Security & Compliance

We protect your data with modern cloud infrastructure, encrypted communication, and industry-standard security practices.

Infrastructure Security

Built on enterprise-grade cloud infrastructure

Cloudflare Security Layer

All traffic served behind Cloudflare secure infrastructure.

  • DDoS protection
  • Encrypted SSL/TLS
  • Global edge network

Vercel Hosting (Enterprise Grade)

boqs.app runs on Vercel, ensuring fast, secure, globally distributed execution.

  • HTTPS everywhere
  • Build isolation
  • Strict environment variable protection

Firebase Authentication

Secure authentication for clients and internal systems.

  • Encrypted tokens
  • Single-tenant isolation
  • Access control

Data Protection

Your data is encrypted, secured, and never shared

Your BOQs, client details, and proposals are encrypted in transit.

We never store your data in third-party unsafe systems.

Datasheets and product images stored securely in Cloudflare R2.

Security Highlights

Encrypted API traffic
Secure storage
Access-key rotation
Zero direct database exposure

API Security

All API calls require authentication and run through secure edge functions.

Authorization: Bearer <API_KEY>
API keys hashed and encrypted
No public endpoints
Rate-limit friendly structure
Cloudflare proxy shielding

AI & Data Privacy

AI processing happens securely using OpenAI enterprise-grade endpoints. No customer proposals or BOQs are used for model training.

No training on customer data

Your proposals and BOQs are never used to train AI models

Temporary processing only

AI processing happens in real-time and data is not retained

Opt-out mechanisms

Full control over AI features and data processing preferences

Compliance & Standards

Enterprise-ready compliance and best practices

GDPR-Friendly Design
Encrypted Storage (Cloudflare R2)
Secure Authentication (Firebase)
ISO-Inspired Practices
Audit-ready PDF outputs
Vendor data traceability

Incident Response

Fast, transparent, and proactive security management

Continuous Monitoring

We monitor system health continuously to detect and prevent issues before they impact users.

Instant Security Fixes

Security fixes deployed instantly through Vercel atomic deploys with zero downtime.

Proactive Notifications

In case of any issue, clients are notified proactively with clear status updates.

Have security questions?

Our security team is here to answer your questions and provide detailed technical reviews.

Book a Call