Security

Last updated: 13 February 2025

Data storage and hosting

We use HTTPS (TLS) for all traffic to and from the Service. Application and database hosting is provided by Supabase and Vercel. Data at rest is held in secure, access-controlled environments with industry-standard security practices and certifications.

Access controls

Access to the Service is authenticated (e.g. magic link or session). Database access is enforced with row-level security (RLS) so that data is scoped by organisation and user: customers and quotes are only visible to authorised users within your organisation. We use role-based access (e.g. owner, admin, staff, viewer) and do not use your data for purposes other than providing and improving the Service, as set out in our Privacy policy.

Payments (Stripe)

Payment processing for customer deposits and balance payments, and for your FieldQuote subscription, is handled by Stripe. We do not store your or your customers’ full card details. Stripe is PCI DSS compliant; card data is processed and stored by Stripe’s systems only.

Security incidents and reporting

If you believe you have found a security vulnerability or need to report a security incident, contact us at support@fieldquote.app (use the subject line “Security” or “Security incident” so we can prioritise). We will acknowledge and investigate reported issues and, where appropriate, work with you to resolve them.

Contact

For security or privacy questions, contact FieldQuote at support@fieldquote.app, or use our Support page.