How we protect your data
This page is maintained by the Quotient team to answer common security and privacy questions about the product. It describes the controls in place today and is editable project content — it is not an independent audit or certification.
Accounts are protected by email/password or Google sign-in. Access to your workspace requires authentication on every request.
- Sign-in via secure email/password or Google OAuth.
- New members join by invitation only — open self-registration is disabled.
- Role-based permissions (admin, sales rep, viewer) limit what each member can see and do.
Every record is protected by row-level access rules enforced in the database, not just in the interface.
- Sales reps only access the customers, quotes, and agreements they own (subject to your workspace visibility setting).
- Administrators manage member activation and roles; members cannot change their own role or activation status.
- Deactivated members lose access immediately.
Traffic between your browser and the application is encrypted using HTTPS/TLS. Data and files are stored on managed cloud infrastructure with encryption at rest provided by the hosting platform.
Generated documents and signed contracts are kept in private storage buckets. They are never publicly listable.
- Files are served through short-lived, signed access links rather than public URLs.
- Signed-document records are scoped to the agreement folder they belong to.
Quotient is built and hosted on the Lovable platform, which provides the underlying application hosting, managed database, authentication, and storage. This describes platform capabilities we rely on and is not an independent certification.
Signing workflows capture an audit record alongside each completed document so you can verify when and how an agreement was signed.
Your workspace data remains available while your account is active. If you need data exported or deleted, contact us and we will assist.
Security is a shared effort. The hosting platform secures the underlying infrastructure, database, and storage. The Quotient team configures access rules, roles, and application logic. As a customer, you are responsible for keeping your credentials safe, managing who you invite, and assigning appropriate roles.
If you believe you have found a vulnerability or have a security question, please reach out to security@quotient.app. We appreciate responsible disclosure and will respond as quickly as we can.
This page reflects current practices and may be updated over time. For specific contractual, compliance, or data-processing commitments, please contact the Quotient team.