Security overview

This page explains QuoteChase security practices in plain language. It is not a formal security audit, and it should be reviewed before significant scale or new regulated data types.

Passwords

User passwords and support-agent passwords are stored as salted hashes using a server-side password hashing function. QuoteChase does not store plain-text passwords.

Sessions

Login sessions are stored with hashed tokens. Session cookies are HTTP-only, same-site cookies, and production cookies are marked secure.

Encryption in transit

The production website is intended to be served over HTTPS so data is encrypted in transit between the browser and QuoteChase. Local development environments may use localhost without HTTPS.

Payments

Stripe handles checkout, payment methods, receipts, billing portal access, and card storage. QuoteChase stores Stripe identifiers and billing status, but it does not store full card numbers.

Backups and exports

Operational backups or hosting-level recovery tools may be used for service recovery. They are not a replacement for your own business records. Use dashboard Settings to export quote and customer CSV files whenever you need your own copy.

Account deletion and password reset

Account deletion and password reset support are handled through [email protected] while self-serve flows are still being built.

Service providers

QuoteChase may use providers for hosting, databases, payments, email, analytics, support, and security. Major providers may include Stripe for payments, Resend for email when configured, and the hosting/database providers used to operate the app.

What not to store

Do not store payment card numbers, Social Security numbers, passwords, gate codes, alarm codes, medical information, legal documents, or other sensitive data that is not needed for quote follow-up.

Support

For security, account, or data questions, email [email protected]. Support responses are currently expected within one business day.