Trust & Security
Quotd reads your call recordings, CRM, emails, and Slack to build deal briefs. That means we take security seriously at every layer.
Quotd connects to your sales stack to generate pre-call briefs and post-call debriefs delivered to Slack DM, HubSpot sidebar, and HubSpot timeline notes.
We integrate with:
Every integration follows the principle of least privilege. We request only the scopes required and never bulk-export your data.
Integration Security
Gong, Fathom, Granola, and Fireflies integrations use OAuth 2.0 with scoped permissions. We request only the access needed to read transcripts.
HubSpot integration uses OAuth with granular scopes. Deal, contact, and company data is fetched on demand and never bulk-exported.
Email integration is read-only with scoped OAuth tokens. We access only deal-relevant threads, never your full inbox.
Slack integration delivers briefs to your DM. We read only channels you explicitly connect. Bot tokens follow least-privilege principles.
Infrastructure
All data encrypted via TLS 1.3. Call recordings, CRM data, emails, and Slack messages are protected between every connection.
AES-256 encryption for all stored data via Supabase, powered by AWS infrastructure.
Vercel edge network with SOC 2 Type II certified infrastructure and global CDN.
Supabase (SOC 2 Type II certified), built on AWS with automated failover.
AES-256-GCM encryption for OAuth tokens and API credentials with per-value random initialization vectors.
Application Security
Passwordless OTP with cryptographic token generation. Account lockout after failed attempts.
Row-Level Security (RLS) on every database table ensuring strict tenant isolation. Your deal data is never visible to other accounts.
SHA-256 hashed and never stored in plaintext. Full support for expiry and revocation.
Comprehensive sanitization against XSS, SQL injection, and prompt injection attacks.
Content-Security-Policy, HSTS, X-Frame-Options, X-Content-Type-Options, and more.
Multi-layer protection: per-IP, per-user, and per-endpoint throttling.
AI Security
Anthropic Claude with a zero data retention policy on API calls. Your call transcripts, CRM records, and emails are never used for model training.
Call recordings and deal data are processed ephemerally to generate briefs. Not stored in AI provider systems.
Multi-layer prompt injection prevention protects the integrity of your deal briefs and debriefs.
All AI interactions logged with metadata for compliance and forensic review.
Data Protection
Full data export and right-to-erasure endpoints available on request.
US-based infrastructure on AWS us-east-1 with known data locality.
Row-level security ensures no cross-tenant data access at the database level. Your deals stay yours.
Automated daily backups with point-in-time recovery for disaster resilience.
HMAC-SHA256 signed payloads with timestamp validation and replay attack protection.
Compliance
All infrastructure providers (Vercel, Supabase, AWS) maintain SOC 2 Type II certification with annual audits.
Full data export and right-to-erasure capabilities. Data processing agreements available on request.
Working toward SOC 2 Type II certification for Quotd as an organization. Security practices reviewed quarterly.
Reach out at security@quotd.sh
For responsible disclosure of vulnerabilities, email the same address. We respond within 24 hours.