Security posture.
Specifics, not slogans.

Quotify supports single sign-on only via Google and Apple. We never store passwords; there is no password reset surface to attack. Sessions use HttpOnly, Secure, SameSite=Lax cookies signed with a server secret. Cookie cache TTL is 5 minutes — invalidations from the auth database propagate within that window.

Apple Sign-In uses a JWT-signed client secret rotated every six months. Google uses standard OAuth 2.0 with PKCE.

• —All traffic is HTTPS (HSTS preload). Certificates are managed by the hosting provider.
• —Data at rest in PostgreSQL is encrypted via the managed-database provider's volume-level encryption.
• —Static assets and PDFs are served over HTTPS only.
• —Database backups are encrypted and retained for 30 days; full purge after 90 days for deleted workspaces.

Every Quotify share URL contains a 16-byte random token (base64url, 128 bits of entropy) — well beyond the threshold for being unguessable. Tokens are stored in the database without secondary hashing because they are themselves the credential.

Optional gates on top:

• —Password protection — passwords are hashed with a modern memory-hard algorithm before storage.
• —Email allow-lists — only addresses you specify can verify and unlock the quote.
• —Expiration & revocation — set an expiry date, or revoke any link instantly from the quote detail page. Revoked links 404 immediately.

When a client accepts a quote, Quotify captures:

• —Signer name (typed or printed).
• —Signature method (drawn-with-finger or typed).
• —Signature image data (for drawn signatures).
• —Server-side timestamp.
• —IP address as reported by the edge proxy (x-forwarded-for).
• —User-agent string and country (derived from cf-ipcountry header where available).

The audit trail is immutable from the client's side and stored alongside the quote forever (until you delete the quote).

Quotify uses a small, deliberate set of infrastructure providers:

• —PostgreSQL — primary database (transactional content, accounts, events).
• —Resend — transactional email delivery.
• —Anthropic — Claude model only for opt-in AI features. Per Anthropic's commercial terms, your prompts and outputs are not used to train their models.
• —Apple / Google — sign-in providers only. They learn that you signed into Quotify; they do not see your quote content.
• —App Store (Apple) — handles Pro/Business subscription billing; we never see card details.

See the Privacy policy for full data-flow context.

• —No third-party analytics SDK, no marketing pixel, no session-replay tool.
• —No advertising cookies; the only cookies are session cookies for auth.
• —No selling, renting, or sharing of customer or quote data to anyone for marketing.
• —No training of any model on your data, ours or third-party.

• —Secrets — API keys, Apple JWT, OAuth client secrets — are stored in the hosting provider's encrypted env-var store. Never committed to source.
• —Application logs (request paths, error stacks) are retained 30 days. Quote content is never logged.
• —Server runtime is automatically patched via the hosting provider. Major framework upgrades are tested in staging first.
• —Database migrations are reviewed before running against production.

Every database query that touches user content includes a userId = ? filter enforced by application code in the server functions. Public share-page queries go through a separate verification path that does not require authentication but validates the share token first.

PDF generation server functions accept either an owner ID (for in-app preview) or a verified share token (for public download) — the two code paths are deliberately distinct.

Quotify is operated by a sole proprietor in Taiwan. We currently do not hold formal SOC 2, ISO 27001, or similar certifications — we'd rather under-promise and over-deliver than carry a badge that costs more than the engineering it certifies.

We honour data-subject requests under GDPR / UK GDPR / CCPA. Email hello@quotify.app and we'll respond within 7 days.

We don't run a paid bug-bounty program yet, but we appreciate responsible disclosure. Email hello@quotify.app with steps to reproduce. We'll acknowledge within 48 hours, fix critical issues quickly, and credit you in the changelog if you'd like.