Security at Quotara
Your procurement data is sensitive. Here's how we protect it at every layer.
Encryption in Transit
All communication between your browser and Quotara is protected by HTTPS with TLS 1.2 or higher. Connections over plain HTTP are automatically redirected to HTTPS. Our hosting provider (Vercel) provisions and auto-renews TLS certificates.
Encryption at Rest
Your data is stored on Supabase (managed PostgreSQL). Supabase encrypts all data at rest using AES-256. Database backups are also encrypted and stored securely.
Row-Level Security
We enforce row-level security (RLS) policies at the database layer using Supabase's built-in RLS engine. Every query is automatically filtered so users can only read and write their own data — even if application-level code has a bug, the database enforces the boundary.
Authentication
Authentication is handled by Supabase Auth, which issues short-lived JWTs that are re-validated on every server request. Passwords are hashed with bcrypt. We support email/password login with plans for SSO in a future release.
AI Document Processing
Quote documents and job details sent to our AI features are processed via the Anthropic API. Anthropic operates under a zero data retention policy for API requests — document contents are not stored, logged, or used to train AI models. Data is transmitted over TLS and never persisted by Anthropic.
Hosting Infrastructure
Quotara is deployed on Vercel's edge platform, which provides automatic DDoS protection, global CDN distribution, and isolated serverless function execution. Our infrastructure does not share compute resources with other tenants in a way that could expose your data.
Found a vulnerability?
We take security reports seriously and appreciate responsible disclosure. If you discover a potential security issue, please email us directly rather than posting publicly. We aim to respond within 48 hours.
Report a vulnerability