
- Users can request support-assisted data export and deletion where legally applicable
- Minimal data collection — only what's needed for the service
- Secure session management with automatic expiry
- Audit trail for proposal acceptances (IP, timestamp, user-agent)
Responsible support
Data Processing Agreement (DPA)
For enterprise customers requiring a DPA, please contact us. We are happy to provide a signed DPA that covers your data processing requirements.
Request a DPA →