Security & Trust

How we protect your business data

Infrastructure & Hosting

  • Database:Google Firebase (Firestore) - SOC 1, SOC 2, SOC 3, ISO 27001 certified data centers
  • Data Privacy:Your business data is encrypted and isolated. Per Firebase's terms, Google cannot access or use your data for advertising, training, or any purpose beyond providing the service.
  • Hosting:Vercel - Enterprise-grade infrastructure with automatic SSL/TLS encryption
  • Authentication:Firebase Authentication - Industry-standard OAuth 2.0 and secure session management
  • Payments:Stripe - PCI DSS Level 1 certified (we never see or store card numbers)
  • Region:United States data centers (us-central1)

Data Encryption

  • In Transit: All data encrypted via TLS 1.3 (HTTPS everywhere)
  • At Rest: Firebase encrypts all stored data using AES-256
  • Backups: Automated daily backups with encryption
  • Passwords: Securely hashed by Firebase Auth (we cannot see your password)

Access Controls

  • Business Isolation: Your data is strictly separated from other businesses
  • Role-Based Access: Team members only see what they need (owner, admin, worker roles)
  • Security Rules: Database rules enforce that users can only access their own business data
  • Session Management: Automatic session expiration and secure token refresh

Data Portability (No Lock-In)

Your data belongs to you. You can export everything at any time:

  • Customers (CSV/JSON)
  • Invoices and Quotes (CSV/JSON)
  • Calendar Events (CSV/JSON)
  • Expenses and Financial Data (CSV)
  • Services and Pricing (CSV/JSON)

Export from: Business Settings → Data Export

Security Incident Response

If a data breach occurs:

  1. Within 72 hours: We will notify all affected users via email
  2. Disclosure: We will explain what data was affected and how
  3. Remediation: We will detail steps taken to resolve the issue
  4. Prevention: We will explain measures to prevent future incidents

We maintain logs of all data access for security auditing.

What We Don't Do

  • We never sell your data to third parties
  • We never use your customer data for marketing
  • We never share data with advertisers
  • We never train AI models on your business data
  • We never access your account without your explicit permission

Third-Party Services We Use

ServicePurposeData Shared
Firebase (Google)Database, Auth, StorageAll app data (encrypted)
VercelHostingServer logs only
StripePayment ProcessingPayment info (card data never touches our servers)
ResendEmail DeliveryEmail addresses, invoice content
Anthropic (Claude AI)Text EnhancementOnly text you choose to polish (not stored)
Google MapsAddress AutocompleteAddress queries only

Updates & Support

  • Updates: Deployed automatically with zero downtime
  • Security Patches: Applied promptly as vulnerabilities are discovered
  • Uptime: 99.9% target uptime via Vercel's infrastructure
  • Support: Email support for all users

Security Questions?

If you have security concerns or want to report a vulnerability, contact us through your account settings or reach out to the business owner directly.

Security practices reviewed regularly. Page last updated: January 2026

© 2026 TrustQuote. All rights reserved.

Privacy PolicyTerms of ServiceSecurityDisclaimer

By using this service, you agree to our terms and privacy policy. TrustQuote is a software tool - you are responsible for invoice accuracy and business operations.