Encryption

All traffic between your phone and QuoteKit runs over TLS 1.2+. Your media files, quotes, and customer details are encrypted at rest with AWS-managed KMS keys.

Data residency

Everything stored for QuoteKit lives in AWS ap-southeast-2 (Sydney). Your data does not leave Australia.

Authentication

Sign-in is passwordless: email-OTP or Google / Microsoft single-sign-on. We never store password hashes — there's nothing for us to lose.

Access control

Each tradie's data is isolated by their account ID at the database level. Our internal team cannot read your customer details or quote contents.

Vulnerability disclosure

Found a security issue? Email [email protected]. We acknowledge reports within one business day. Please don't disclose publicly until we've had a chance to fix and roll out.

Compliance

We're a small team in private beta and do not yet hold formal compliance certifications (SOC 2, ISO 27001). The platform is built on AWS infrastructure that does — see AWS compliance programs for the underlying controls.