Security
Practical security for quote workflows.
qraft stores business quote data so small teams can import price lists, draft quotes, publish quote links, and follow up with context. This page explains the controls and boundaries in plain language.
qraft does not claim SOC 2, ISO, HIPAA, or GDPR certification. We will only publish formal compliance claims after the relevant review is complete.
What qraft protects.
The product separates private workspace data from the public quote links you intentionally send to clients.
Price lists, products, customers, draft quotes, and internal settings stay behind dashboard sign-in.
Client quote links are browser-based and shareable. They show the line items, totals, terms, and contact details you publish.
Quote view tracking is limited to practical sales signals such as count and last viewed time.
Users should avoid uploading unnecessary sensitive data that does not belong in a quote workflow.
Current controls.
These controls are active in the app today. The list will expand as qraft moves from pilot to broader launch.
Account access
Dashboard access requires a signed-in account. New email/password signups use email verification, and Google sign-in is available for faster verified access.
Rate limits and audit logs
Login, signup, import upload, AI prompt, and quote publish flows have abuse controls and audit logging around sensitive actions.
Team roles
Admins can manage workspace settings and members. Member visibility can be scoped so sales users see only their own workspace records.
Payment handling
Subscriptions and card collection run through Stripe Checkout. qraft does not receive or store full card numbers.
Vendors and data handling.
qraft uses specialist vendors for hosting, database, payments, transactional email, analytics, monitoring, AI, and file storage.
For the current vendor list, see the subprocessors page. For data rights, retention, cookies, and privacy details, see the privacy policy and cookie policy.
Report a security concern.
Send security issues, suspected abuse, or data-access concerns to support@qrafted.co. Include the affected workspace email, quote link or quote number if relevant, and a short description of what happened.