This page is maintained by [App Owner] to answer common security and privacy questions about Quantara Flow AI. It describes controls that are enabled today. It is not a certification or independent audit.
Shared responsibility
[App Owner] operates the platform, its infrastructure and its access controls. You, as the customer, are responsible for the accuracy of your account data, the content your team uploads, who you grant tenant access to, and the lawful basis under which you process end-customer personal data through the Service.
Email/password with hashed credentials, Google OAuth, per-user session management. Multi-factor available.
Row-level security policies enforce that every read and write is scoped to the caller's tenant at the database layer.
TLS 1.2+ for data in transit. Primary datastore encrypted at rest by the platform. Secrets kept server-side, never shipped to the browser.
Authentication events, role changes, KB publishing and incident publishing are recorded in a tenant-scoped audit trail.
Hosted on Lovable Cloud infrastructure. EU region available on request for customers with data-residency requirements.
Automated dependency scanning and periodic security review. Findings are triaged and tracked to closure.
Incident response
We investigate reported incidents on a 24/7 basis. Confirmed personal data breaches affecting customers are notified without undue delay and no later than 72 hours after confirmation. Contact: security@[your-domain].
Vulnerability reporting
We welcome responsible disclosure. Please email security@[your-domain] with reproduction steps. Do not test against production customer data. We aim to acknowledge within 3 business days and coordinate fixes and public disclosure with you.
Compliance posture
The Service is designed to help customers meet their GDPR and UK GDPR obligations. We offer a Data Processing Addendum incorporating the EU Standard Contractual Clauses. We do not currently hold SOC 2, ISO 27001 or HIPAA attestations; please contact us if you require a specific compliance framework.
Contact
- Security incidents & vulnerabilities — security@[your-domain]
- Privacy & data subject requests — privacy@[your-domain]
- General — hello@[your-domain]