Security

QuoteAnvil uses encrypted HTTPS connections for data in transit and relies on established infrastructure providers for hosting, authentication, database storage, and payment processing.

Payment details are processed through Stripe. QuoteAnvil does not need to store raw card numbers to run subscription billing or payment workflows.

Accounts are protected through modern authentication flows, session controls, and access checks across dashboard and API routes.

Users should keep passwords private, use secure devices, and remove team members who no longer need access to company records.

Company records, job files, customer photos, project documents, estimates, invoices, and private attachments are scoped to an organization before they can be accessed through product APIs.

Private file buckets use short-lived signed links where appropriate. Public buckets are reserved for assets that must be visible in documents or customer-facing pages, such as logos and selected quote photos.

AI features are designed to help draft estimates, marketing content, project plans, and trade suggestions. Users should avoid entering payment card numbers, Social Security numbers, passwords, or other highly sensitive information into AI prompts.

We review AI workflows for cost controls, credit tracking, and sensible model selection so business data is used only for the requested product feature.

If you believe you have found a security issue, email support@quoteanvil.com with enough detail for us to reproduce and investigate the report.

Please avoid accessing, modifying, deleting, or sharing data that does not belong to you while reporting an issue.