Security
How we protect your account and your data.
Authentication. Sign-in is handled by Supabase Auth, with passwords stored as salted hashes we never see in plain text. You can also sign in with Google or Apple via OAuth, so your credentials never touch our servers at all.
Encryption. All traffic to and from Quantum Accord is encrypted in transit via TLS. Data at rest is encrypted by our infrastructure providers (Supabase/Postgres, Vercel).
Data isolation. Every project is scoped to your account with database-level Row Level Security — the database itself enforces that you can only ever read or write your own rows, not just the application code.
Payments. We never store card, UPI, or bank details. Payments are processed directly by Stripe and Razorpay, both PCI-DSS compliant payment processors, and webhook signatures are verified before we trust any payment event.
Least privilege.Server-side operations that need elevated database access (like payment webhooks) use a separate, tightly scoped service key that's never exposed to the browser.
Reporting an issue.If you believe you've found a security vulnerability, please email support@quantumaccord.co.inwith details — we take reports seriously and will respond promptly. Please don't share vulnerabilities publicly before we've had a chance to address them.