Your shop’s data is your livelihood. Here’s exactly how we keep it safe — every control, every process, written in plain English.
Data at rest
Every byte of shop data is stored in a managed PostgreSQL cluster with AES-256 encryption at the storage layer. Customer PII flagged as sensitive (ID numbers, bank details) gets a second encryption layer via AES-256-GCM with per-shop keys; we can’t read it even if we wanted to.
Database volumes + S3 object storage + backups all encrypted by the provider.
Sensitive PII re-encrypted with a per-shop envelope key in application code.
Encrypted, daily, 30-day rolling retention. Point-in-time recovery to any minute in the last 7 days.
Data in transit
All connections to QuantumRepair are TLS 1.3. HSTS preloaded, min-version enforced, weak ciphers off. Custom domains get automatic free SSL via Cloudflare. Internal service-to-service traffic is mTLS.
Access
Every action gated by one of 30+ named permissions. Change a role, every session updates on next request.
TOTP + recovery codes. Required for owner + manager roles on Scale, recommended for everyone else.
Scoped per shop, rotatable, auto-audited on every call. Compromised key? Revoke in two clicks.
Every sensitive action (refund, role change, export) lives in an append-only log with IP, user agent, and request ID.
Payments
You bring your own Stripe or Square keys. Cards are tokenised at the provider — QuantumRepair never sees a full PAN. Our PCI scope is minimal (SAQ-A territory) because the sensitive data never touches our servers.
People
Engineer access to production is gated by signed SSO + YubiKey + just-in-time role elevation. Every production query is logged, reviewed, and expires in 2 hours. Customer-support impersonation is explicit, time-boxed, and visible to the shop owner in their audit log.
Incident response
We publish post-mortems at status.quantumrepair.app and notify affected shops within 72 hours of confirming an incident. GDPR + state-level breach-notification requirements are met by default.
Found a bug?
Report a vulnerability and we’ll acknowledge within 24 hours, fix within 14 days for anything critical, and publish a public thanks (with your permission). No legal gotchas — see the Responsible Disclosure policy.
DPA, subprocessors list, SOC 2 report (under NDA) — all available on request.