Skip to main content
Home/Security
Built for C&I sales teams

Security & data protection.

Your customer pipeline is the most valuable thing in your business. Here's exactly how we keep it safe.

Encryption

  • In transit: TLS 1.2+ (HSTS preload). All app + API traffic is HTTPS-only.
  • At rest: AES-256 across the primary database and document storage.
  • Backups: encrypted snapshots, retained 30 days, restorable on request.

Hosting & isolation

  • Primary infrastructure on AWS, Mumbai (ap-south-1) region for customer data.
  • Edge served via Cloudflare with DDoS protection and WAF.
  • Workload isolation per tenant; database row-level scoping by account.

Access control

  • Mobile OTP signup; password auth for desktop.
  • Role-based access (admin / manager / rep) on Pro and Enterprise plans.
  • SSO via SAML 2.0 / OIDC on Enterprise.
  • Least-privilege internal access; audit logs retained 90 days.

Web application security

  • Strict Content-Security-Policy on quickestimate.co.
  • HSTS preload, X-Frame-Options DENY, Referrer-Policy strict-origin-when-cross-origin.
  • Permissions-Policy disables camera, microphone, geolocation, payment APIs.
  • CORS allow-list strict to first-party origins.

Privacy & compliance

  • Aligned with India's DPDP Act 2023, explicit consent capture, purpose limitation, right to erasure.
  • We never sell or rent customer data. See our Privacy Policy.
  • GST-compliant invoicing; HSN tagged.
  • Data residency: customer pipeline data stays in India.

Incident response

  • Critical security issues triaged within 4 business hours.
  • Customer notification on any confirmed incident affecting their data, within 72 hours.
  • Quarterly review of dependencies for known CVEs.

Report a vulnerability

Found something? We treat reports seriously and respond within one business day.

Email security@quickestimate.co with details and a proof-of-concept. Please don't publicly disclose until we've had a chance to ship a fix.

Procurement & legal

Need a DPA, custom security review, SOC-style questionnaire, or our cyber-insurance certificate? Enterprise customers get all of these.

Request procurement pack