Legal

Security & Trust

Last updated: July 8, 2026

This page is maintained by [App Owner] to answer common security and privacy questions about Quantara Flow AI. It describes controls that are enabled today. It is not a certification or independent audit.

Shared responsibility

[App Owner] operates the platform, its infrastructure and its access controls. You, as the customer, are responsible for the accuracy of your account data, the content your team uploads, who you grant tenant access to, and the lawful basis under which you process end-customer personal data through the Service.

Authentication

Email/password with hashed credentials, Google OAuth, per-user session management. Multi-factor available.

Tenant isolation

Row-level security policies enforce that every read and write is scoped to the caller's tenant at the database layer.

Encryption

TLS 1.2+ for data in transit. Primary datastore encrypted at rest by the platform. Secrets kept server-side, never shipped to the browser.

Audit logging

Authentication events, role changes, KB publishing and incident publishing are recorded in a tenant-scoped audit trail.

Regional hosting

Hosted on Lovable Cloud infrastructure. EU region available on request for customers with data-residency requirements.

Vulnerability management

Automated dependency scanning and periodic security review. Findings are triaged and tracked to closure.

Incident response

We investigate reported incidents on a 24/7 basis. Confirmed personal data breaches affecting customers are notified without undue delay and no later than 72 hours after confirmation. Contact: security@[your-domain].

Vulnerability reporting

We welcome responsible disclosure. Please email security@[your-domain] with reproduction steps. Do not test against production customer data. We aim to acknowledge within 3 business days and coordinate fixes and public disclosure with you.

Compliance posture

The Service is designed to help customers meet their GDPR and UK GDPR obligations. We offer a Data Processing Addendum incorporating the EU Standard Contractual Clauses. We do not currently hold SOC 2, ISO 27001 or HIPAA attestations; please contact us if you require a specific compliance framework.

Contact

Detailed control descriptions and evidence available under NDA on request.