QuoterAgent

SECURITY

Security for governed proposal work.

How QuoterAgent protects proposal data, workspace access, buyer-facing delivery, and commercial workflow integrity without treating generated content as proof.

Data protection

Proposal planning boundaries

Quoter Briefs and Plan Preview guide proposal structure, caveats, missing inputs, and source boundaries. They do not prove facts or verify compliance. Source material remains authoritative, and human review remains required before external use.

01

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys and secrets are stored in environment variables, never in code.

02

Database Security

PostgreSQL on Supabase with Row Level Security (RLS) policies. Each user can only access their own data. Admin operations require service-role authentication.

03

Authentication

Powered by Supabase Auth with support for email/password and OAuth providers. Sessions are managed server-side with secure HTTP-only cookies.

04

Infrastructure

Hosted on Vercel (frontend) and Supabase (database, auth, storage), with EU-region data storage for the primary database and operational controls that support data-protection-oriented workflows.

05

API Security

Authenticated product operations use tRPC and API handlers with ownership checks and typed input validation where implemented. Public proposal access is token-scoped.

06

Third-Party Services

AI processing via Anthropic Claude API (no training on your data). Payments via Stripe (PCI DSS Level 1). Emails via Resend (EU region).

Data protection

GDPR & Data Protection

Designed with European data protection standards in mind

  • Data stored in EU region (Frankfurt, eu-central-1)
  • No personal data shared with AI providers for training
  • Users can request support-assisted data export and deletion where legally applicable
  • Minimal data collection — only what's needed for the service
  • Secure session management with automatic expiry
  • Audit trail for proposal acceptances (IP, timestamp, user-agent)

Responsible support

Data Processing Agreement (DPA)

For enterprise customers requiring a DPA, please contact us. We are happy to provide a signed DPA that covers your data processing requirements.

Request a DPA →

Related trust pages

Privacy Policy

How personal data, workspace information, and proposal content are handled.

Terms of Service

The terms that govern access, subscriptions, acceptable use, and service boundaries.